Principal Identity Access Management Engineer
San Francisco, CA

Job Description

Requisition ID # 23385

Job Category : Engineering / Science; Information Technology

Job Level : Manager/Principal

Business Unit: Gas Operations

Job Location : San Francisco

Company

Based in San Francisco, Pacific Gas and Electric Company, a subsidiary of PG&E Corporation (NYSE:PCG), is one of the largest combined natural gas and electric utilities in the United States.And we deliver some of the nation's cleanest energy to our customers in Northern and Central California. For PG&E, Together, Building a Better California is not just a slogan.It's the very core of our mission and the scale by which we measure our success. We know that the nearly 16 million people who do business with our company count on our more than 24,000 employees for far more than the delivery of utility services.They, along with every citizen of the state we call home, also expect PG&E to help improve their quality of life, the economic vitality of their communities, and the prospect for a better future fueled by clean, safe, reliable and affordable energy.

Pacific Gas and Electric Company is an Affirmative Action and Equal Employment Opportunity employer that actively pursues and hires a diverse workforce. All qualified applicants will receive consideration for employment without regard to race, color,national origin, ancestry, sex, age, religion, physical or mental disability status, medical condition, protected veteran status, marital status, pregnancy, sexual orientation, gender, gender identity, gender expression, genetic informationor any other factor that is not related to the job.

Department Summary

The Cybersecurity team enables PG&E to achieve its mission by providing governance, oversight, and support of operational resiliency and asset safeguards in a relevant, timely and data-driven manner. The Cybersecurity team consists of security professionals in their chosen disciplines working together, to review the current cyber threat landscape and lend our expertise to help the company understand its security posture and act on the highest priority risks. The Cybersecurity team takes a proactive approach to security by focusing on the cyber risks PG&E faces. Our methodology and framework synthesize current legal, regulatory, and operating mandates with PG&E's business goals and operations. By taking this information and focusing on the cyber risks unique to individual Lines of Business (LOB), Cybersecurity helps PG&E's LOBs make informed decisions about where to invest their resources.

Position Summary

The Identity Access Management (IAM) Principal Engineer is responsible for installation, integration and deployment of IAM solutions within the PG&E Cybersecurity IAM team. The IAM Principal Engineer requires a strong understanding of Identity Access Management (IAM), and Identity Access Governance (IAG) products and implementation methodologies. The IAM Principal Engineer is expected to have strong technical and soft skills, must be a proven self-starter with the ability to problem-solve, communicate, participate in diverse project teams from a technical perspective, interface effectively with our internal Cybersecurity teams and LOB customers, vendor partners, and colleagues.

Qualifications

Minimum:

* BA/BS degree in Computer Science, Engineering, Business or related degree or equivalent experience
* 10 years of IT engineering design and/or technical project implementation, and leadership experience
* Experience with multi-tier enterprise technology environments

Desired:

* MA/MS degree preferred
* Project Management IT experience
* Experience managing senior/expert level IT staff
* Expert level understanding, in one or more core business areas of a utility, of how technology plays a key enabler/support role
* Expert level understanding and implementation experience, in multiple core business areas of a utility, within process design, information modeling or system architecture
* Expert understanding of the operations engineering discipline, processes, concepts and best

Practices



Technical Qualifications

* Web Access Management: Experience with Single-Sign-On tools similar to SecureAuth, Siiteminder, PingAccess, PingFederate, ForgeRock
* Integration experience with SAML, OpenID Connect, Oauth
* Expertise in developing integration APIs and web services (RESTful/SOAP)
* Integration experience with Multi Factor Authentication
* User directories: Understanding of LDAP, Virtual Directory Services, and Active Directory
* Privileged Access Management: Understanding of PAM tools
* Identity Access Governance: Tools such as Saviynt or Sailpoint, or OIM
* Monitoring: Tools such as Splunk, and SEIM platforms
* Scripting/automation experience using PowerShell, VBScript, python, or bash
* Web application server knowledge (e.g. IIS, WebLogic, or Tomcat)
* Understanding of secure software development practices - AppSec
* Agile development experience
* Understanding of authentication and authorization tools and technologies
* Exposure to DevOps, Continuous Integration and Continuous Delivery experience

Job Responsibilities

* Design SSO integration patterns and then work with our partners and customers to implement these delivery patterns.
* Design, integrate, develop, configure, release, maintain, and support enterprise Identity & Access Management (IAM) solutions & capabilities.
* Provide software development & database skills in the delivery of sophisticated identity management solutions (both COTS and custom-built) that enable both employees and external clients to access systems and data while maintaining the principle of least privilege, using a combination of coding, scripting, integration, and platform customization - including system upgrades, installation, and performance tuning.
* Partner with Internal Audit and Compliance teams to develop and help to mature IAM security policies, metrics and reporting.
* Demonstrate exceptional analytical problem-solving skills including the ability to perform root cause analysis, troubleshooting, and system support.
* Provide timely, concise, and situationally appropriate status on deployment and app integration work.
* Work on automation and scripting to enable self-service environments and processes where practical.
* Author technical documentation, including: infrastructure topology, system design, workflows, data flows/mapping, implementation steps, and user/system support.
* Develop and deliver technical training designed to enable and educate the IAM team peers, Cyber consulting teams, support and application teams.