Identity & Access Management (IAM) Engineer

IT SCRTY ANL 3 (007338)

UCPath Position ID: 41068525

Position Description History/Status

For Reference ONLY - PeopleAdmin JA Number:

1142994

Approved Date:

11/13/2024 5:52:22 PM

Date Last Edited:

11/13/2024 5:52:18 PM

Last Action Effective Date:

2/16/2024

Organization Details

Business Unit (Location):

LACMP

Organization Code:

5000O

Organization:

ADMINISTRATIVE VICE CHANCELLOR         

Division Code:

5901D

Division:

ADMINISTRATION                         

Department:

455400 - IT SERVICES

Position Details

UCPath Position Number:

41068525

Position Description ID

169574

UC Payroll Title:

IT SCRTY ANL 3 (007338)

Personnel Program

Professional and Support Staff (PSS)

Salary Grade:

Grade 23

Job Code FLSA:

Exempt

Union Code (Collective Bargaining Unit):

99: Non-Represented (PPSM)

Employee Relations Code:

E: All Others - Not Confidential

Employee Class (Appt Type):

2 - Staff: Career

Full-Time Equivalent (FTE)

1

SUPERVISION

UCPath Reports to Position Number:

41051981

Reports to Payroll Title:

IT SCRTY MGR 1

UCPath Department Head Position Number:

40068309

Department Head Payroll Title:

INFO SYS MGR 4

GENERAL SUPERVISION - Indicates that the incumbent develops procedures for performance of variety of duties; or performs complex duties within established policy guidelines.

POSITION SUMMARY

The Identity & Access Management (IAM) Engineer will be responsible for the development, implementation, configuration, integration and maintenance of IAM solutions that align with the university's security policies and requirements. This role involves ensuring secure, compliant, and efficient management of identities, credentials, and access controls across all internal and external systems. The IAM Engineer will apply their technical expertise in automation, orchestration, and programming to optimize IAM processes and improve overall efficiency of IAM systems, ensuring seamless integration across various platforms. The IAM engineer is responsible for evaluating hosting platforms, and configuration technologies ensuring consistency between production and non-production environments.

 This role will collaborate closely with the IAM Director, IAM and the IAM Analysts, as well as various departments across the university and external vendors to maintain and enhance the security and usability of the IAM framework and, to ensure that access and identity data is granted to users in a secure, compliant, and efficient manner.

The IAM Engineer will positively impact UCLA's operations and culture by protecting University stakeholders' information and data in service of the institution's academic mission. This team member will advance the University's mission by delivering exceptional security service comprehensively and consistently across faculty, staff, and students. This role will execute UCLA's vision while modeling UCLA's culture and values.

The UCLA Information Security team enables UCLA’s mission by providing leadership and expertise that assures the confidentiality, integrity, safeguarding, and availability of the university’s digital information resources. The Information Security team enables efficient campus wide cyber incident detection and response procedures. In addition, the team implements risk management strategies to identify vulnerabilities and threats to campus information resources and enterprise systems. This includes executing a comprehensive information security plan, centered on implementing and enforcing technical and physical security measures to treat identified risks based on their sensitivity or criticality.

The Identity & Access Management team protects UCLA’s resources and digital assets as well as supports university business operations through effective and seamless access management. This includes account lifecycle management, authentication, and role-based access controls at the enterprise level. The IAM team is responsible for managing digital identities and ensuring the proper access controls are in place ensuring sensitive information protection. The team drives the creation and management of university IDs for faculty, staff, and students and the IAM infrastructure to guarantee secure and efficient access to information systems and resources. Furthermore, the team implements rigorous regulation of entitlements through granular access control and the auditing of all digital identities managed by UCLA by adhering to the best practices and latest regulatory standards.

Identity & Access Management (IAM)

1.Develops, implements, configures and maintains IAM solutions, including integrations, provisioning, deprovisioning, authentication, and access control systems.

2.Leverages automation and orchestration tools to optimize identity management processes, including user provisioning, deprovisioning, role-based access control (RBAC), attribute-based access control (ABAC) and authentication workflows.

3.Develops scripts and automation routines using programming languages (e.g., Python, PowerShell, Java) to streamline IAM functions and integrate with other enterprise systems.

4.Configures, maintains, and updates IAM platforms and tools to ensure consistent performance and availability in both production and non-production environments.

20%

Identity & Access Management (IAM)

1.Collaborates with IAM director, IAM analysts and IT teams and stakeholders to ensure smooth implementation and  integration of IAM systems with other IT and security infrastructure.

2.Performs system integration and configuration tasks to ensure the seamless functioning of IAM technologies and tools.

3.Develops monitoring tools and reporting mechanisms to track access events, identify potential security breaches or vulnerabilities, and provide reports to the security team for analysis and auditing purposes.

4.Monitors and analyzes IAM system performance, security, and compliance, recommending improvements and enhancements as necessary.

20%

Identity & Access Management (IAM)

1.Troubleshoots and resolves IAM system issues, working with the appropriate teams to identify root causes and implement corrective actions.

2.Provides technical support and guidance to users and IT teams on IAM tools, processes, and best practices, troubleshooting issues as they arise.

3.Develops and maintains technical documentation, including solution design documents, configuration guides, and process workflows.

4.Assists in the development and implementation of security policies, procedures, and guidelines related to IAM.

15%

Problem Solving

1. Regularly works on issues where analysis of situations or data requires an in-depth evaluation of variable factors

2.Provides hands-on support to troubleshoot and resolve IAM-related technical issues and incidents.

