×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Systems Engineer

Identity Services Engineer

Job in Charlottesville, Albemarle County, Virginia, 22901, USA
Listing for: University of Virginia
Full Time position
Listed on 2026-05-20
Job specializations:
  • IT/Tech
    Cybersecurity, Systems Engineer
Job Description & How to Apply Below
Posting Title

Identity Services Engineer

Department Overview

The Identity Services team within the University of Virginia (UVA) Information Technology Services (ITS) designs, operates, and evolves the University's core identity and access management (IAM) ecosystem. These services provide the foundation for secure authentication, authorization, and access governance across UVA's academic, research, and administrative systems, supporting the University's mission of teaching, research, and public service.

Identity Services operates in a complex higher-education environment that emphasizes federated trust, shared governance, and community-driven standards. Our work aligns closely with Internet2 and InCommon best practices to deliver scalable, sustainable identity solutions.

Position Summary

The University of Virginia seeks an Identity Services Engineer to serve as a senior individual contributor within the Identity Services team. This role is critical to the secure operation, integration, and continuous improvement of UVA's enterprise IAM platforms.

The Identity Services Engineer provides deep, hands-on technical expertise across identity governance, authentication, authorization, and access lifecycle services. This position is well-suited for an experienced IAM practitioner who values technical ownership, operational excellence, and alignment with higher-education IAM architectures, without expectations of people management.

Responsibilities

Identity & Access Management Engineering

* Design, configure, customize, and support enterprise IAM platforms, including Grouper, Fischer Identity, Shibboleth Identity Provider, and Delinea PAM.

* Implement and maintain group- and attribute-based access models (RBAC, ABAC, PBAC) that support institutional policy, delegated administration, and least-privilege access.

* Serve as a senior technical contributor for Grouper, including attestation workflows, GSH templates, ABAC implementations, and integration patterns.

* Support identity governance and lifecycle processes using Fischer Identity, including integrations with authoritative sources and downstream systems.

* Operate and troubleshoot federated authentication and single sign-on services using SAML, OIDC, and OAuth2, aligned with InCommon trust frameworks.

* Integrate IAM services with LDAP registries, Active Directory, databases, and enterprise applications.

Security, Compliance, & Operations

* Support and integrate privileged access management workflows using Delinea.

* Diagnose and resolve complex IAM issues spanning directories, authentication flows, access policies, and application integrations.

* Contribute to secure-by-design IAM architectures that support regulatory and contractual requirements, including FERPA, HIPAA, PCI-DSS, and research data protections.

Collaboration & Service Integration

* Partner with application teams, infrastructure groups, and security stakeholders to onboard services and improve access consistency.

* Contribute to testing, change management, and promotion of updates across development, QA, and production environments.

* Maintain clear technical documentation for configurations, customizations, and operational procedures.

* Participate in a shared on-call rotation, supported by strong documentation and team practices.

Minimum Qualifications

* Five or more years of professional experience supporting or engineering identity and access management systems.

* Hands-on experience with one or more IAM platforms commonly used in higher education, such as Grouper, Shibboleth, Fischer Identity, or Microsoft Entra .

* Strong understanding of IAM concepts, including authentication, authorization, access lifecycle management, and identity governance.

* Experience working with LDAP directories and/or Active Directory in production environments.

* Proficiency with Linux-based systems and the ability to troubleshoot integrated, distributed services.

Preferred Qualifications

* Familiarity with the InCommon Trusted Access Platform (TAP) and community-driven IAM architectures, including meaningful hands-on experience with Grouper and Shibboleth.

* Experience operating federated identity services in a research or…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search