At the University of California, Berkeley, we are committed to creating a community that fosters equity of experience and opportunity, and ensures that students, faculty, and staff of all backgrounds feel safe, welcome and included. Our culture of openness, freedom and belonging make it a special place for students, faculty and staff.

The University of California, Berkeley, is one of the world's leading institutions of higher education, distinguished by its combination of internationally recognized academic and research excellence; the transformative opportunity it provides to a large and diverse student body; its public mission and commitment to equity and social justice; and its roots in the California experience, animated by such values as innovation, questioning the status quo, and respect for the environment and nature. Since its founding in 1868, Berkeley has fueled a perpetual renaissance, generating unparalleled intellectual, economic and social value in California, the United States and the world.

We are looking for equity-minded applicants who represent the full diversity of California and who demonstrate a sensitivity to and understanding of the diverse academic, socioeconomic, cultural, disability, gender identity, sexual orientation, and ethnic backgrounds present in our community. When you join the team at Berkeley, you can expect to be part of an inclusive, innovative and equity-focused community that approaches higher education as a matter of social justice that requires broad collaboration among faculty, staff, students and community partners. In deciding whether to apply for a position at Berkeley, you are strongly encouraged to consider whether your values align with our Guiding Values and Principles, our Principles of Community, and our Strategic Plan.

At UC Berkeley, we believe that learning is a fundamental part of working, and our goal is for everyone on the Berkeley campus to feel supported and equipped to realize their full potential. We actively support this by providing all of our staff employees with at least 80 hours (10 days) of paid time per year to engage in professional development activities. To find out more about how you can grow your career at UC Berkeley, visit grow.berkeley.edu.

Departmental Overview

Berkeley IT believes in and fosters a workplace environment where people can bring their diverse skills, perspectives and experiences toward achieving our goals through a process of critical inquiry, discovery, innovation, while simultaneously committing to making positive contributions towards the betterment of our world.

In addition, members of the Berkeley IT community have created and endorse the following values for our organization to augment and amplify the campus principles:

• We champion diversity.
• We act with integrity.
• We deliver.
• We innovate.

Diversity, Inclusion, and Belonging are more than just suggestions for us. They are the guiding principles underlying how we come together, develop leaders at all levels of the organization, and create an environment that unites us. We affirm the dignity of all individuals, call upon our leaders to address critical issues with integrity and intention, respect our differences as well as our commonalities, and strive to uphold a just community free from discrimination and hate.

Team Overview:

The Information Security Office (ISO) coordinates the risk management process for UC Berkeley's information systems and directs campus-wide efforts to adequately secure Institutional data. ISO is led by the Chief Information Security Officer and consists of seven areas: Information Security Policy, Information Security Operations, Information Security Development, Identity and Access Management, Information Security Assessments, Outreach and Engagement, and Service Management. This position is part of the Identity and Access Management Team.

This position will be a part of the CalNet Identity and Access Management team. The CalNet IAM team provides the campus with a centralized identity authentication and authorization system. Departments can use CalNet services to validate users to access applications, obtain authoritative information about users, and for public directory service and lookups.

Application Review Date

The First Review Date for this job is: Thursday, May 23, 2024

Responsibilities

System Design and Implementation:

• Defines, designs and implements systems, services and technology solutions, specifically technologies that manage the integration of identity data from multiple authoritative sources, user authentication and authorization for campus electronic resources, user account provisioning and de-provisioning, roles definition and assignment, and the delegated administration of these functions.
• Researches and implements systems, services and technology solutions to support the Identity and Access management systems and services.
• Implements system or device enhancements such as software, hardware and network configuration, updates and installations for projects or services of moderately complex scope.
• Manages service requests and incidents related to Identity and Access Management systems and services.

System Management:

• Manages Identity and Access Management systems including the installation, configuration, and patching of systems and software.
• Performs moderately complex analysis to acquire, install, modify and support operating systems, databases, utilities and Internet / intranet-related tools.
• Plans, designs and implements moderately complex system updates and rollouts.
• Manages centralized identity and access management campus wide interconnected servers or components of clusters for communication.

Scripting and Software Development:

• Writes and executes complex scripts and may write software in support of systems management, log analysis and other system administration duties for multiple integrated systems.
• Assists in implementing and maintaining various DevOps processes to automate systems management.
• Integrates data across systems and Database (DB) platforms.

