Identity and Access Management (IAM) Engineer
Company:
Metropolitan State University of Denver
Job Location:
Denver, 80217-3362
Category:
Network/System Administrator
Type:
Full-Time
Location: Denver, Colorado
Department
Enterprise Systems
Reporting to the Associate Director of Enterprise Systems, the Identity and Access Management (IAM) Engineer will assist with the design, implementation, and ongoing management of an updated IAM vision that aligns with industry-recognized practices, frameworks, and regulations. You will contribute directly to IAM component designs, IAM service development, integration, and implementation, identifying areas for automation and orchestration to secure, automate, and scale IAM practices.
You will work alongside Enterprise Administrators and collaborate with all ITS business units to support operations of university wide IAM services for students, faculty, staff, parents, alumni, guests, vendors, and University technology partners.
40% IAM Systems Design and Analysis
You'll apply your expertise in IAM frameworks, systems, and protocols to design, develop, maintain, and enhance the University's IAM platforms. This includes designing identity lifecycle management, access provisioning and deprovisioning processes, single sign-on (SSO), multi-factor authentication (MFA), role-based access control (RBAC), and other IAM components.
You'll work with cross-functional teams, including IT, security, compliance, and business units, to gather requirements, address concerns, and ensure the successful implementation and operation of IAM solutions. This includes designing core architecture to allow not just for the assignment of identities and access privileges to individuals but to applications, services, and processes as well.
40% IAM System Administration and Support
You'll administer the IAM platform by supporting third-party integrations, migrating code into production, performing upgrades, troubleshooting performance/stability and administering system access. This includes contributing to the design and building of a robust identity architecture that ensures the right access, for the right individuals, at the right time by implementing automated self-service request, approval, provisioning, and verification processes of access within the IAM platform.
You'll provide escalated support by troubleshooting and managing issues related to identities, systems access accounts, authentication, authorization, entitlements, and permissions. This includes investigating and resolving incidents, performing root cause analysis, and implementing preventative measures to enhance the customer experience.
15% IAM Governance and Compliance
You'll develop and enforce IAM-related security policies, standards, and guidelines. We'll want you to stay up to date with industry trends, regulatory requirements, and emerging technologies to ensure the IAM framework remains effective and compliant. You'll participate in security audits and assessments to validate the effectiveness of the IAM framework. Identify and remediate any vulnerabilities or non-compliance issues.
You'll collaborate with stakeholders to define the organization's IAM strategy, including goals, objectives, and key performance indicators (KPIs). Communicate and educate stakeholders on IAM policies, processes, and best practices.
5% Other Duties
At the Associate Director's discretion, you'll be asked to take on projects that support our teams, develop our culture, and identify opportunities to grow in your role.
You may be asked to take on additional responsibilities, including occasional off-hours or weekend work. Infrequent domestic travel will be required.
Required Qualifications
The anticipated hiring range for this position is $64,500 - $86,000. The full salary range is $64,500 - $107,600.
The salary of the finalist(s) selected for this role will be set based on a variety of factors, including but not limited to, internal equity, experience, education, specialty and training.
The above salary range represents the University's good faith and reasonable estimate of the range of possible compensation at the time of posting.
Work Hours:
Monday - Friday, 8am - 5pm, hybrid schedule options available.
Required 2 days per week at offices on the Auraria campus In Denver, CO.
Instructions to Apply:
Please apply through MSU Denver Careers and submit your cover letter and resume. Select Begin Your Job Search, then search for JR101667. Internal applicants must apply through their MSU Denver Workday profile by searching 'Find Jobs'. Applications that do not contain all required documents may not receive full consideration.
Closing Date
Open Until Filled
Posting Representative
Elizabeth Wellington
Posting Representative Email
ewelling@msudenver.edu
Benefits
MSU Denver is pleased to offer our current and potential employees a wide array of benefit options. To learn more, please visit the following link:
Employee Benefits Offerings
The University will provide reasonable accommodations to applicants with disabilities throughout the employment application process. To request an accommodation pursuant to the Americans with Disabilities Act, please contact the Human Resources ADA Coordinator at totalrewards@msudenver.edu.
Diversity Statement
Metropolitan State University of Denver is a unique, access-oriented campus community that values diversity, equity, and inclusion in all its forms. Our student population consists of nearly 58% first generation students and over 50% students of color. We are a designated Hispanic Serving Institution located in downtown Denver.
We create an equitable learning and working environment in concert with individuals who consistently demonstrate commitment to equity and inclusion. We greatly value the diverse identities and perspectives of our students, faculty, and staff and recognize that in order to achieve a just and equitable society, diversity must go beyond simple representation. It requires critical inquiry and dialogue and a commitment to action. We strive to provide a culture of belonging for all community members to achieve personal and professional success.
Department
Enterprise Systems
Reporting to the Associate Director of Enterprise Systems, the Identity and Access Management (IAM) Engineer will assist with the design, implementation, and ongoing management of an updated IAM vision that aligns with industry-recognized practices, frameworks, and regulations. You will contribute directly to IAM component designs, IAM service development, integration, and implementation, identifying areas for automation and orchestration to secure, automate, and scale IAM practices.
