Pacific Gas & Electric Company Principal Identity Access Management Engineer in San Francisco, California
Requisition ID # 23385
Job Category : Engineering / Science; Information Technology
Job Level : Manager/Principal
Business Unit: Gas Operations
Job Location : San Francisco
Based in San Francisco, Pacific Gas and Electric Company, a subsidiary of PG&E Corporation (NYSE:PCG), is one of the largest combined natural gas and electric utilities in the United States.And we deliver some of the nation's cleanest energy to our customers in Northern and Central California. For PG&E, Together, Building a Better California is not just a slogan.It's the very core of our mission and the scale by which we measure our success. We know that the nearly 16 million people who do business with our company count on our more than 24,000 employees for far more than the delivery of utility services.They, along with every citizen of the state we call home, also expect PG&E to help improve their quality of life, the economic vitality of their communities, and the prospect for a better future fueled by clean, safe, reliable and affordable energy.
Pacific Gas and Electric Company is an Affirmative Action and Equal Employment Opportunity employer that actively pursues and hires a diverse workforce. All qualified applicants will receive consideration for employment without regard to race, color,national origin, ancestry, sex, age, religion, physical or mental disability status, medical condition, protected veteran status, marital status, pregnancy, sexual orientation, gender, gender identity, gender expression, genetic informationor any other factor that is not related to the job.
The Cybersecurity team enables PG&E to achieve its mission by providing governance, oversight, and support of operational resiliency and asset safeguards in a relevant, timely and data-driven manner. The Cybersecurity team consists of security professionals in their chosen disciplines working together, to review the current cyber threat landscape and lend our expertise to help the company understand its security posture and act on the highest priority risks. The Cybersecurity team takes a proactive approach to security by focusing on the cyber risks PG&E faces. Our methodology and framework synthesize current legal, regulatory, and operating mandates with PG&E’s business goals and operations. By taking this information and focusing on the cyber risks unique to individual Lines of Business (LOB), Cybersecurity helps PG&E’s LOBs make informed decisions about where to invest their resources.
The Identity Access Management (IAM) Principal Engineer is responsible for installation, integration and deployment of IAM solutions within the PG&E Cybersecurity IAM team. The IAM Principal Engineer requires a strong understanding of Identity Access Management (IAM), and Identity Access Governance (IAG) products and implementation methodologies. The IAM Principal Engineer is expected to have strong technical and soft skills, must be a proven self-starter with the ability to problem-solve, communicate, participate in diverse project teams from a technical perspective, interface effectively with our internal Cybersecurity teams and LOB customers, vendor partners, and colleagues.
BA/BS degree in Computer Science, Engineering, Business or related degree or equivalent experience
10 years of IT engineering design and/or technical project implementation, and leadership experience
Experience with multi-tier enterprise technology environments
MA/MS degree preferred
Project Management IT experience
Experience managing senior/expert level IT staff
Expert level understanding, in one or more core business areas of a utility, of how technology plays a key enabler/support role
Expert level understanding and implementation experience, in multiple core business areas of a utility, within process design, information modeling or system architecture
Expert understanding of the operations engineering discipline, processes, concepts and best Practices
Web Access Management: Experience with Single-Sign-On tools similar to SecureAuth, Siiteminder, PingAccess, PingFederate, ForgeRock
Integration experience with SAML, OpenID Connect, Oauth
Expertise in developing integration APIs and web services (RESTful/SOAP)
Integration experience with Multi Factor Authentication
User directories: Understanding of LDAP, Virtual Directory Services, and Active Directory
Privileged Access Management: Understanding of PAM tools
Identity Access Governance: Tools such as Saviynt or Sailpoint, or OIM
Monitoring: Tools such as Splunk, and SEIM platforms
Scripting/automation experience using PowerShell, VBScript, python, or bash
Web application server knowledge (e.g. IIS, WebLogic, or Tomcat)
Understanding of secure software development practices - AppSec
Agile development experience
Understanding of authentication and authorization tools and technologies
Exposure to DevOps, Continuous Integration and Continuous Delivery experience
Design SSO integration patterns and then work with our partners and customers to implement these delivery patterns.
Design, integrate, develop, configure, release, maintain, and support enterprise Identity & Access Management (IAM) solutions & capabilities.
Provide software development & database skills in the delivery of sophisticated identity management solutions (both COTS and custom-built) that enable both employees and external clients to access systems and data while maintaining the principle of least privilege, using a combination of coding, scripting, integration, and platform customization – including system upgrades, installation, and performance tuning.
Partner with Internal Audit and Compliance teams to develop and help to mature IAM security policies, metrics and reporting.
Demonstrate exceptional analytical problem-solving skills including the ability to perform root cause analysis, troubleshooting, and system support.
Provide timely, concise, and situationally appropriate status on deployment and app integration work.
Work on automation and scripting to enable self-service environments and processes where practical.
Author technical documentation, including: infrastructure topology, system design, workflows, data flows/mapping, implementation steps, and user/system support.
Develop and deliver technical training designed to enable and educate the IAM team peers, Cyber consulting teams, support and application teams.