Cloud Engineer
Princeton University
- Princeton, NJ
- Permanent
- Full-time
- Interpret requirements, recommend solutions, configure software, and write code to manage and maintain secure cloud identity services.
- Develop, configure, maintain, and administrate enterprise cloud identity and security systems including Azure AD, single sign-on, multi-factor authentication, role- and attribute-based access controls, conditional access policies, secrets management, and others.
- Develop and maintain continuous integration/deployment pipelines, container orchestration, script-based automation, and software solutions to support cloud identity services and applications as required.
- Provide advice, consultation, training, and tooling to campus partners wishing to take advantage of the cloud identity services enumerated above.
- Serve as a primary subject matter expert for one or more of the following technologies:
- Microsoft Azure AD/Entra ID.
- Single Sign-On/Identity Federation services including saml2, Open ID Connect, OAuth, social login, and others.
- Conditional Access Policy configuration and management.
- Attribute-Base Access Control using groups.
- DevOps pipelines, Infrastructure-as-Code, secrets management, configuration management tools, container orchestration, and related technologies
- Scripting and automation
- Monitoring and alerting
- Migrate identity and access management use cases from legacy, on-premises applications/services into cloud services.
- Utilize continuous integration/deployment pipelines to manage software configurations, deploy and update applications, and deliver security patches to IAM applications in cloud services.
- Lead and sustain cultural change for agile DevSecOps practices including automated security testing, auditing, monitoring, attribute- and role-based access control, secrets management, and security by design.
- Mentor and coach team members to develop their knowledge and technical skills in cloud identity security, process automation, infrastructure as code, access management, and identity governance.
- Maintain and share knowledge of new and developing technologies and industry standards related to cloud migrations and operations, identity security, security operations, security engineering, software development security and others as required.
- Document code and configurations.
- Respond to requests and incidents raised in the IT Service Management system.
- Participate in after-hours on-call rotation.
- Ensure services and systems are reliably monitored for security and performance.
- Ensure compliance with asset, change, incident, and problem management policies.
- Acquire and maintain relevant certifications.
- Maintain knowledge of modern application development best practices.
- Keep pace with industry trends, new developments, and changing standards and requirements.
- 5 years of application, systems, or service development and operations experience, with at least 3 years of experience with cloud services including identity management. Preference given to MS Azure AD/Entra ID experience.
- Solid understanding of security best practices and related concepts such as the CIA triad, defense-in-depth, least privilege, etc.
- Ability to successfully lead implementation efforts and projects.
- Strong collaboration and teamwork in the pursuit of operational excellence.
- Interest in learning new and developing technologies and industry standards and sharing that knowledge with peers and stakeholders.
- Ability to interpret technical requirements and research, evaluate, and recommend technical solutions.
- Education: Bachelor’s degree, or equivalent related work experience.
- Experience designing and configuring infrastructure to meet application requirements.
- Security and vendor certifications such as Security+, CCSP, Microsoft AZ-500 or similar.
- Skill in leading training sessions, teaching new skills, and transferring knowledge to others.
- Familiarity with IT service management (ITIL certification preferred)
- In-depth scripting knowledge, preferably using PowerShell, Azure CLI, and/or Bicep.
- Experience with cloud development concepts such as container orchestration, Infrastructure as Code, source control, and/or integrated development environments.
- Excellent written and oral communication skills, including experience writing and maintaining documentation.
- Initiative and the ability to work with minimal supervision.
- Ability to share responsibility for off-hours service outage support.
- Experience with ITSM systems such as ServiceNow.