Identity Services Engineer

Posting Title

Identity Services Engineer

Department Overview

The Identity Services team within the University of Virginia (UVA) Information Technology Services (ITS) designs, operates, and evolves the University's core identity and access management (IAM) ecosystem. These services provide the foundation for secure authentication, authorization, and access governance across UVA's academic, research, and administrative systems, supporting the University's mission of teaching, research, and public service.

Identity Services operates in a complex higher-education environment that emphasizes federated trust, shared governance, and community-driven standards. Our work aligns closely with Internet2 and InCommon best practices to deliver scalable, sustainable identity solutions.

Position Summary

The University of Virginia seeks an Identity Services Engineer to serve as a senior individual contributor within the Identity Services team. This role is critical to the secure operation, integration, and continuous improvement of UVA's enterprise IAM platforms.

The Identity Services Engineer provides deep, hands-on technical expertise across identity governance, authentication, authorization, and access lifecycle services. This position is well-suited for an experienced IAM practitioner who values technical ownership, operational excellence, and alignment with higher-education IAM architectures, without expectations of people management.

Responsibilities

Identity & Access Management Engineering

• Design, configure, customize, and support enterprise IAM platforms, including Grouper, Fischer Identity, Shibboleth Identity Provider, and Delinea PAM.
• Implement and maintain group- and attribute-based access models (RBAC, ABAC, PBAC) that support institutional policy, delegated administration, and least-privilege access.
• Serve as a senior technical contributor for Grouper, including attestation workflows, GSH templates, ABAC implementations, and integration patterns.
• Support identity governance and lifecycle processes using Fischer Identity, including integrations with authoritative sources and downstream systems.
• Operate and troubleshoot federated authentication and single sign-on services using SAML, OIDC, and OAuth2, aligned with InCommon trust frameworks.
• Integrate IAM services with LDAP registries, Active Directory, databases, and enterprise applications.

Security, Compliance, & Operations

• Support and integrate privileged access management workflows using Delinea.
• Diagnose and resolve complex IAM issues spanning directories, authentication flows, access policies, and application integrations.
• Contribute to secure-by-design IAM architectures that support regulatory and contractual requirements, including FERPA, HIPAA, PCI-DSS, and research data protections.

Collaboration & Service Integration

• Partner with application teams, infrastructure groups, and security stakeholders to onboard services and improve access consistency.
• Contribute to testing, change management, and promotion of updates across development, QA, and production environments.
• Maintain clear technical documentation for configurations, customizations, and operational procedures.
• Participate in a shared on-call rotation, supported by strong documentation and team practices.

Minimum Qualifications

• Five or more years of professional experience supporting or engineering identity and access management systems.
• Hands-on experience with one or more IAM platforms commonly used in higher education, such as Grouper, Shibboleth, Fischer Identity, or Microsoft Entra ID.
• Strong understanding of IAM concepts, including authentication, authorization, access lifecycle management, and identity governance.
• Experience working with LDAP directories and/or Active Directory in production environments.
• Proficiency with Linux-based systems and the ability to troubleshoot integrated, distributed services.

Preferred Qualifications

• Familiarity with the InCommon Trusted Access Platform (TAP) and community-driven IAM architectures, including meaningful hands-on experience with Grouper and Shibboleth.
• Experience operating federated identity services in a research or academic context.
• Experience integrating IAM platforms with ERP, LMS, research, or administrative systems.
• Exposure to containerized deployments such as Docker Swarm or Kubernetes.
• Experience with CI/CD pipelines or configuration-as-code approaches.
• Experience with privileged access management tools or workflows.
• Identity-related certifications (e.g., IDPro, IMI) or active participation in the higher-education IAM community.

Essential Skills

• Ability to independently analyze and resolve complex technical problems.
• Strong written and verbal communication skills, particularly for documenting systems and collaborating across teams.

Physical Demands

This role is primarily sedentary, involving extensive use of desktop computers.

Salary Range

Anticipated hiring range will be commensurate with education and experience.

Position Type & Work Location

This is a full-time, exempt position. The role may be eligible for a hybrid or remote work arrangement in accordance with University policy.

About UVA and the Community

The University of Virginia is a highly ranked public university with a strong culture of collaboration, innovation, and public service. Located in Charlottesville, UVA offers a rich academic environment, outstanding benefits, and access to a vibrant community with excellent quality of life. Learn more at https://www.virginia.edu and https://embarkcva.com.

Application Timeline

Review of applications will begin 1-28-26 and will continue until the position is filled.

Additional Requirements

This position may require completion of a background check. Visa sponsorship is not available for this position.

How to apply:

Please apply online through Online and search for R0079927. Complete the application and upload the following required materials:

Internal applicants may search and apply for jobs on the UVA Internal Careers website.

• Cover letter

• Resume

Please note that multiple documents can be uploaded in the "Resume" box. Applications that do not contain all required documents will not receive full consideration.

For questions about the position or the application process, please contact Bill Crane, Senior Recruiter, at Xer5ff@virginia.edu.

.

The University of Virginia is an equal opportunity employer. All interested persons are encouraged to apply, including veterans and individuals with disabilities. Click here to read more about UVA's commitment to non-discrimination and equal opportunity employment.