Identity and Access Management Engineer

About UCLA Information Security

The UCLA Information Security team enables UCLA’s mission by providing leadership and expertise that assures the confidentiality, integrity, safeguarding, and availability of the university’s digital information resources. The Information Security team enables efficient campus wide cyber incident detection and response procedures. In addition, the team implements risk management strategies to identify vulnerabilities and threats to campus information resources and enterprise systems. This includes executing a comprehensive information security plan, centered on implementing and enforcing technical and physical security measures to treat identified risks based on their sensitivity or criticality.

About the Identity & Access Management Team

The Identity & Access Management team protects UCLA’s resources and digital assets as well as supports university business operations through effective and seamless access management. This includes account lifecycle management, authentication, and role-based access controls at the enterprise level. The IAM team is responsible for managing digital identities and ensuring the proper access controls are in place ensuring sensitive information protection. The team drives the creation and management of university IDs for faculty, staff, and students and the IAM infrastructure to guarantee secure and efficient access to information systems and resources. Furthermore, the team implements rigorous regulation of entitlements through granular access control and the auditing of all digital identities managed by UCLA by adhering to the best practices and latest regulatory standards.

Job Summary

The Identity & Access Management (IAM) Engineer will be responsible for the development, implementation, configuration, integration and maintenance of IAM solutions that align with the university's security policies and requirements. This role involves ensuring secure, compliant, and efficient management of identities, credentials, and access controls across all internal and external systems. The IAM Engineer will apply their technical expertise in automation, orchestration, and programming to optimize IAM processes and improve overall efficiency of IAM systems, ensuring seamless integration across various platforms. The IAM engineer is responsible for evaluating hosting platforms, and configuration technologies ensuring consistency between production and non-production environments. This role will collaborate closely with the IAM Director, IAM and the IAM Analysts, as well as various departments across the university and external vendors to maintain and enhance the security and usability of the IAM framework and, to ensure that access and identity data is granted to users in a secure, compliant, and efficient manner. The IAM Engineer will positively impact UCLA's operations and culture by protecting University stakeholders' information and data in service of the institution's academic mission. This team member will advance the University's mission by delivering exceptional security service comprehensively and consistently across faculty, staff, and students. This role will execute UCLA's vision while modeling UCLA's culture and values.

Key Responsibilities

• Develop, implement, configure, integrate, and maintain IAM solutions.
• Ensure secure, compliant, and efficient management of identities, credentials, and access controls.
• Apply technical expertise in automation and orchestration to optimize IAM processes.
• Evaluate hosting platforms and configuration technologies for consistency.
• Collaborate with various stakeholders and external vendors.
• Protect university stakeholders' information and data.

Qualifications

• 3 years experience working in cybersecurity, computer science, computer information systems, or related field (Required).
• Advanced experience using identity and access tools and systems in a distributed IT environment (Required).
• Hands-on experience with directory services (e.g., Active Directory, LDAP), authentication, and federation (e.g., SSO) technologies (Required).
• Hands-on experience with multi-factor authentication (MFA) solutions (Required).
• Experience participating in activities to advance an inclusive environment (Required).
• 5+ years experience in related fields (Preferred).
• Experience in complex higher education environments (Preferred).
• Demonstrated skills applying authentication and account management standards to vendor provisioning solutions (Required).
• Advanced knowledge of IAM infrastructure deployment and configuration (Required).
• Proficient in scripting and programming languages (e.g., PowerShell, Python, Java) (Required).
• Demonstrated expertise in technologies and products such as: SCIM, J2EE, Java Servlets, XML, Web Services, Perl/CGI, SSL, etc. (Required).
• Strong written and verbal communication skills (Required).
• Ability to establish and advance positive working relationships (Required).
• Strong organizational skills and ability to balance competing priorities (Required).
• Strong demonstrated problem-solving skills (Required).
• Creative thinking and ability to propose innovative ideas (Required).

Key skills/competency

Identity and Access Management, IAM Solutions, Cybersecurity, Computer Science, Directory Services, Active Directory, LDAP, Authentication, Federation, Single Sign-On (SSO), Multi-Factor Authentication (MFA), Automation, Orchestration, Scripting, PowerShell, Python, Java, SCIM, J2EE, XML, Web Services, SSL.