Identity Management Analyst (Analyst/Programmer - Expert) - Information Technology Services (506297)

  • Cal State University (CSU) San Francisco
  • San Francisco, California
  • Dec 01, 2022
Full Time Administrative Analysis and Research Information Technology and Communication Services

Job Description


Working Title

Identity Management Specialist

SF State University

San Francisco State is an Equal Opportunity Employer and does not discriminate against persons on the basis of race, religion, color, ancestry, age, disability, genetic information, gender, gender identity, gender expression, marital status, medical condition, National origin, sex, sexual orientation, covered veteran status, or any other protected status. Reasonable accommodations will be provided for qualified applicants with disabilities who self-disclose by contacting the Senior Human Resources Manager.

Applicants may visit for more information on SF State's policy prohibiting discrimination, and how to file an online report using the procedures under Executive Order 1096 Revised. Inquiries can be directed to the campus Title IX Coordinator and Discrimination, Harassment, and Retaliation Administrator by calling (415) 338-2032 or emailing

San Francisco State is a 100% Smoke/Vapor-Free Campus. Smoking or Vaping of any tobacco/plant-based substance is not permitted on any University properties.

The person holding this position may be considered a "mandated reporter" under the California Child Abuse and Neglect Reporting Act and is required to comply with the requirements set forth in CSU Executive Order 1083 as a condition of employment.

This position may be a "designated position" in the California State University's Conflict of Interest Code. The successful candidate accepting this position may be required to file Conflict of Interest forms subject to the regulations of the Fair Political Practices Commission.


Information Technology Services

Appointment Type

This is a one-year probationary position.

Time Base

Full-Time (1.0)

Work Schedule

Monday through Friday; from 8:00am to 5:00pm

Anticipated Hiring Range

$7,916.00 - $9,584.00 Per Month ($94,992.00 - $115,008.00 Annually)

Salary is commensurate with experience.

Position Summary

The incumbent, reporting to the Director of Systems Services, and working under the direction s and in close collaboration with the Identity Management Lead, as well as following guidance of SF State Information Security, serves as a expert-level Analyst in the Accounts team. The incumbent is handling day-to-day operational tasks; such as: access provisioning and de-provisioning, access management business analysis, and maintaining compliance for centralized identity and access management functions. Additionally, the incumbent participates in design and implementation of new and improved processes, as well as tools and technologies that add automation, improve efficiency, enhance user experience. The incumbent participates in required access management audits, and ensures compliance with security policies and practice directives for various SF State assets and their related access requirements. Because this position requires a high-level of privileged access, the incumbent must possess a high-level of accountability.

Position Information

Accounts operations for users provisioning and access management in PeopleSoft, Active directory, middleware, and other services
  • Manage user accounts and directory information requests for additions, changes/corrections and removals
  • Manage password resets, user locks/unlocks, and administer multi-factor authentication technologies
  • Process and troubleshoot user access requests including capturing necessary authorizations and approvals
  • Manage user request for accounts setup and roles provisioning, de-provisioning in Campus Solutions, CFS
  • Perform accounts and access revokation when users’ roles change or the user is no longer affiliated with the organization
  • Manage Active Directory groups and user attributes as necessary to control user access
  • Manage access control groups, object level access, and necessary approvals for transactions
  • Maintain audit trail records for changes
  • Manage access approvals and records through the Service Management Tool such as ServiceNow
  • Manage the service request workflow for the request routing to the appropriate teams
  • Effectively communicate with customers and peers
  • Maintain compliance with CSU and SF State security policies and practice directives
  • Maintain the concept of least privilege and escalate discrepancies for proper resolution

Processes development, improvement, and automation
  • Gather necessary business requirements for accounts creation and access provisioning processes
  • Document processes and workflows with visual representation
  • Continually review existing processes for gaps and areas for improvement
  • Develop automation for repetitive and time sensitive processes, and to eliminate human error factor
  • Design, implement and maintain programmatic integrations for user provisioning and access management
  • Design, implement and maintain tools for user self-service
  • Develop automated processes for access revocation and access reporting
  • Participate in Identity and Access Management related projects

Other duties as Assigned.