10%

Customer Service

1.Identifies, evaluates, and implements advanced IAM measures to safeguard against emerging threats, ensuring the confidentiality, integrity and availability of IAM systems and data.

10%

Continuous Improvement

1.Stays current with IAM technologies, trends, and regulatory requirements, and recommend changes to the university's IAM program as needed.

2.Facilitates innovation and continuous improvement by leveraging the latest industry knowledge and maintains currency with new technologies.

10%

Project Planning & Management

1.Plans and executes system upgrades, bug fixes, and other changes using service management software and methodologies.

5%

Communications & Training

1.Provides timely communications to stakeholders, technical staff, and management as required.

5%

Other

Actively contributes to promoting equity, diversity, and inclusion across the organization and UCLA’s campus. Actively promotes the organization’s core values and consistently integrates innovation, employee fulfillment, teamwork, respect, excellence, integrity, service, and accountability into each aspect of their work. Maintains current knowledge of University policy and procedure; effectively, consistently and fairly applies University policy and/or campus/division procedures for assigned area and team members supervised; complies with University, Campus and division policies and procedures regarding privacy of information, authorized use of University resources and the security of University systems and data. Performs other related responsibilities as requested and when necessary.

5%

•

Performs other duties as assigned.

•

Complies with all policies and standards.

•

Complies with the University of California, Los Angeles (UCLA) Principles of Community.

•

This position description is not intended to be a complete list of all responsibilities, duties or skills required for the job and is subject to review and change at any time, with or without notice, in accordance with the needs of the organization.

QUALIFICATIONS

Bachelor's Degree

in cybersecurity, information technology, computer science, public administration, business administration, communications, or related field, or equivalent experience/training.

Required

3 years

experience working in one or more of the following fields: cybersecurity, computer science, computer information systems, or related field.

Required

Advanced experience using identity and access tools and systems in a distributed IT environment

Required

Hands-on experience with implementation and configuration of directory services (e.g., Active Directory, LDAP), authentication and federation (e.g., Single Sign-On (SSO)) technologies.

Required

Hands-on experience with implementation and configuration of multi-factor authentication (MFA) solutions.

Required

Experience participating in activities to advance an inclusive environment that values equity, diversity, inclusion and belonging.

Required

Experience in complex higher education environments, serving academic and administrative functions of a large public university.

Preferred

5+ years

experience working in one or more of the following fields: cybersecurity, computer science, computer information systems, etc.

Preferred

One or more of the following certifications: CCNP Security, CCIE Security, OSCP, CISSP, CEH, or equivalent certification.

Preferred

CCIE Security certification.

Preferred

Demonstrated skills applying authentication and account management standards to vendor provisioning solutions, computer software and hardware at scale.

Required

Advanced knowledge of IAM infrastructure deployment and configuration. Ability to review and diagnose system issues and implement preventative maintenance to ensure proactive continuity of services.

Required

Proficient in scripting and programming languages (e.g., PowerShell, Python, Java) for automation and integration purposes.

Required

Demonstrated expertise in technologies and products, such as: SCIM,  J2EE, Java Servlets, XML, Web Services, Perl/CGI, SSL, etc.

Required

Strong written and verbal communication skills and is able to communicate technical information and ideas to a diverse community of colleagues and stakeholders.

Required

Able to establish and advance positive working relationships and a strong rapport with team members, stakeholders, and customers.

Required

Strong organizational skills and is able to balance competing priorities and support concurrent projects. Experience working in a project-based environment using leading project management practices including schedule management, status reporting, and communication of project risks and issues.

Required

Strong demonstrated problem-solving skills; scopes solutions based on knowledge of available resources and timelines. Able to ask questions, gather information, evaluate options, and make decisions with integrity.

Required

Thinks creatively and proposes innovative ideas, including the incorporation of new technologies or processes. Is able to work with agility in a fast-paced environment.

Required

SPECIAL REQUIREMENTS AND/OR CONDITIONS OF EMPLOYMENT

Background Check: Continued employment is contingent upon the completion of a satisfactory background investigation.

Live Scan Background Check: A Live Scan background check must be completed prior to the start of employment.

0%

LOCATION AND PHYSICAL, ENVIRONMENTAL, MENTAL (PEM) REQUIREMENTS

Environment and Work Location Information

Environment Type:

Non-Clinical Setting

Location Setting:

Campus

Location:

Wilshire Center

Standing/Walking

X

Sitting

X

Bending/Stooping

X

Squatting/Kneeling

X

Climbing

X

Lifting/Carrying/Push/Pull 0-25 lbs

X

Lifting/Carrying/Push/Pull 26-50 lbs

X

Lifting/Carrying/Push/Pull over 50 lbs

X

Physical requirements other

X

Chemicals, dust, gases, or fumes

X

Loud noise levels

X

Marked changes in humidity or temperature

X

Microwave/Radiation

X

Operating motor vehicles and/or equipment

X

Exposures other

X

Sustained attention and concentration

X

X

Complex problem solving/reasoning

X

X

Ability to organize & prioritize

X

X

Communication skills

X

X

Numerical skills

X

X

Mental demands other

X

X

Classification 3:  Position in which exposure to blood, body fluids or tissues is not part of the position description. The normal routine task involves no exposure to blood, body fluids or tissues and the employee can decline to perform tasks which involve a perceived risk without retribution.