Job DescriptionWe have an opening for an
Access Management (AM) Administrator to support both PingAM and Active Directory Federated Services (ADFS) access management solutions in a private cloud environment. This role is responsible for maintaining the existing PingAM stack while assisting with the integration and adoption of ADFS as the new solution. Collaboration with cross-functional teams will be essential to implement and support identity and access management solutions, contribute to the modernization of infrastructure, and address technical challenges as they arise. This position is in the IT Solutions (ITS) Division within the Computing Directorate, supporting the NNSA Enterprise Secure Network (ESN) program.
This position may offer a hybrid schedule, which includes the flexibility to work from home one or more days per week, after a probationary period. The specifics of the hybrid schedule, including the exact number of days required in the office and virtual work options, may vary based on the needs of the team and the organization.
This position will be filled at either level based on knowledge and related experience as assessed by the hiring team. Additional job responsibilities (outlined below) will be assigned if hired at the higher level.
You will- Design, implement, and maintain tailored Access Management solutions using PingAM and ADFS.
- Collaborate with cross-site teams to integrate PingAM and ADFS into diverse systems and applications, leveraging expertise in SAML, OAuth2 and OIDC.
- Develop and implement strategies for single sign-on (SSO) and access management.
- Ensure high availability and disaster recovery capabilities for PingAM Services
- Leverage orchestration/automation utilities (e.g. Gitlab, Amster, Ansible, etc.) to standardize configurations, support patching, and support upgrades across multiple sites.
- Provide systems administration support in both Linux and Windows environments, ensuring proper security compliance, patch level, and adherence to our configuration management standards.
- Enforce security and systems administration policy requirements such as vulnerability remediation, and system build standards.
- Perform other duties as assigned.
Additional job responsibilities, at the SES.2 level - Manage multiple advanced parallel tasks and priorities of customers and stakeholders to ensure deadlines are met, while leveraging other team members' skills.
- Apply technical expertise to solve complex technical problems and develop solutions using judgment in determining methods, techniques, and evaluation criteria.
- Develop tools and procedures to facilitate automation efforts as well as cross-platform/environment monitoring solutions both on-premise and using various cloud providers.
Qualifications- Ability to secure and maintain a U.S. DOE Q-level security clearance which requires U.S. citizenship.
- Bachelor's degree in Computer Science, or related field; or the equivalent combination of education and related work experience.
- Fundamental experience in operationally managing application authentication software such as PingAM, PingDS or ADFS
- Basic understanding of software security fundamentals such as SSL certificates, group-based access control, role-based access control, firewalls & network security.
- Experience administering Linux and Windows operating systems using command line tools, including performing routine system wellness checks, accessing remote servers, reviewing error logs, and basic troubleshooting.
- Fundamental experience with authentication and authorization protocols (SAML2, OIDC, OAuth2).
- Strong analytical skills for troubleshooting and analyzing complex systems and networks.
- Excellent verbal and written communication skills necessary to effectively collaborate in a team environment and present and explain technical information.
Additional qualifications at the SES.2 level- Broad experience in operationally managing application authentication software, ensuring compliance with stringent Support Level Agreements that demand high availability.
- Comprehensive knowledge of access management services and Linux or Windows operating systems administration. This includes tasks such as layered product installation and configuration, performance tuning, networking, security policy enforcement, troubleshooting, monitoring, backup/archiving, and hardware management.
- Broad experience with cloud providers such as Amazon Web Services, Azure or Google Cloud Platform. Proficient understanding of topics such as virtual private clouds, scalability, high availability, containerization, and orchestration tools.
Pay RangePay Range
$121,830 - $185,544 Annually
$121,830 - $154,500 Annually for the SES.1 level
$146,340 - $185,544 Annually for the SES.2 level
This is the lowest to highest salary we in good faith believe we would pay for this role at the time of this posting; pay will not be below any applicable local minimum wage. An employee's position within the salary range will be based on several factors including, but not limited to, specific competencies, relevant education, qualifications, certifications, experience, skills, seniority, geographic location, performance, and business or organizational needs.
Additional Information#LI-Hybrid
Position InformationThis is a Career Indefinite position, open to Lab employees and external candidates.