You will work alongside Enterprise Administrators and collaborate with all ITS business units to support operations of university wide IAM services for students, faculty, staff, parents, alumni, guests, vendors, and University technology partners.
40% IAM Systems Design and Analysis
You'll apply your expertise in IAM frameworks, systems, and protocols to design, develop, maintain, and enhance the University's IAM platforms. This includes designing identity lifecycle management, access provisioning and deprovisioning processes, single sign-on (SSO), multi-factor authentication (MFA), role-based access control (RBAC), and other IAM components.
You'll work with cross-functional teams, including IT, security, compliance, and business units, to gather requirements, address concerns, and ensure the successful implementation and operation of IAM solutions. This includes designing core architecture to allow not just for the assignment of identities and access privileges to individuals but to applications, services, and processes as well.
40% IAM System Administration and Support
You'll administer the IAM platform by supporting third-party integrations, migrating code into production, performing upgrades, troubleshooting performance/stability and administering system access. This includes contributing to the design and building of a robust identity architecture that ensures the right access, for the right individuals, at the right time by implementing automated self-service request, approval, provisioning, and verification processes of access within the IAM platform.
You'll provide escalated support by troubleshooting and managing issues related to identities, systems access accounts, authentication, authorization, entitlements, and permissions. This includes investigating and resolving incidents, performing root cause analysis, and implementing preventative measures to enhance the customer experience.
15% IAM Governance and Compliance
You'll develop and enforce IAM-related security policies, standards, and guidelines. We'll want you to stay up to date with industry trends, regulatory requirements, and emerging technologies to ensure the IAM framework remains effective and compliant. You'll participate in security audits and assessments to validate the effectiveness of the IAM framework. Identify and remediate any vulnerabilities or non-compliance issues.
You'll collaborate with stakeholders to define the organization's IAM strategy, including goals, objectives, and key performance indicators (KPIs). Communicate and educate stakeholders on IAM policies, processes, and best practices.
5% Other Duties
At the Associate Director's discretion, you'll be asked to take on projects that support our teams, develop our culture, and identify opportunities to grow in your role.
You may be asked to take on additional responsibilities, including occasional off-hours or weekend work. Infrequent domestic travel will be required.
Required Qualifications
- Bachelor's degree from an accredited college or university in Information Systems or Computer Science and/or equivalent combination of education and work experience.
- 3 or more years of professional hands-on IT experience within the Identity and Access Management domain.
- 2 or more years of professional experience administering an enterprise IGA/IAM platform such as SailPoint, Saviynt, Okta, ForgeRock, Microsoft Identity Manager or similar solutions.
- Working knowledge of IAM concepts, protocols, and standards, such as SAML, OAuth, OpenID Connect, LDAP, and RBAC/ABAC.
- Professional experience in a higher education environment.
- Experience with designing or maintaining permissions and roles for large enterprise applications such as an ERP or CRM such as Ellucian Banner, Workday, Salesforce, or Slate.
- Experience with administering Active Directory (including Azure AD), MFA, and SSO.
- Experience with REST API integration, management, or development.
- Experience with one or more scripting/programming languages such as Bash, PowerShell, C++, Java, Python, JavaScript, C#, JSON.
- Possesses Identity and Access Management industry certifications such as CIAM, CISSP, CISM, CompTIA Security+, or related certifications.
The anticipated hiring range for this position is $64,500 - $86,000. The full salary range is $64,500 - $107,600.
The salary of the finalist(s) selected for this role will be set based on a variety of factors, including but not limited to, internal equity, experience, education, specialty and training.
The above salary range represents the University's good faith and reasonable estimate of the range of possible compensation at the time of posting.
Work Hours:
Monday - Friday, 8am - 5pm, hybrid schedule options available.
Required 2 days per week at offices on the Auraria campus In Denver, CO.
Instructions to Apply:
Please apply through MSU Denver Careers and submit your cover letter and resume. Select Begin Your Job Search, then search for JR101667. Internal applicants must apply through their MSU Denver Workday profile by searching 'Find Jobs'. Applications that do not contain all required documents may not receive full consideration.
Closing Date
Open Until Filled
Posting Representative
Elizabeth Wellington
Posting Representative Email
ewelling@msudenver.edu
Benefits
MSU Denver is pleased to offer our current and potential employees a wide array of benefit options. To learn more, please visit the following link:
Employee Benefits Offerings
The University will provide reasonable accommodations to applicants with disabilities throughout the employment application process. To request an accommodation pursuant to the Americans with Disabilities Act, please contact the Human Resources ADA Coordinator at totalrewards@msudenver.edu.
Diversity Statement
Metropolitan State University of Denver is a unique, access-oriented campus community that values diversity, equity, and inclusion in all its forms. Our student population consists of nearly 58% first generation students and over 50% students of color. We are a designated Hispanic Serving Institution located in downtown Denver.
We create an equitable learning and working environment in concert with individuals who consistently demonstrate commitment to equity and inclusion. We greatly value the diverse identities and perspectives of our students, faculty, and staff and recognize that in order to achieve a just and equitable society, diversity must go beyond simple representation. It requires critical inquiry and dialogue and a commitment to action. We strive to provide a culture of belonging for all community members to achieve personal and professional success.
