Senior IAM Engineer
Company: ITR
Location: Oak Ridge
Posted on: February 16, 2026
|
|
|
Job Description:
Job Description Job Description Sr Identity and Access
Management Engineer for American Science Cloud (AmSC) Experience
level: Senior Work location: remote Project Overview: American
Science Cloud - A Platform for Transformative Science AmSC is a
secure, federated, and science-optimized cloud environment that
integrates the DOE’s world-leading computing and experimental
facilities, data resources, and high-performance networks The AmSC
platform enables DOE scientists to create, access, and integrate
world-class AI-ready datasets, run scalable model training on
leadership-class systems, perform distributed simulations, control
instruments, and move data efficiently across sites. The project is
a multi-Lab and Public-Private Partnership endeavor, working in
tandem with the Models Consortium (ModCon) who will deploy
transformative AI models and services to the platform. Key DOE
capabilities, such as the Frontier (ORNL), Aurora (ANL), Perlmutter
(NERSC, at LBL), Energy Services Network (ESnet, at LBL), and the
High Performance Data Facility (HPDF, at JLab) will be directly
integrated, allowing multi-site workflows. The Team: As an Identity
and Access Management Engineer you will work within the L2
Infrastructure Services group of AmSC to support identity
management solution architecture, deployment and administration on
our multi-cloud central hub infrastructure. The AmSC identity
infrastructure supports teams from many different DOE labs and
locations deploying a variety of AI and HPC services both on prem
and in cloud environments. Your primary responsibilities will be to
design and build an Identity Management platform and federation hub
that promote collaboration within the AmSC, enabling researches to
seamlessly leverage AmSC infrastructure and services for their
projects. You will be one of the first full-time AmSC staff
members, and this presents a unique opportunity to build something
new and exciting. Major Duties/Responsibilities: Lead the
architecture, development and implementation of an Identity and
Access Management platform using the Ping suite of products
Contribute to workflow design, API development, and collaborate
with application developers and owners to establish robust
integrations Plan, execute and document application onboarding of a
diverse and growing application set Collaborate with IAM personnel
from other organizations to design, build and administer a
federation hub, allowing users to access resources at any
participating facility Build out and enable ABAC, RBAC, least
privilege access and other common IAM standards Deploy, configure
and support identity and access management services such as single
sign on (SSO), OAuth, MFA, zero trust, etc…. Lead incident
response, providing advanced troubleshooting and building out of
monitoring and alerting systems Define and implement define KPIs,
processes and drive continuous improvement. Participate in on-call
rotation providing 24-hour, 7-day support and off-hours maintenance
windows. Coordinate with vendors to resolve hardware and software
problems. Deliver AmSC’s mission by aligning behaviors, priorities,
and interactions with our core values of Impact, Integrity,
Teamwork, Safety, and Service. Promote diversity, equity,
inclusion, and accessibility by fostering a respectful workplace –
in how we treat one another, work together, and measure success.
Basic Qualifications: Bachelor’s Degree in computer science or
closely related field and a minimum of 5 years of experience as an
Identity and Access Management engineer. An equivalent combination
of education and experience may be considered. Preferred
Qualifications: Extensive experience in Identity and Access
Management supporting SSO, OAuth, MFA, and API development
Excellent interpersonal/communication skills, and the ability to
work as part of a team. Proven track record leading and driving the
delivery of large, complex IAM projects Strong experience with the
Ping suite of IAM products, bonus points for Ping Government
Identity Cloud experience Extensive experience with web
authentication implementation such as SAML, OAuth, API-token, REST,
etc…. Experience in directory services and directory structure,
specifically using LDAP and/or PingDirectory Experience
implementing RBAC and ABAC in complex enterprise environments
Strong experience in identity federation design and implementation
using standards like OIDC and SAML to manage user identities across
disparate systems Experience with Automation and scripting (Python,
etc…) for IAM tasks Working knowledge of cloud application
architecture patterns and a thorough grasp of common products and
managed services for at least one Cloud Service Provider (e.g. AWS)
Working knowledge of Unix system fundamentals and common network
protocols. Solid understanding of cloud computing networking
concepts. Ability to proactively identify performance issues,
problems, and areas for improvement. Ability to identify
requirements and to define, plan, and implement requisite
solutions. An understanding of code review and familiarity with
tools like GitHub and GitLab Experience using tools such as Nagios,
Grafana and Prometheus to monitor systems, metrics, and create
dashboards. Special Requirement: This position requires the ability
to obtain and maintain a federal public trust clearance from the
U.S. government. As such, this position is a Workplace Substance
Abuse program (WSAP) testing designed position which requires
passing a pre-placement drug test and participation in an ongoing
random drug testing program in which employees are subject to being
randomly selected for testing. The occupant of this position will
also be subject to an ongoing requirement to report to ORNL/AmSC
any drug-related arrest or conviction or receipt of a positive drug
test result.
Keywords: ITR, Cleveland , Senior IAM Engineer, IT / Software / Systems , Oak Ridge, Tennessee
