Cloud Engineer

Princeton University

  • Princeton, NJ
  • Permanent
  • Full-time
  • 1 month ago
OverviewAre you looking for a job with a mission you can believe in? Does learning, applying, and sharing new information security skills excite you? Does a work culture based on collaboration and collegiality sound appealing? Princeton University is looking for you!The Cloud Identity Engineer will develop, deploy, and operate cloud identity security services in support of the mission of Princeton University. Under the direction of the Associate Director for Identity and Access Management, the Engineer will help evaluate, implement, and configure cloud-based solutions for identity security services including account lifecycle management, authentication and authorization, conditional access, zero-trust enforcement, identity governance, and access management. The Engineer will collaborate with campus partners to develop and implement solutions intended to secure the data and intellectual property of the University and to protect the security and privacy of faculty, staff, students, and affiliates. The Engineer will work with IAM team members, application developers, system administrators, and cloud engineers to implement secure and cost-effective designs. The Engineer will help produce standard, repeatable, and auditable processes. The Engineer will investigate new technologies and standards and will make recommendations on their adoption. The Engineer will document processes, policies, and technical designs so that coworkers clearly understand how to operate and support cloud identity services. The Engineer will conduct troubleshooting, incident response, and customer service activities as required.ResponsibilitiesCloud Identity Engineering:
  • Interpret requirements, recommend solutions, configure software, and write code to manage and maintain secure cloud identity services.
  • Develop, configure, maintain, and administrate enterprise cloud identity and security systems including Azure AD, single sign-on, multi-factor authentication, role- and attribute-based access controls, conditional access policies, secrets management, and others.
  • Develop and maintain continuous integration/deployment pipelines, container orchestration, script-based automation, and software solutions to support cloud identity services and applications as required.
  • Provide advice, consultation, training, and tooling to campus partners wishing to take advantage of the cloud identity services enumerated above.
Operations Engineering:
  • Serve as a primary subject matter expert for one or more of the following technologies:
  • Microsoft Azure AD/Entra ID.
  • Single Sign-On/Identity Federation services including saml2, Open ID Connect, OAuth, social login, and others.
  • Conditional Access Policy configuration and management.
  • Attribute-Base Access Control using groups.
  • DevOps pipelines, Infrastructure-as-Code, secrets management, configuration management tools, container orchestration, and related technologies
  • Scripting and automation
  • Monitoring and alerting
  • Migrate identity and access management use cases from legacy, on-premises applications/services into cloud services.
  • Utilize continuous integration/deployment pipelines to manage software configurations, deploy and update applications, and deliver security patches to IAM applications in cloud services.
DevSecOps Strategy and Adoption:
  • Lead and sustain cultural change for agile DevSecOps practices including automated security testing, auditing, monitoring, attribute- and role-based access control, secrets management, and security by design.
Mentoring and Knowledge Sharing:
  • Mentor and coach team members to develop their knowledge and technical skills in cloud identity security, process automation, infrastructure as code, access management, and identity governance.
  • Maintain and share knowledge of new and developing technologies and industry standards related to cloud migrations and operations, identity security, security operations, security engineering, software development security and others as required.
Operational Support:
  • Document code and configurations.
  • Respond to requests and incidents raised in the IT Service Management system.
  • Participate in after-hours on-call rotation.
  • Ensure services and systems are reliably monitored for security and performance.
  • Ensure compliance with asset, change, incident, and problem management policies.
Professional Development:
  • Acquire and maintain relevant certifications.
  • Maintain knowledge of modern application development best practices.
  • Keep pace with industry trends, new developments, and changing standards and requirements.
QualificationsEssential Qualifications
  • 5 years of application, systems, or service development and operations experience, with at least 3 years of experience with cloud services including identity management. Preference given to MS Azure AD/Entra ID experience.
  • Solid understanding of security best practices and related concepts such as the CIA triad, defense-in-depth, least privilege, etc.
  • Ability to successfully lead implementation efforts and projects.
  • Strong collaboration and teamwork in the pursuit of operational excellence.
  • Interest in learning new and developing technologies and industry standards and sharing that knowledge with peers and stakeholders.
  • Ability to interpret technical requirements and research, evaluate, and recommend technical solutions.
  • Education: Bachelor’s degree, or equivalent related work experience.
Preferred Qualifications
  • Experience designing and configuring infrastructure to meet application requirements.
  • Security and vendor certifications such as Security+, CCSP, Microsoft AZ-500 or similar.
  • Skill in leading training sessions, teaching new skills, and transferring knowledge to others.
  • Familiarity with IT service management (ITIL certification preferred)
  • In-depth scripting knowledge, preferably using PowerShell, Azure CLI, and/or Bicep.
  • Experience with cloud development concepts such as container orchestration, Infrastructure as Code, source control, and/or integrated development environments.
  • Excellent written and oral communication skills, including experience writing and maintaining documentation.
  • Initiative and the ability to work with minimal supervision.
  • Ability to share responsibility for off-hours service outage support.
  • Experience with ITSM systems such as ServiceNow.
Princeton University is an and all qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity or expression, national origin, disability status, protected veteran status, or any other characteristic protected by law.Standard Weekly Hours36.25Eligible for OvertimeNoBenefits EligibleYesProbationary Period180 daysEssential Services Personnel (see policy for detail)NoPhysical Capacity Exam RequiredNoValid Driver's License RequiredNoExperience LevelMid-Senior Level#Ll-DP1

Princeton University