The Chicago Public Schools (CPS) has set ambitious goals to ensure that every childin every school and every neighborhoodhas access to a world-class learning experience from birth, resulting in graduation from high school college- and career-ready.
The Identity Management Engineer position is responsible for building, installing and configuring Identity Management, AD, ADFS, hardware, OS and software solutions. Working knowledge of Identity & Access Management principles, Active Directory Federation Services (ADFS), SAML 2.0 federation, and other information security and access control software is required. Experience administering complex, highly available Active Directory user environments required; familiarity with Google Apps is also preferred. Must be able to assess complex technical problems to develop, appraise and recommend short and long-term solutions. Working knowledge of Microsoft Hyper-V, Azure, and Microsoft System Center Suite is also preferred.
Working knowledge of Identity Automation's RapidIdentity suite of IAM tools is highly desired, as well as a strong working knowledge of bulk identity and account provisioning principles. The candidate should have completed multiple projects that fulfilled bulk user provisioning / access control requirements in an efficient and automated way. The ideal candidate is a self-starter able to drive tasks to completion independently, and able to pick up new skills as project requirements expand.
Taking direction from managers or team leads, working independently to complete server, group, user provisioning and support tasks.
Develop new identity provisioning workflows, modify / enhance existing identity provisioning workflows.
Assist in the integration of new and existing applications with Active Directory and SAML 2.0 federation authorization and authentication technologies.
Work with team members to provide cross-training on individual roles and responsibilities.
Participate in day-to-day server and account provisioning, using standard tools and established processes.
Respond to and resolve alerts generated by Server Infrastructure monitoring tools.
Work with application teams to resolve issues as relates to software installation on to servers managed by Infrastructure Server Team.
Participate in On-Call rotation, which includes 24/7 cell-phone/email support when on-call.
Troubleshoot and assist end users, as needed, to perform any remediation steps necessary when incidents occur, and when problem solutions are defined and require implementation.
Develop and maintain system engineering and operations documentation.
Interface closely with the Desktop, Server, InfoSec, and Network teams.
Align with ITIL Change, Incident, and Problem Management practices.
Assist with eDiscovery fulfillment in Relativity software suite as needed
Dimensions for the Job:Size or Magnitude
Identity Automation RapidIdentity Admin & Development50%
Active Directory/ADFS/SAML Administration/Support25%
G Suite Provisioning/Admin/Troubleshooting15%
Enterprise Application Administration/Support5%
Experience with identity provisioning and automation software is required. Equivalent experience with other products can be substituted for direct experience with Identity Automation's RapidIdentity suite of software; this experience ideally is with developing end-to-end identity provisioning solutions using out of the box or custom software, with an emphasis on creating appropriate scripts / applications to automate onboarding / reboarding / offboarding processes. Acceptable equivalent experience: Oracle OID, Salepoint, Dell One Identity, NetIQ, Microsoft Identity Manager, advanced Powershell / VB.NET scripting, etc.
Must have a strong working understanding of LDAP querying, Active Directory attributes, and SQL query building.
Excellent end-to-end troubleshooting skills are required.
Experience working with business partners, development teams, engineers and vendors designing large systems comprised of 500 servers in lab and production environments.
Excellent communication and organizational skills are required.
On-call support as part of a rotation schedule and carrying a cell phone are required. Occasional remote late-night maintenance is required.
Working knowledge of Windows Server Virtualization (specifically Hyper-V) is a plus.
BS in Computer Science or related discipline; or related work experience.
3 years of experience in complex large-scale Windows 2012 R2 Active Directory environment (10,000 users, 500 servers), or 5 years of experience in mid-sized environments (1000 users, 250 servers).
Proficiency with network, operating, email & directory systems (Exchange 2010, Windows 2003, 2008, 2012, 2016, Active Directory and LDAP).
Microsoft certifications such as MCP and MCSE are preferred.
Working knowledge of commonly used scripting languages for Windows is required (VB.NET, Powershell).
Strong working knowledge of Active Directory and SAML 2.0 / ADFS principles required.
Knowledge of industry best practices related to Windows security and server administration is preferred.
Excellent people skills: must enjoy working with people at all levels of the organization, be customer service focused and thrive in a fast paced environment.
Strong documentation and process development skills are required.
Strong experience working within large and complex technical environments.
As a condition of employment with the Chicago Public Schools (CPS), employees are required to live within the geographic boundaries of the City of Chicago within six months of his or her CPS hire date and maintain residency throughout their employment with the district.
Chicago Public Schools