Identity Access Management (IAM) Engineer

Company Description

Join us and make YOUR mark on the World!

Are you interested in joining some of the brightest talent in the world to strengthen the United States’ security? Come join Lawrence Livermore National Laboratory (LLNL) where our employees apply their expertise to create solutions for BIG ideas that make our world a better place.

We are committed to a diverse and equitable workforce with an inclusive culture that values and celebrates the diversity of our people, talents, ideas, experiences, and perspectives. This is essential to innovation and creativity for continued success of the Laboratory’s mission.

Pay Range

$123,960 - $166,992 Annually for the SES.2 level

$148,650 - $200,328 Annually for the SES.3 level

Please note that the pay range information is a general guideline only. Many factors are taken into consideration when setting starting pay including education, experience, the external labor market, and internal equity.

Job Description

We have an opening for an Identity Access Management (IAM) Engineer to work on projects that cover a range of system, applications technologies in the areas of Enterprise Access Single Sign-on. You will research, develop, and integrate state-of-the-art software to provide Enterprise authentication and authorization services. This position is in the Applications, Simulations and Quality Division in the Computing Directorate.

This position will be filled at either the SES.2 or SES.3 level based on knowledge and related experience as assessed by the hiring team. Additional job responsibilities (outlined below) will be assigned if hired at the higher level.

In this role you will

• Provide Web, REST API Single Sign-On authentication and authorization services by integrating with Access Manager
• Work with developers to enable applications for authentication and authentication services
• Monitor production services and respond to system problems and user issues
• Contribute to the fulfillment of technical projects and organizational objectives functioning as an effective team member on multi-disciplinary teams
• Provide technical assistance, training, and/or mentoring to others in the areas of authentication and authorization services
• Participate in development of new processes and serve as a primary technical point of contact with sponsors and stakeholders
• Exercise independent judgement to define, develop, and implement original solutions to complex problems of a broad and diverse scope at the team, directorate, or institutional level
• Perform other duties as assigned

Additional job responsibilities at the SES.3 Level

• Lead and provide enterprise solutions recommendation
• Develop and lead new solutions that meet mission level goals
• Own and Support current and future enterprise customers use cases
• All your information will be kept confidential according to EEO guidelines

Qualifications

• Ability to obtain and maintain a US DOE Q-level security clearance which requires U.S. Citizenship
• Bachelor’s degree in Computer Science with security focus, or related field, or the equivalent combination of education and related experience
• Knowledge of fundamental networking and distributed computing concepts, as well as security engineering, application security, and system security principles
• Broad knowledge in one or more of the following areas (LDAP, PKI, RSA SecurID, CDSSO, SAML2, OAuth/OIDC, and other Claims based authentication)
• Proficient programming skills in at least one of the major languages: Java, C++, Python, JavaScript, .NET
• Knowledge in HTTP, XML, AJAX, REST, SCIM
• Experience in Linux OS and Windows Development environments
• Effective analytical and problem-solving skills to contribute to creative solutions to moderately complex problems on server side
• Proficient verbal and written communication skills necessary to work effectively with application developers, system programmers, and other technical staff

Additional Qualifications at the SES.3 Level

• Advanced knowledge of encryption algorithms and security protocols (RSA, SSL, TLS), as well as security vulnerability, ForgeRock, ADFS, Ping Federate, and other On Prem IDP Stacks
• Master’s degree in Computer Science and 7 years or 10+ years’ experience in the Authentication, and IAM space, with a proven track record of leading large enterprise level Identity Solutions
• Broad experience in Cloud and Federated platforms, and ecosystems, with Solutions Architect, or Security Architect Experience

Additional Information

Position Information

This is a Career Indefinite position, open to Lab employees and external candidates.

Why Lawrence Livermore National Laboratory?

• Included in 2022 Best Places to Work by Glassdoor!
• Flexible Benefits Package
• 401(k)
• Education Assistance
• Flexible schedules (*depending on project needs

Security Clearance

This position requires a Department of Energy (DOE) Q-level clearance. If you are selected, we will initiate a Federal background investigation to determine if you meet eligibility requirements for access to classified information or matter. Also, all L or Q cleared employees are subject to random drug testing. Q-level clearance requires U.S. citizenship.

Pre-Employment Drug Test

External applicant(s) selected for this position must pass a post-offer, pre-employment drug test. This includes testing for use of marijuana as Federal Law applies to us as a Federal Contractor.

Equal Employment Opportunity

We are an equal opportunity employer that is committed to providing all with a work environment free of discrimination and harassment. All qualified applicants will receive consideration for employment without regard to race, color, religion, marital status, national origin, ancestry, sex, sexual orientation, gender identity, disability, medical condition, pregnancy, protected veteran status, age, citizenship, or any other characteristic protected by applicable laws.

We invite you to review the Equal Employment Opportunity posters which include EEO is the Law and Pay Transparency Nondiscrimination Provision.

Reasonable Accommodation

Our goal is to create an accessible and inclusive experience for all candidates applying and interviewing at the Laboratory. If you need a reasonable accommodation during the application or the recruiting process, please use our online form to submit a request.

California Privacy Notice

The California Consumer Privacy Act (CCPA) grants privacy rights to all California residents. The law also entitles job applicants, employees, and non-employee workers to be notified of what personal information LLNL collects and for what purpose. The Employee Privacy Notice can be accessed here.