Location: Stony Brook,NY, USA
Required Qualifications: (as evidenced by an attached resume)
* A Bachelor's Degree. In lieu of the Bachelor's Degree, a combination of directly related full-time experience supporting Identity and Access Management services and education totaling nine [9] years may be considered.
* Five [5] years of full-time, applicable experience supporting Identity and Access Management services.
* Experience developing programming code.
* Experience in identity management platforms and best practices.
* Experience with key identity management and access concepts and principles such as least privilege, privileged access, segregation of duties, role-based access control (RBAC), authentication, authorization, and user lifecycle workflows.
* Experience with IAM technologies and infrastructure, such as single sign-on (SSO), directory federation, SAML, OAuth, multi-factor authentication, user provisioning and self-service, account creation, and management; entitlement review certification and management; enterprise directory architecture and design, and onboarding applications.
Preferred Degree/Qualifications:
* Advanced Degree.
* An active cyber security or other relevant certification, such as CISSP, CISM, or IDM-specific.
* Experience programming/scripting experience in PL/SQL, Powershell, Linux shell, Java, and/or Perl.
* Experience with additional cyber security functions other than identity management.
* Experience working with identity management within a large complex environment.
* Experience participating in cross-functional business and technical teams in large and complex environments.
* Experience developing technical and administrative documentation and diagrams.
* Familiarity with regulations and frameworks such as HIPAA, FERPA, NIST, GDPR, etc.
Brief Description of Duties/Primary Purpose:
The Identity Management Engineer is tasked with implementing, maintaining, extending, and troubleshooting the university's identity management platform and associated technologies.
Essential Duties:
Implement and Maintain Identity Management Systems:
Implement and develop technologies and processes to enable stable and secure enterprise-wide identity management (IDM) functions. This includes provisioning new user accounts, establishing unique credentials, de-provisioning accounts, self-service password management, and integrating directories and databases for authentication and authorization services. Implement third-party IDM systems and assist in migrating legacy systems to new technologies. Collaborate with vendors and consultants to install, configure, integrate, and test new systems, and upgrade existing ones. Design and maintain custom applications used for IDM functions. Monitor system performance, apply patches, update system configuration, and identify address security vulnerabilities.
Integrating Identity Solutions and Data Analysis/Mapping:
Integrate IDM solutions with existing systems, applications, and directories, ensuring seamless interoperability and data synchronization across the organization's IT ecosystem. Oversee data integrity by ensuring authoritative sources and target systems are integrated, with identity data normalized and reliable.
Identity Lifecycle and Access Management:
Implement technology and processes for managing the lifecycle of digital identities, including user provisioning, de-provisioning, role-based access control (RBAC), and recertification campaigns to ensure efficient governance and compliance. Work closely with service owners to ensure the identity management platform integrates seamlessly with Single Sign-On (SSO) and modern protocols such as OAuth, SAML, and OpenID Connect, streamlining user authentication and access across multiple applications and platforms.
Ensuring Data Security:
Implement and enforce robust security measures, such as multi-factor authentication (MFA), encryption, and least privilege access controls, to protect sensitive identity-related data and mitigate the risk of unauthorized access or data breaches. Establish monitoring and auditing mechanisms to detect security incidents, track user activity, and assess the effectiveness of IDM controls, supporting continuous improvement and compliance validation. Ensure that systems and procedures adhere to security best practices and comply with all relevant university policies regarding information security, change management, and communications.
Collaborating with Stakeholders and Support:
Collaborate with cross-functional teams, including IT, security, compliance, and business units, to gather requirements, assess technical feasibility, and ensure alignment with business objectives. Assist end-users and IT support staff with access-related issues, providing high-quality customer service at all times.
Documentation and Diagrams :
Fully document implementation and configuration details, ensuring alignment with regulatory requirements and industry best practices while addressing organizational security and compliance needs.
Non-Essential: Other duties or projects as assigned as appropriate to rank and department mission.
Special Notes:
This is a full-time appointment. FLSA Exempt position, not eligible for the overtime provisions of the FLSA. Minimum salary threshold must be met to maintain FLSA exemption.
Resume/CV and cover letter should be included with the online application.
SUNY implemented a hybrid telecommuting pilot program. This position has been approved to participate in the pilot, which allows for up to 5 remote days per pay period.
This position will remain posted until filled or for a maximum of 30 days. An initial review of all applicants will occur two weeks from the posting date. For full consideration, applications must be received before the initial review date. If within the initial review no candidate was selected to fill the position posted, additional applications will be considered for the posted position; however, the posting will close once a finalist is identified, and at minimal, two weeks after the initial posting date.
Stony Brook University is committed to excellence in diversity and the creation of an inclusive learning, and working environment. All qualified applicants will receive consideration for employment without regard to race, color, national origin, religion, sex, pregnancy, familial status, sexual orientation, gender identity or expression, age, disability, genetic information, veteran status and all other protected classes under federal or state laws.
If you need a disability-related accommodation, please call the university Office of Equity and Access (OEA) at (631) ###-#### or visit OEA.
In accordance with the Title II Crime Awareness and Security Act a copy of our crime statistics can be viewed here.
Visit our WHY WORK HERE page to learn about the total rewards we offer.
'641047