University of Virginia · 17 hours ago
Identity Services Engineer
Charlottesville, VA
Full-time
Hybrid
Senior Level
5+ years expThe University of Virginia is a highly ranked public university with a strong culture of collaboration, innovation, and public service. They are seeking an Identity Services Engineer to serve as a senior individual contributor within the Identity Services team, responsible for the secure operation, integration, and continuous improvement of UVA’s enterprise IAM platforms.
Higher Education
No H1B
Responsibilities
Design, configure, customize, and support enterprise IAM platforms, including Grouper, Fischer Identity, Shibboleth Identity Provider, and Delinea PAM
Implement and maintain group- and attribute-based access models (RBAC, ABAC, PBAC) that support institutional policy, delegated administration, and least-privilege access
Serve as a senior technical contributor for Grouper, including attestation workflows, GSH templates, ABAC implementations, and integration patterns
Support identity governance and lifecycle processes using Fischer Identity, including integrations with authoritative sources and downstream systems
Operate and troubleshoot federated authentication and single sign-on services using SAML, OIDC, and OAuth2, aligned with InCommon trust frameworks
Integrate IAM services with LDAP registries, Active Directory, databases, and enterprise applications
Support and integrate privileged access management workflows using Delinea
Diagnose and resolve complex IAM issues spanning directories, authentication flows, access policies, and application integrations
Contribute to secure-by-design IAM architectures that support regulatory and contractual requirements, including FERPA, HIPAA, PCI-DSS, and research data protections
Partner with application teams, infrastructure groups, and security stakeholders to onboard services and improve access consistency
Contribute to testing, change management, and promotion of updates across development, QA, and production environments
Maintain clear technical documentation for configurations, customizations, and operational procedures
Participate in a shared on-call rotation, supported by strong documentation and team practices
Qualification
Required
Five or more years of professional experience supporting or engineering identity and access management systems
Hands-on experience with one or more IAM platforms commonly used in higher education, such as Grouper, Shibboleth, Fischer Identity, or Microsoft Entra ID
Strong understanding of IAM concepts, including authentication, authorization, access lifecycle management, and identity governance
Experience working with LDAP directories and/or Active Directory in production environments
Proficiency with Linux-based systems and the ability to troubleshoot integrated, distributed services
Ability to independently analyze and resolve complex technical problems
Strong written and verbal communication skills, particularly for documenting systems and collaborating across teams
Preferred
Familiarity with the InCommon Trusted Access Platform (TAP) and community-driven IAM architectures, including meaningful hands-on experience with Grouper and Shibboleth
Experience operating federated identity services in a research or academic context
Experience integrating IAM platforms with ERP, LMS, research, or administrative systems
Exposure to containerized deployments such as Docker Swarm or Kubernetes
Experience with CI/CD pipelines or configuration-as-code approaches
Experience with privileged access management tools or workflows
Identity-related certifications (e.g., IDPro, IMI) or active participation in the higher-education IAM community
Company
University of Virginia
The University of Virginia was founded in 1819 as the model for modern universities that has since been emulated all over the world.
10001+ employees
Funding
Current Stage
Late StageLeadership Team
Greg Fairchild
Dean and CEO, UVA|Northern Virginia
Luis Alvarez
President and CEO
Recent News
The Republic Reporter
2024-02-29
Company data provided by crunchbase