Security Control:

• Works with campus customers to process requests for privileged access to identity data.
• Implements security controls to prevent malicious intrusion of campus identity management systems.

Professional Development and Training:

• Engages in continuous professional development and training to stay updated with evolving technologies and industry best practices.

Required Qualifications

• Ability to elicit and communicate technical and non-technical information in a clear and concise manner.
• Self-motivated and works independently and as part of a team. Demonstrates problem-solving skills. Able to learn effectively and meet deadlines.
• Understanding of and experience managing LDAP directory services and integration.
• Knowledge of security best practices (firewalls, certificates, etc.).
• Experience with Linux systems, particularly Redhat Enterprise Linux.
• Familiarity with web servers (preferably Tomcat), load balancers, firewalls, DNS.
• Ability to write technical documentation in a clear and concise manner.
• Understanding of system performance monitoring and actions that can be taken to improve or correct performance.
• Knowledge of the design, development and application of technology and systems to meet business needs.
• General knowledge of other areas of IT. Thorough understanding of and experience with systems-related issues and actions that can be taken to improve or correct performance.
• Demonstrated skills associated with adapting equipment and technology to serve user needs.
• Demonstrated comprehensive understanding of how system management actions affect other systems, system users and dependent / related functions.
• Demonstrated experience writing and editing complex scripts used to perform system maintenance and administration.
• Ability to write code in one or more of the following: Ruby, Java, Javascript, Python, and Groovy.
• Advanced knowledge of computer security best practices and policies including demonstrated experience securing server-based software.
• Knowledge necessary to design, set-up, operate, and correct malfunctions involving application of technology systems.
• Demonstrated commitment to the advancement of diversity, equity, inclusion, belonging, justice and accessibility.

Education/Training:

• Bachelor's Degree in related area and/or equivalent experience/training.

Preferred Qualifications

• Knowledge of Identity and Access Management practices and technologies.
• Experience with ForgeRock Directory Services.
• Experience with the Internet2 Trusted Access Platform, specifically Grouper and Shibboleth.
• Experience automating systems build and provisioning using tools such as Ansible, Terraform, and CloudFormation.
• Experience deploying containerized systems in a production environment.

Salary & Benefits

For information on the comprehensive benefits package offered by the University, please visit the University of California's Compensation & Benefits website.

Under California law, the University of California, Berkeley is required to provide a reasonable estimate of the compensation range for this role and should not offer a salary outside of the range posted in this job announcement. This range takes into account the wide range of factors that are considered in making compensation decisions including but not limited to experience, skills, knowledge, abilities, education, licensure and certifications, analysis of internal equity, and other business and organizational needs. It is not typical for an individual to be offered a salary at or near the top of the range for a position. Salary offers are determined based on final candidate qualifications and experience.

The budgeted salary or hourly range that the University reasonably expects to pay for this position is $98,000.00 - $122,000.00.

• This is a 100%, full-time (40 hours per week), career position that is eligible for full UC benefits.
• This position is exempt and paid monthly.
• This position is eligible for flexible, hybrid or fully-remote work (telecommuting) based on candidate availability and business needs.

How to Apply

To apply, please submit your resume and cover letter.

Conviction History Background

This is a designated position requiring fingerprinting and a background check due to the nature of the job responsibilities. Berkeley does hire people with conviction histories and reviews information received in the context of the job responsibilities. The University reserves the right to make employment contingent upon successful completion of the background check.

Other Information

This position is governed by the terms and conditions in the agreement for the Technical Unit (TX) between the University of California and the University Professional and Technical Employees (UPTE). The current bargaining agreement manual can be found at: http://ucnet.universityofcalifornia.edu/labor/bargaining-units/tx/index.html.

Equal Employment Opportunity

The University of California is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status. For more information about your rights as an applicant, please see the U.S. Equal Employment Opportunity Commission poster.

The University of California's Affirmative action policy.

The University of California's Anti-Discrimination policy.

This job is part of the Employee Referral Program. If a UC Berkeley employee is referring you, please ensure you select the Referral Source of "UCB Employee". Then enter the employee's Name and Berkeley email address in the Specific Referral Source field. Please enter only one name and email.