Identity Management Engineer

Job title: Identity Management Engineer

Company: Berkeley Lab

Job description: Lawrence Berkeley National Laboratory’s (LBNL) Information Technology Division is hiring for an experienced Identity Management Engineer. As a member of the IT Collaboration Services Group, this position will provide support for Berkeley Lab’s institutional Identity Management Service (IDM). This includes monitoring, developing, documenting, and maintaining the performance of complex systems and creating scripts and applications to support operation. This position will work with our existing IDM architect and other members of the Collaboration Services Group and apply wide-ranging expertise to help build our capabilities to enable enterprise security and scientific collaboration using a combination of tools and technologies. Day to day responsibilities will include helping manage systems and services from our own on-premises infrastructure; operating our growing array of cloud services, including IaaS, PaaS, and SaaS solutions; and working with scientific and enterprise groups across the Laboratory to implement identity solutions for their services.

What You Will Do:

  • Keep existing software, services, and operating systems up-to-date and running with high availability. Our systems provide access to and support virtually every business and collaboration system at the Laboratory, including our financial, HR, and Google Workspace services.
  • Collaborate with members of the Laboratory community directly and with their vendors to integrate our identities with their applications.
  • Develop, enhance, and customize custom-developed and third-party software used in our environment.
  • Continue the migration of our existing application base from standalone processes and Docker containers to container orchestration solutions.
  • Work with the cybersecurity team to ensure that our identity solutions are enhancing the security of Laboratory systems and services.
  • Evangelize identity management services throughout the Laboratory community by demonstrating technical competence in these areas and providing excellent customer service.
  • Participate in the conception, planning, implementation, and support of new services and capabilities.
  • Provide tier II support for LBNL’s Google Workspace services by interfacing with Google support for technical issue resolution.
  • Work on and resolve complex issues where analysis of situations or data requires an in-depth evaluation of variable factors.
  • Determine methods and procedures on new assignments and may coordinate activities of other personnel.

What is Required:

  • Bachelor’s degree and a minimum of 8 years of related experience or an equivalent combination of education and experience.
  • Wide-ranging expertise integrating diverse information/directory systems with homegrown solutions; well-versed in scripting from whole-cloth as well as extending existing solutions.
  • Experience with the deployment and support of web servers and web services, such as Apache httpd, Apache Tomcat, Jetty, and NodeJS with Express.
  • Hands-on experience with web single sign-on solutions, especially SAML and OpenID Connect, with specific experience with the Shibboleth Identity Provider.
  • Broad exposure to programming languages in a DevOps setting, including Javascript/NodeJS, Perl, Python, Java and Go.
  • Knowledge and experience with directory services such as OpenLDAP and Active Directory.
  • Understanding of multifactor authentication with OATH OTP tokens, U2F/WebAuthn/FIDO2, and PKI/smart cards.
  • Deep understanding of web protocols, especially web session handling.
  • Working knowledge of relational database management systems such as Oracle, MS SQL Server, and MySQL.
  • Ability to network and collaborate with key contacts outside your own area of expertise.
  • Excellent troubleshooting skills with the ability to work on and resolve complex technical issues in creative and effective ways.

Desired Qualifications:

  • Advanced degree in electronics Engineering, Computer Science, Computer Systems Technology, or a related field.
  • Previous experience in a research environment or a customer service delivery organization desirable.


  • This is a full-time career appointment, exempt (monthly paid) from overtime pay.
  • This position may be subject to a background check. Any convictions will be evaluated to determine if they directly relate to the responsibilities and requirements of the position. Having a conviction history will not automatically disqualify an applicant from being considered for employment.
  • Work will be primarily performed at Lawrence Berkeley National Lab, 1 Cyclotron Road, Berkeley, CA.

Equal Employment Opportunity: Berkeley Lab is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, age, or protected veteran status. Berkeley Lab is in compliance with the under 41 CFR 60-1.4. Click to view the poster and supplement: “Equal Employment Opportunity is the Law.”

Expected salary:

Location: California

Job date: Fri, 14 May 2021 00:28:47 GMT

Apply for the job now!

Leave a Reply

Your email address will not be published. Required fields are marked *