Our Enterprise Platforms and Infrastructure (EPI) Team is responsible for desktop and server infrastructure. This includes support for Laboratory-managed operating systems, enterprise backup, software distribution, and application offerings. The team also manages the Laboratory's central directory and authentication systems, as well as email, mobile, and desktop web conferencing solutions.
The Laboratory has a robust and evolving identity and authentication environment serving both on-premise and cloud IT systems. The position of identity support engineer is focused on the operational readiness and continued development of the Lab's directory and authentication systems to allow for new features and data elements. In addition, this position will engage on the organization's evolving authentication strategy including public key infrastructure and multi-factor authentication and Email integrity via S/MIME. The successful candidate will work across Laboratory IT teams to identify and address issues, help oversee change and problem resolution and work to plan new feature design, training and release including communications to Lab staff. Understanding and ensuring compliance with Laboratory and government regulations will be an important aspect of the work as well.
Expected qualifications for the position include:
Understanding Laboratory identity and authentication needs and foster effective communication and troubleshooting approach to address operational and project requests
Embrace creative thinking and technical change as part of researching planned changes to Lab identity environment and work to introduce new updates and features while maintaining the Lab's security best practices and data protections
Work to build relationships among IT peer teams by demonstrating principles of emotional intelligence and solid collaboration practices
An ability to work autonomously with appropriate guidance and report on progress at regular intervals
Create and deliver effective communications to the organization on technical and project-related topics
Critical thinking and analytical approach towards problem solving
Oversee status of both on premise and cloud-based identity and authentication infrastructure to ensure normal operational status. Includes working with peer IT teams from network, cyber and platforms as well as enterprise monitoring and system auditing to facilitate issue resolution.
Work with Lab security team(s) to ensure security compliance and risk / vulnerability management best practices associated with identity and authentication systems including maintaining operational and configuration documentation and ensuring identity systems are audit-ready.
Oversee and execute system upgrades and new feature deployment as required including adherence to all ITIL-best practices and communications to Lab staff
Facilitate identity-driven events for the Laboratory including new employee on-boarding, attribute changes and authentication for IT systems and staff
Provide monthly service reports and operational metrics to Leadership team
Supports 3rd tier incident escalations and ticket assignments
Solicit feedback from Lab staff on new identity and authentication feature requirements
Explore and facilitate evaluation of appropriate vendor solutions and/or provide estimates on work to be completed
Execute assigned project work and report status to project supervisors and stakeholders. Work expected to follow project-management best practices and include sufficient documentation
Communicate and educate Lab staff on new features, project status via written and/or presentations as required
This position is under general direction of the Enterprise Platforms & Identity Sector Manager
This position will require regular interaction with external software vendors, technical support services and customer account managers. Primary internal interactions will be peer support staff including systems engineers and administrators, client support staff and end users and senior staff.
Bachelor's Degree in Computer Science or applicable field, or seven years of equivalent relevant work experience
Strong knowledge of enterprise directories including Microsoft Active Directory, Microsoft Azure Active Directory and NetIQ / LDAP
Experience with identity management including attributes, connectivity to additional directories for selected updates, password / credential management and cloud-based federation / directory sync / updates
Familiarity with Microsoft authentication and federation protocols required including on premise Active Directory Kerberos, Azure Active Directory WS-Trust / WS-Federation and AD Connect
Understanding of Active Directory group policy, account and group management
Familiarity with multi-factor authentication including smart cards, FIDO2 tokens
Knowledge of Public Key Infrastructure and PKI features like S/MIME
Experience with Windows 10, macOS and Apple iOS platforms
Knowledge of key scripting technologies include PowerShell
Understanding of securing platforms to NIST 800-53 / 800-171 controls
Knowledge of project management and ITIL fundamentals
Excellent verbal and written communication skills
Strong interpersonal skills, organizational and time management skills
7 years' experience working with identity, directory management including both on premise and cloud-based systems
Must be a US Citizen and have the ability to obtain and maintain a Government Security Clearance.
This position is expected to participate in on-call rotation and occasional after-hours work as needed.
Selected candidate will be subject to a pre-employment background investigation and must be able to obtain and maintain a Secret level DoD security clearance.
MIT Lincoln Laboratory is an Equal Employment Opportunity (EEO) employer. All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, veteran status, disability status, or genetic information; U.S. citizenship is required.