Federated Security Engineer - OIT

Discover Your Career at Emory University

Emory University is a leading research university that fosters excellence and attracts world-class talent to innovate today and prepare leaders for the future. We welcome candidates who can contribute to the excellence of our academic community.

Description

The Federated Security Engineer is a detail-oriented and proactive technical professional, with Identity and Access Management (IAM) expertise and a foundational experience in Cybersecurity as it relates to applications and secure access. This role focuses on managing and optimizing our central secure application access ecosystem, including onboarding/updating/offboarding applications, maintaining an up-to-date CMDB and application catalog, and supporting the integration of applications with our Single Sign-On (SSO) solution (Entra ID and Shibboleth IDP).

KEY RESPONSIBILITIES:

• Collaborates with the Cybersecurity and IAM teams to ensure secure onboarding and offboarding of applications into the SSO environment.

• Designs or consults on the application integration approach to enable secure access/SSO.

• Validates and maintains application integration configurations to meet cybersecurity and compliance requirements.

• Assists in developing and ensuring alignment of implementations or changes with access control policies and security standards.

• Supports audits and compliance reviews related to IAM and application integrations by facilitating responses via the proper SMEs.

• Maintains the CI's that relate to federated applications in the Configuration Management Database (CMDB), ensuring application records are accurate, complete, and current.

• Manages the application catalog to ensure all integrated applications are tracked with appropriate metadata (e.g., owners, contacts, technical details, integration type).

• Leverages ServiceNow to manage requests, incidents, and changes related to application integrations and IAM processes.

• Coordinates application onboarding and offboarding processes, including requirement gathering, integration configuration, testing, and documentation.

• Works with application owners to ensure smooth transitions during onboarding/offboarding.

• Maintains end-to-end lifecycle documentation for each application in scope.

• Creates and maintains detailed documentation for application integrations, onboarding/offboarding procedures, and CMDB updates.

• Gathers and analyzes enhancement requests from stakeholders, prioritizes them, and coordinates with technical teams for implementation.

• Identifies opportunities to streamline IAM-related processes and improve integration workflows.

• Assists in engineering modern applications that support the SSO integration intake process and application inventory.

• Troubleshoots, develops, and supports in multiple IDPs including Entra ID and Shibboleth IDP.

• Serves as On-Call rotation for IDP support as needed.

• Performs other related duties as required.

MINIMUM QUALIFICATIONS:

• A bachelor's degree in a scientific or math field and three years of related experience, OR an equivalent combination of education, training, and experience.

• Hands-on programming experience and/or non-trivial scripting in a robust programming language, including the ability to write clean, maintainable code to solve practical problems.

PREFERRED QUALIFICATIONS:

• Hands-on experience with ServiceNow, particularly CMDB and catalog management.

• Understanding of SSO technologies (e.g., SAML, OIDC, OAuth2, CAS, SCIM) and application integration principles

• Familiarity with provisioning/deprovisioning workflows in IAM platforms (Okta, Entra ID, Ping Identity, NetIQ, Saviynt, etc.)

• Experience with ITIL processes and change management in ServiceNow

• Experience with applicationsecuritybest practices and compliance frameworks (e.g., NIST, ISO 27001)

• RDBMs experience including proficiency in SQL and/or PLSQL

• Experience with low-code development platforms such as Power Platform

• Knowledge of data governance and asset management practices

• Familiarity whit Role-Based Access Control (RBAC) models

• Understanding of authentication concepts, including Multi-Factor Authentication (MFA), SSO, and Kerberos

NOTE: Tasks related to this position can be performed remotely with only occasional visits to an Emory University location. Eastern (EST) time zone business hours may apply. Emory reserves the right to change this status with notice to employee. Emory does not approve as a primary work location in the following states; NJ, AK, and HI, any U.S. Territories or outside of the United States.

Additional Details

Emory is an equal opportunity employer, and qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, protected veteran status or other characteristics protected by state or federal law. Emory University does not discriminate in admissions, educational programs, or employment, including recruitment, hiring, promotions, transfers, discipline, terminations, wage and salary administration, benefits, and training. Students, faculty, and staff are assured of participation in university programs and in the use of facilities without such discrimination. Emory University complies with Section 503 of the Rehabilitation Act of 1973, the Vietnam Era Veteran's Readjustment Assistance Act, and applicable executive orders, federal and state regulations regarding nondiscrimination, equal opportunity, and affirmative action (for protected veterans and individuals with disabilities). Inquiries regarding this policy should be directed to the Emory University Department of Equity and Civil Rights Compliance, 201 Dowman Drive, Administration Building, Atlanta, GA 30322. Telephone: View phone number on click.appcast.io (V) | View phone number on click.appcast.io (TDD).

Emory University is committed to ensuring equal access and providing reasonable accommodations to qualified individuals with disabilities upon request. To request this document in an alternate format or to seek a reasonable accommodation, please contact the Department of Accessibility Services View email address on click.appcast.io call View phone number on click.appcast.io (Voice) | View phone number on click.appcast.io (TDD). We kindly ask that requests be made at least seven business days in advance to allow adequate time for coordination.

Connect With Us!

Connect with us for general consideration!

Job Number 165147

Job Type Regular Full-Time

Division Office Information Technology

Department OIT: Enterprise IT Security

Job Category Information Technology

Campus Location (For Posting) : Location US-GA-Atlanta

Location : Name Emory Campus-Clifton Corridor

Remote Work Classification Full Remote - Monthly

Health and Safety Information Not Applicable