| The University of Washington (UW) is proud to be one of the nation's premier educational and research institutions. Our people are the most important asset in our pursuit of achieving excellence in education, research, and community service. Our staff not only enjoys outstanding benefits and professional growth opportunities, but also an environment noted for diversity, community involvement, intellectual excitement, artistic pursuits, and natural beauty. |
UW-IT has an outstanding full time opportunity for an Identity and Access Management Architect.
UW-IT is seeking an Identity and Access Management (IAM) Architect to help shape the future of digital identity at the University and beyond. The evolution of digital identity presents many opportunities and challenges to institutions like the UW that discover and distribute knowledge. Identity services are critical to the operations of the University, enabling convenient and safe access to online resources by students, faculty, staff, clinicians, researchers, and their collaborators around the world. Identity services are also critical to the strategic direction of education and research, both within our community and across society at large. Scholars and researchers need digital identities that express their scholarly attributes, as well as claims about related work, publications, degrees, credentials, competencies, and other achievements. We need an architect who can collaborate with us and our stakeholders to ensure that identity services enable access today, while promoting confidence, choice, and innovation within the education and research community into the future.
Our IAM team is a sought-after partner on many strategic projects and initiatives within our local community and beyond. Yet we have opportunities to help small teams and many individuals on a daily basis. We are committed to:
Customer service, clear communication, and user-centered design
Teamwork, transparency, self-motivation, and individual accountability
A collaborative workplace that promotes cross-disciplinary interaction
Agility, responsiveness, and iterative means of delivering strategic value sooner
Self-directed time for learning, innovation, and professional development
Effective use of tools and processes to free people to do what they do best
A healthy work/life balance, where our best work happens in 40-hour work weeks
Our team consists of skilled IT professionals dedicated to the use of technology in ways that support the public mission of the University and make it a trustworthy institution to its members, as well as partners in identity federations like InCommon and eduGAIN. We strive to understand the complexities of identity, privacy, trust, and security, and how these concepts intersect with society, technology, and policy. We help our customers apply IAM solutions in ways that improve teaching, learning, research, and community service. Our IAM Architect position is critical to our team's vision: trusted online identities enriched with the attributes of the UW.
By applying for this position you are telling us that:
Your understanding and curiosity about digital identities is matched by your passion to help others use them.
You believe in open engagement, dialog, and clear communication as the foundations to effective partnerships.
You are driven to understand others and ask yourself questions like "What are their needs?" and "What are they trying to do?"
Your decisions are guided by vision, informed by data and process, and driven by a desire to make things work better.
You are motivated to work in higher education, at a public institution, and, more specifically, at the UW.
The IAM Architect leads our architecture practices and aligns our architecture vision with our principles and service goals. These practices include: developing criteria and consensus on how we measure strategic architecture value; overseeing the research, evaluation, selection, and evolution of IAM protocols and technologies in our environment; and collaborating with software engineers, technical and functional leads, and other stakeholders to design and deliver IAM services to our customers. Community outreach and collaboration is fundamental to this position. The IAM Architect will share and validate plans with the UW community and with peers in the wider IAM community, providing input and leadership to advance open standards development and the sourcing of software solutions that support education and research.
DAY IN THE LIFE
Collaborate with teammates on a UML sequence diagram that illustrates how we might add RFC7662 Token Introspection to our OAuth infrastructure.
Join an InCommon Working Group conference call to discuss operating practices on coordinated responses to federated security incidents.
Reflect on a draft specification on OpenID Connect Federation, and contribute to related email list discussion.
Visit the eScience Institute on campus to learn how an open science project relies on federated identities and ORCID identifiers.
Review "strategy on a page" documents with other architects and discuss implications on future-state architecture.
Instant message with a developer to clarify API documentation for linking institutional identities with social identities.
Update wiki documentation describing principles behind the adoption of open vs proprietary protocols.
Bachelor's degree in Computer Science, Systems Analysis, Information Management, or related field, or equivalent experience.
Minimum work experience:
Minimum of five years experience performing progressively more complex tasks and responsibilities participating in or leading IAM architecture and design activities to inform strategy development, technology selection, implementation projects, operations, and workforce planning.
Ability to clearly communicate the capabilities, functions, and processes of enterprise IAM programs (e.g. identity registration, credential management, provisioning, authentication, access governance).
Demonstrated expertise with open interoperable technical standards (e.g. SAML, OpenID Connect) used for federated authentication, multi-party federation metadata management, and identity assurance.
Demonstrated expertise designing service interfaces (preferably REST APIs) and applying technical standards (e.g. OAuth) to enable and protect API access while meeting enterprise architecture, security, and privacy needs.
Experience with IAM requirements for cloud-based services, including strategies, trust models, and open standards (e.g. SAML, OAuth, SCIM) used to improve manageability, access governance, provisioning, information security, and privacy.
Ability to analyze alternative architectures and service designs and communicate their potential strategic and tactical benefits and risks in terms of business and architecture value.
Ability to remain unbiased toward specific vendors, other service providers, and sources of technology, advocating for business and architecture value over personal background and preferences.
Excellent interpersonal skills in areas such as collaboration, teamwork, facilitation, and negotiation.
Effective leadership skills for building consensus and fostering relationships in diverse stakeholder communities.
Excellent written and verbal communication skills.
Excellent analytical ability.
Equivalent education/experience will substitute for all minimum qualifications except when there are legal requirements, such as a license/certification/registration. Familiarity with IAM initiatives, architectures, solutions, technologies, and standards developed in and for the research and education community (e.g. Internet2 TIER, InCommon, eduGAIN, Shibboleth, Grouper, eduPerson, eduroam, REFEDS, ORCID).
Experience designing and building IAM solutions that integrate applications and other services with IAM services, align IAM processes with business processes, and identify required governance and policy needs for campus and federated use cases. Experience with standards development processes and bodies, particularly open standards bodies and other groups developing standards related to digital identity (e.g. IETF, Kantara, OIDF, OASIS, FIDO, IDESG, W3C).
Experience with access control modeling methodologies (e.g. RBAC, ABAC), authorization policy management, and risk-based methods of access lifecycle management for applications and data.
Familiarity with existing architectures for user authentication and SSO for native mobile applications, and an ability to evaluate emerging solutions to improve privacy, security, and user experience.
Familiarity with national and international initiatives, groups, and projects (e.g. NSTIC, IDESG, InCommon, REFEDS, OIX) working to improve the security, privacy, and convenience of online transactions involving trusted digital identities.
Familiarity working with privacy professionals to ensure practices (such as privacy impact assessments) exist to identify privacy obligations and to include privacy-sensitive thinking in IAM solutions and architectures.
Experience operating and maintaining IAM infrastructure, leading or participating in their day-to-day operations and maintenance, as well as monitoring, reporting, and auditing technical, security, and business activities.
Experience estimating the financial cost of alternative technical architectures and solutions.
Experience developing and applying enterprise architecture principles and practices.
Knowledge of or experience applying IT service management practices (e.g. ITIL) to strategy and design.
Experience applying master data management principles and practices.
Ability to manage multiple priorities and ambiguous timelines, working independently, with minimal supervision.
Experience in a major research University setting.