Identity, Credential, and Access Management (ICAM) Systems Engin with Security Clearance - Now Hiring

Requisition Id 10431 Purpose: The Information Technology Services Division in the Business Services Directorate at the Oak Ridge National Laboratory is seeking qualified applicants for an Identity, Credential, and Access Management (ICAM) Systems Engineer position in the Platform Services Group. This group is responsible for the access and authentication infrastructure required to support 10,000 Windows, Mac and Linux desktops, laptops, servers, and applications. The successful candidate will have a strong understanding of federated identity, authentication and authorization technologies, ideally including SAML, Kerberos, Active Directory, LDAP, OAuth, and OpenID-Connect. Major Duties/Responsibilities: Primary duties will include: * Serve as a Subject Matter Expert (SME) for ORNL's enterprise access and authentication infrastructure.
* Collaborate with other SMEs to ensure the reliable, effective, and secure operation of ORNL's IT systems.
* Contribute to the development of solution and enterprise architecture involving authentication, particularly federated identity and single sign on.
* Serve as one of ORNL's InCommon Federation Site Administrators.
* Manage the operation of ORNL's Federated Identity, Authentication, and Authorization infrastructure.
* Provide design and operational support for SAML, WS-Federation, OAuth, OpenID-Connect, JSON Web Token, and Open Token authentication systems based on Ping Federate, including integration of these systems to back-end directory services.
* Perform monitoring and troubleshooting tasks.
* Configure and manage identity provider and service provider connections.
* Develop tools for automation for routine administrative and monitoring tasks.
* Manage the operation of LDAP infrastructure systems using OpenLDAP.
* Manage the operation of ORNL's SecurID infrastructure.
* Serve as a key SME for ORNL's Public Key Infrastructure (PKI), particularly as it relates to X.509 certificates for client authentication.
* Deliver ORNL's mission by aligning behaviors, priorities, and interactions with our core values of Impact, Integrity, Teamwork, Safety, and Service. Promote diversity, equity, inclusion, and accessibility by fostering a respectful workplace - in how we treat one another, work together, and measure success. Required Qualifications: * Bachelors degree in an information technology-related field plus eight (8) years of relevant work experience. An equivalent combination of education and experience may be considered.
* Experience with authentication technologies (i.e. Active Directory) and concepts. Must possess a strong desire to learn federated identity management technologies (i.e. SAML).
* Significant experience scripting in both Linux and Windows environments.
* Experience using data analysis (such as from logs), monitoring, and automation to improve operational excellence, reduce operational labor, and improve the overall security posture.
* Excellent interpersonal skills suitable for user support and ability to work well with peers.
* Experience in an environment requiring change control processes.
* Demonstrated ability to perform job tasks while considering cyber security risk of those tasks, and consulting with security professionals when necessary. Desired Qualifications: * A minimum of 2 years of experience with authentication and authorization technologies in an environment with a scale comparable to ORNL, specifically including experience with the use of Kerberos, SAML, and OAuth for authentication. Experience with Ping Federate is particularly desired.
* Demonstrated ability to work in a dynamic environment and translate user needs into actionable project plans and see those plans through execution while balancing needs for short-term, high-priority tasks.
* Demonstrated effective written and verbal communication skills.
* Ability to work in a group and independently.
* Ability to time manage and prioritize projects.
* Effective documentation skills.
* Demonstrated analytical and problem-solving skills.
* Strong commitment to ethical and professional values.Experience working with federated identity management infrastructure, including the configuration and management of SAML- and OAuth-based identity provider and service provider connections
* Experience in deploying and managing Public Key Infrastructure technologies, particularly including Microsoft PKI tools
* Strong knowledge of multiple operating systems
* Experience with Devops and with configuration management tools, with Ansible particularly preferred
* Advanced understanding of Microsoft server technologies specific to domain controllers, and all AD associated services such as ADFS, DNS, DHCP, DFS and GP
* Previous experience working in a government, scientific, or other highly technical environment Special Requirements: * Visa Sponsorship:Visa sponsorship is not available for this position. * Q clearance: This position requires the ability to obtain and maintain a clearance from the Department of Energy. As such, this position is a Workplace Substance Abuse (WSAP) testing designated position. WSAP positions require passing a pre-placement drug test and participation in an ongoing random drug testing program. #LI-KC1 This position will remain open for a minimum of 5 days after which it will close when a qualified candidate is identified and/or hired. We accept Word (.doc, .docx), Adobe (unsecured .pdf), Rich Text Format (.rtf), and HTML (.htm, .html) up to 5MB in size. Resumes from third party vendors will not be accepted; these resumes will be deleted and the candidates submitted will not be considered for employment. If you have trouble applying for a position, please email . ORNL is an equal opportunity employer. All qualified applicants, including individuals with disabilities and protected veterans, are encouraged to apply. UT-Battelle is an E-Verify employer.