The Identity and Access Management (IAM) Privileged Access Management (PAM) Engineer will be responsible for the development, implementation, and maintenance of IAM solutions that align with the University’s security policies and requirements. This includes evaluating hosting platforms, configuration technologies, and ensuring consistency between production and non-production environments. This role will partner closely with the IAM Director, IAM Managers, Senior Engineers, Administrators, Analysts, various departments across the University, and external vendors to ensure that access and identity data are granted to users in a secure, compliant, and efficient manner. The IAM PAM Engineer is an important part of the Privileged Access Management (PAM) team and participates in designing, implementing, and maintaining the technical infrastructure that manages privileged accounts and access within UCSF. This role involves ensuring that privileged access is secure, monitored, and compliant with UCSF policies and regulatory requirements. The IAM PAM Engineer works with various PAM tools and technologies to safeguard critical systems and data from unauthorized access and potential security breaches.
The IAM PAM Engineer will positively impact the University of California, San Francisco’s (UCSF) operations and culture by protecting University stakeholders’ information and data in service of the institution’s academic, medical, and research mission. This team member will advance the University’s mission by delivering exceptional security service comprehensively and consistently across faculty, staff, and students. This role will execute UCSF’s vision while modeling UCSF’s culture and values.
The final salary and offer components are subject to additional approvals based on UC policy.
Your placement within the salary range is dependent on a number of factors including your work experience and internal equity within this position classification at UCSF. For positions that are represented by a labor union, placement within the salary range will be guided by the rules in the collective bargaining agreement.
The salary range for this position is $98,300 - $210,300 (Annual Rate).
To learn more about the benefits of working at UCSF, including total compensation, please visit: https://ucnet.universityofcalifornia.edu/compensation-and-benefits/index.html

DEPARTMENT DESCRIPTION

University of California, San Francisco (UCSF) is distinguished as a leading academic healthcare organization, home to groundbreaking discoveries, world-class education, and exceptional healthcare services. Infrastructure Services (IS) is the backbone of the technological infrastructure, assuring the technical services that enable the academic, medical, and research missions of the organization. Beyond a focus on maintaining systems and resolving issues, we are committed to nurturing the potential of our team members and empowering them to excel. UCSF Infrastructure Services provides 24x7 support to the University community, always upholding the highest level of responsiveness and reliability for our customers. IS values innovation and excellence in ensuring secure and efficient Information Technology (IT) services, regardless of the hour or complexity of the issue.
The Identity and Access Management (IAM) Services team within Infrastructure Services protects UCSF’s resources through access management, including accounts, authentication, access, and role-based provisioning at the enterprise level. This team implements rigorous regulation of UCSF data through granular access control and the auditing of all UCSF assets on the premises and in the cloud. By ensuring information security at UCSF, the IAM Services team enables the academic, medical, and research mission of UCSF.

REQUIRED QUALIFICATIONS

• Bachelor’s Degree or equivalent combination of experience/training in one or more of the following fields: cybersecurity, information technology, computer science, public administration, business administration, communications.
• 3+ years of experience working in one or more of the following fields: cybersecurity, computer science, computer information systems, etc.
• Experience with the implementation and integration of Identity and Access Management (IAM) systems and tools.
• Demonstrated skills applying security controls to computer software and hardware.
• Hands-on experience with directory services (e.g., Active Directory, Lightweight Directory Access Protocol (LDAP)), Privileged Access Management solutions (e.g., CyberArk, Beyond Trust, Delinea).
• Basic understanding of Linux, Windows Server Administration, and Unix servers.
• Knowledge of data encryption technologies and experience selecting and applying appropriate data encryption technologies.
• Proficient in scripting and programming languages (e.g., PowerShell, Python, Java) for automation and integration purposes.
• Experience in incident response and digital forensics including reporting.
• Strong written and verbal communication skills and ability to communicate technical information and ideas to a diverse community of colleagues and stakeholders.
• Ability to establish and advance positive working relationships and a strong rapport with team members, stakeholders, and customers.
• Strong organizational skills and ability to balance competing priorities and support concurrent projects. Experience working in a project-based environment using leading project management practices including schedule management, status reporting, and communication of project risks and issues.
• Demonstrated problem-solving skills; ability to scope solutions based on knowledge of available resources and timelines. Ability to ask questions, gather information, evaluate options, and make decisions with integrity.

PREFERRED QUALIFICATIONS

• Experience with the Delinea solutions is highly desired.
• One or more of the following certifications: CCNP Security, Cisco Certified Internetwork Expert (CCIE) Security, Offensive Security Certified Professional (OSCP), Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or equivalent
• Cisco Certified Internetwork Expert (CCIE) Security

Please refer the Job description for details