Minimum Qualifications

To enter this classification, a basic foundation of knowledge and skills in operating systems programs, maintenance and systems administration features is a prerequisite. This foundation would normally be obtained through a bachelor’s degree, preferably in computer science, mathematics, or related technical fields, or equivalent technical training and/or experience. Foundation knowledge and skills for the Operating Systems Analyst include a working knowledge of the assigned computer operating systems, systems analysis, and systems-level programming.

Incumbents at the expert level work almost completely independently on the most complex problems and work assignments. They possess an advanced and comprehensive knowledge of the technical specialty and working knowledge of related specialties and are able to apply this extensive expertise as a generalist or specialist. Experts are proactive and understand problems from broad, interactive perspective and are able to develop solutions that combine information and ideas in new, unprecedented ways. Incumbents at this level are capable of leading teams and implementation efforts for assigned projects using advanced communication and listening skills

Preferred Qualifications

  • Education: Bachelor’s degree in Computer Science, Engineering or related technical field.

Work Experience:
  • Minimum of three years of operational experience with Enterprise level Identity and Access Management in production environment
  • Minimum of three years of experience in design, implementation, automation and ongoing support of the processes and tools for user accounts provisioning and administration, and Access Management
  • Experience supporting Federated SSO (Single Sign On) such as Shibboleth, Okta, ADFS, or others
  • Experience working in a trusted role, with a focus on confidentiality

Technical skills and expertise:
  • Solid understanding of the core of the Identity and Access Management principles and concepts, such as, but not limited to:
    • Authentication and Authorization, including multi-factor
    • User Lifecyle Management
    • Best practices such as Principle of Least Privilege .
    • Mandatory, Discretionary and Role-Based access models, and ability to apply them in practice
  • Solid coding skill in Java programming language
  • Proficiency in at least one common scripting language - Python, PowerShell, or other
  • Proficiency in SQL (Oracle Preferred)
  • Solid knowledge of Active Directory and/or LDAP accounts and group management for the purpose of access controls
  • Knowledge of PeopleSoft (or comparable ERP) system for accounts provisioning, de-provisioning and role/access management
  • Desire and ability to automate repetitive processes in a scalable and sustainable way

Soft skills:
  • Passion to understand, learn, and dissect new technologies quickly on your own .
  • Strong analytical and problem-solving skills
  • Demonstrated ability to analyze and resolve multi-faceted technology problems
  • Excellent interpersonal and customer communication skills
  • Ability to effectively work in a team and independently
  • Ability to work under pressure and maintain positive demeanor

Preferred certifications and specialized technical experience:
  • Certified Identity and Access Manager (CIAM)
  • Familiarity with Change Management and ITIL
  • Experience with Oracle Identity Manager
  • Possession of a professional security certification, such as: CISSP, GIAC-GISP
  • DevOps experience


Some work outside of business hours would be required to provide systems maintenance. The incumbent will be required to be available by cell phone and may be called after work hours to response to critical service outages.

Pre-Employment Requirements

This position requires the successful completion of a background check.

Eligibility to Work

Applicants must be able to provide proof of US Citizenship or authorization to work in the United States, within three business days from their date of hire.


Threaded through our Total Compensation package is a commitment to Bridging Life's Transitions. SF State is committed to providing our employees with a comprehensive program that rewards efforts that are appreciated by your colleagues, students and the customers we serve.

We offer a competitive compensation package that includes Medical, Dental, Vision, Pension, 401k, Healthcare Savings Account, Life Insurance, Disability Insurance, Vacation and Sick Leave as well as State Holidays and a dynamic Fee Waiver program, all geared towards the University's commitment to attract, motivate and retain our employee.

Employment Requirement

CSU requires faculty, staff, and students who are accessing campus facilities to be immunized against COVID-19 or declare a medical or religious exemption from doing so. Any candidates advanced in a currently open search process should be prepared to comply with this requirement. The systemwide policy can be found at and questions may be sent to .

CSUEU Position

Eligible and qualified on-campus applicants, currently in bargaining units 2, 5, 7, and 9 are given hiring preference.

Additional Information


The Human Resources office is open Mondays through Fridays from 8 a.m. to 5 p.m., and can be reached at (415) 338-1872.

Please note that this position, position requirements, application deadline and/or any other component of this position is subject to change or cancellation at any time.
Closing Date/Time: Open until filled

Job Address

San Francisco, California 94132 United States View Map