Identity and Access Management DevOps Engineer (IDM/IAM) (Remote Friendly)
Lawrence Berkeley National Laboratory
Internal Number: 95570
Lawrence Berkeley National Lab's (LBNL) Information Technology Division has an opening for an Identity and Access Management (IDM/IAM) DevOps Engineer to join the team.
In this exciting role, you will provide support for Berkeley Lab's institutional Identity Management Service (IdM). This includes monitoring, developing, documenting, and maintaining the performance of complex systems and creating scripts and applications to support operation.
You will work with our existing IdM and Collaboration Services Team and apply wide-ranging expertise to help build our capabilities to enable enterprise security and scientific collaboration. Day to day responsibilities will include helping manage systems and services from our own on-premises infrastructure; operating our growing array of cloud services, including IaaS, PaaS, and SaaS solutions; and working with scientific and enterprise groups across the Laboratory to implement identity solutions for their services.
What You Will Do:
Participate in the conception, planning, implementation, and support of new services to enable the future of cross-collaboration and multi-disciplinary research.
Evangelize identity management services throughout the Laboratory community by demonstrating technical competence in these areas and providing excellent customer service.
Collaborate with members of the Laboratory community directly and with their vendors to integrate our identities with their applications.
Develop, enhance, and customize custom-developed and third-party software used in our environment, such as OpenLDAP, Shibboleth Identity Provider, Active Directory, OATH, and Google Cloud Identity Services.
Continue the migration of our existing application base from standalone processes and Docker containers to Cloud orchestration solutions using Google Cloud Platform and AWS.
Work with the cybersecurity team to implement identity solutions to secure Laboratory systems and services.
Keep existing software, services, and operating systems up-to-date and running with high availability. Our systems provide access to and support virtually every business and collaboration system at the Laboratory, including our financial, HR, and Google Workspace services.
Provide Tier II support for LBNL's Google Workspace services by interfacing with Google support for technical issue resolution.
Determine methods and procedures for new assignments, and may coordinate activities of other stakeholders.
What is Required:
Bachelor's degree and a minimum of 6 years of related experience, or an equivalent combination of education and experience.
Wide-ranging expertise integrating diverse information/directory systems with homegrown solutions; versed in scripting new and existing solutions.
Knowledge and experience with directory services such as OpenLDAP and Active Directory.
Knowledge and experience with Docker containers.
Understanding of multifactor authentication with OATH OTP tokens.
Hands-on experience with web single sign-on solutions, especially SAML and OpenID Connect, with specific experience with the Shibboleth Identity Provider.
Experience with the deployment and support of web servers and web services, such as Apache httpd, Apache Tomcat, Jetty, and NodeJS with Express.
Deep understanding of web protocols, especially web session handling.
Working knowledge of relational database management systems such as Oracle, MS SQL Server, and MySQL.
Previous experience in a research environment or a customer service delivery organization is desirable.
Understanding U2F/WebAuthn/FIDO2, and PKI/smart cards.
Understanding of InCommon's Grouper access management.
This is a full-time, career appointment, exempt (monthly paid) from overtime pay.
This position will be hired at a level commensurate with the business needs and the skills, knowledge, and abilities of the successful candidate.
This position may be subject to a background check. Any convictions will be evaluated to determine if they directly relate to the responsibilities and requirements of the position. Having a conviction history will not automatically disqualify an applicant from being considered for employment.
Work may be performed on-site, hybrid, full-time telework or remote modes.
Based on University of California Policy - SARS-CoV-2 (COVID-19) Vaccination Program and U.S Federal Government requirements, Berkeley Lab requires that all members of our community obtain the COVID-19 vaccine as soon as they are eligible. As a condition of employment at Berkeley Lab, all Covered Individuals must Participate in the COVID-19 Vaccination Program by providing proof that vaccination requirements have been met or submitting a request for Exception or Deferral. Visit covid.lbl.gov for more information.
Berkeley Lab is committed to Inclusion, Diversity, Equity and Accountability (IDEA) and strives to continue building community with these shared values and commitments. Berkeley Lab is an Equal Opportunity and Affirmative Action Employer. We heartily welcome applications from women, minorities, veterans, and all who would contribute to the Lab's mission of leading scientific discovery, inclusion, and professionalism. In support of our diverse global community, all qualified applicants will be considered for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, age, or protected veteran status.
In the world of science, Lawrence Berkeley National Laboratory (Berkeley Lab) is synonymous with excellence. Thirteen scientists associated with Berkeley Lab have won the Nobel Prize. Fifty-seven Lab scientists are members of the National Academy of Sciences (NAS), one of the highest honors for a scientist in the United States. Thirteen of our scientists have won the National Medal of Science, our nation's highest award for lifetime achievement in fields of scientific research. Eighteen of our engineers have been elected to the National Academy of Engineering, and three of our scientists have been elected into the Institute of Medicine. In addition, Berkeley Lab has trained thousands of university science and engineering students who are advancing technological innovations across the nation and around the world. Berkeley Lab is a member of the national laboratory system supported by the U.S. Department of Energy through its Office of Science. It is managed by the University of California (UC) and is charged with conducting unclassified research across a wide range of scientific disciplines. Located on a 200-acre site in the hills above the UC Berkeley campus that offers spectacular... views of the San Francisco Bay, Berkeley Lab employs approximately 4,200 scientists, engineers, support staff and students. Its budget for 2011 is $735 million, with an additional $101 million in funding from the American Recovery and Reinvestment Act, for a total of $836 million. A recent study estimates the Laboratory's overall economic impact through direct, indirect and induced spending on the nine counties that make up the San Francisco Bay Area to be nearly $700 million annually. The Lab was also responsible for creating 5,600 jobs locally and 12,000 nationally. The overall economic impact on the national economy is estimated at $1.6 billion a year. Technologies developed at Berkeley Lab have generated billions of dollars in revenues, and thousands of jobs. Savings as a result of Berkeley Lab developments in lighting and windows, and other energy-efficient technologies, have also been in the billions of dollars. Berkeley Lab was founded in 1931 by Ernest Orlando Lawrence, a UC Berkeley physicist who won the 1939 Nobel Prize in physics for his invention of the cyclotron, a circular particle accelerator that opened the door to high-energy physics. It was Lawrence's belief that scientific research is best done through teams of individuals with different fields of expertise, working together. His teamwork concept is a Berkeley Lab legacy that continues today.