ClevelandTNRecruiter Since 2001
the smart solution for Cleveland jobs

Senior IAM Engineer

Company: ITR
Location: Oak Ridge
Posted on: February 16, 2026

Job Description:

Job Description Job Description Sr Identity and Access Management Engineer for American Science Cloud (AmSC) Experience level: Senior Work location: remote Project Overview: American Science Cloud - A Platform for Transformative Science AmSC is a secure, federated, and science-optimized cloud environment that integrates the DOE’s world-leading computing and experimental facilities, data resources, and high-performance networks The AmSC platform enables DOE scientists to create, access, and integrate world-class AI-ready datasets, run scalable model training on leadership-class systems, perform distributed simulations, control instruments, and move data efficiently across sites. The project is a multi-Lab and Public-Private Partnership endeavor, working in tandem with the Models Consortium (ModCon) who will deploy transformative AI models and services to the platform. Key DOE capabilities, such as the Frontier (ORNL), Aurora (ANL), Perlmutter (NERSC, at LBL), Energy Services Network (ESnet, at LBL), and the High Performance Data Facility (HPDF, at JLab) will be directly integrated, allowing multi-site workflows. The Team: As an Identity and Access Management Engineer you will work within the L2 Infrastructure Services group of AmSC to support identity management solution architecture, deployment and administration on our multi-cloud central hub infrastructure. The AmSC identity infrastructure supports teams from many different DOE labs and locations deploying a variety of AI and HPC services both on prem and in cloud environments. Your primary responsibilities will be to design and build an Identity Management platform and federation hub that promote collaboration within the AmSC, enabling researches to seamlessly leverage AmSC infrastructure and services for their projects. You will be one of the first full-time AmSC staff members, and this presents a unique opportunity to build something new and exciting. Major Duties/Responsibilities: Lead the architecture, development and implementation of an Identity and Access Management platform using the Ping suite of products Contribute to workflow design, API development, and collaborate with application developers and owners to establish robust integrations Plan, execute and document application onboarding of a diverse and growing application set Collaborate with IAM personnel from other organizations to design, build and administer a federation hub, allowing users to access resources at any participating facility Build out and enable ABAC, RBAC, least privilege access and other common IAM standards Deploy, configure and support identity and access management services such as single sign on (SSO), OAuth, MFA, zero trust, etc…. Lead incident response, providing advanced troubleshooting and building out of monitoring and alerting systems Define and implement define KPIs, processes and drive continuous improvement. Participate in on-call rotation providing 24-hour, 7-day support and off-hours maintenance windows. Coordinate with vendors to resolve hardware and software problems. Deliver AmSC’s mission by aligning behaviors, priorities, and interactions with our core values of Impact, Integrity, Teamwork, Safety, and Service. Promote diversity, equity, inclusion, and accessibility by fostering a respectful workplace – in how we treat one another, work together, and measure success. Basic Qualifications: Bachelor’s Degree in computer science or closely related field and a minimum of 5 years of experience as an Identity and Access Management engineer. An equivalent combination of education and experience may be considered. Preferred Qualifications: Extensive experience in Identity and Access Management supporting SSO, OAuth, MFA, and API development Excellent interpersonal/communication skills, and the ability to work as part of a team. Proven track record leading and driving the delivery of large, complex IAM projects Strong experience with the Ping suite of IAM products, bonus points for Ping Government Identity Cloud experience Extensive experience with web authentication implementation such as SAML, OAuth, API-token, REST, etc…. Experience in directory services and directory structure, specifically using LDAP and/or PingDirectory Experience implementing RBAC and ABAC in complex enterprise environments Strong experience in identity federation design and implementation using standards like OIDC and SAML to manage user identities across disparate systems Experience with Automation and scripting (Python, etc…) for IAM tasks Working knowledge of cloud application architecture patterns and a thorough grasp of common products and managed services for at least one Cloud Service Provider (e.g. AWS) Working knowledge of Unix system fundamentals and common network protocols. Solid understanding of cloud computing networking concepts. Ability to proactively identify performance issues, problems, and areas for improvement. Ability to identify requirements and to define, plan, and implement requisite solutions. An understanding of code review and familiarity with tools like GitHub and GitLab Experience using tools such as Nagios, Grafana and Prometheus to monitor systems, metrics, and create dashboards. Special Requirement: This position requires the ability to obtain and maintain a federal public trust clearance from the U.S. government. As such, this position is a Workplace Substance Abuse program (WSAP) testing designed position which requires passing a pre-placement drug test and participation in an ongoing random drug testing program in which employees are subject to being randomly selected for testing. The occupant of this position will also be subject to an ongoing requirement to report to ORNL/AmSC any drug-related arrest or conviction or receipt of a positive drug test result.

Keywords: ITR, Cleveland , Senior IAM Engineer, IT / Software / Systems , Oak Ridge, Tennessee


Didn't find what you're looking for? Search again!

I'm looking for
in category
within


Log In or Create An Account

Get the latest Tennessee jobs by following @recnetTN on Twitter!

Cleveland RSS job feeds