Senior Security Development Engineer

A global higher education leader in innovative teaching, research and public service, the University of North Carolina at Chapel Hill consistently ranks as one of the nation's top public universities. Known for its beautiful campus, world-class medical care, commitment to the arts and top athletic programs, Carolina is an ideal place to teach, work and learn.

One of the best college towns and best places to live in the United States, Chapel Hill has diverse social, cultural, recreation and professional opportunities that span the campus and community.

University employees can choose from a wide range of professional training opportunities for career growth, skill development and lifelong learning and enjoy exclusive perks for numerous retail, restaurant and performing arts discounts, savings on local child care centers and special rates on select campus events. UNC-Chapel Hill offers full-time employees a comprehensive benefits package, paid leave, and a variety of health, life and retirement plans and additional programs that support a healthy work/life balance.

The Information Security & Identity Management division manages the University's Information Security Office and Identity Management. The Security Office is responsible for coordinating and ensuring that information security across the University is consistent with industry best practices and the University's compliance obligations. Identity Management (IdM) identifies individuals within an enterprise or group and defines and controls the access they have to information and resources within a computer network based on their roles and circumstances.

This position is a 100% remote work arrangement, consistent with System Office policy. UNC Chapel Hill employees are generally required to reside in North Carolina, within a reasonable commuting distance of their assigned duty station.

The Information Security Office coordinates the institution's response to cyber risk, operates critical organization-wide security controls, and reports on the state of the security program to University leadership and the Board of Trustees. The UNC-CH security program ensures the institution meets relevant cybersecurity legal, statutory, regulatory, and compliance obligations across all aspects of the University mission. Identity and Access Management ( IAM) is a part of the UNC-CH information security office.

Identity is the primary 'battleground' of cybersecurity worldwide. Reporting to the IAM Manager, the Senior Software Development Engineer is a core member of the team responsible for delivering the University's written five-year information security strategy. That strategy addresses a specific set of governance, policy, business process, technology, and change management failures that collectively define the University's current identity risk exposure. The central initiative within that strategy is the Authentication Modernization Initiative ( AMI): a top-down redesign of how the University manages credentials, enforces phishing-resistant authentication, and governs identity lifecycle across a highly distributed environment. This role carries two concurrent responsibilities: active participation in the design and implementation of AMI, and ownership and operation of the existing production identity environment throughout the transition. Both require a high level of independent judgment. This role collaborates directly with the IAM Architect and IAM Business Analyst to design, implement, and operationalize solutions, and with the Senior Operations Engineer to ensure the new environment is built on reliable, scalable operational practices.

Success in this role requires more than technical depth. The person in this role must be driven first by the security mission: identifying what the institution needs and delivering it, even when objectives are ambiguous or obstacles intervene. They must exercise sound independent judgment on system design and process, with an orientation toward simplicity and scalability rather than complexity. They must earn and sustain trust across a wide range of partners - technical and non-technical, within ISO and across the University - through honest, reliable, and accountable behavior. And they must demonstrate a bias for action: the ability to distinguish decisions that warrant careful analysis from those that warrant speed, and to act accordingly. The University is not looking for a person who maintains what exists. It is looking for a person who sees where identity security must go and helps drive the program there.

Master's and 1-2 years' experience; or Bachelors and 2-4 years' experience; or will accept a combination of related education and experience in substitution.

Substantial experience in identity and access management, including directory services, federation protocols, and authentication systems. Familiarity with technologies such as Kerberos, LDAP, Active Directory, Entra ID, SAML, or equivalent is expected. Experience with single sign-on platforms and multi-factor authentication is required.

Experience designing and implementing complex, production-grade systems in environments where failures have institution-wide consequences. The candidate must demonstrate a track record of sound independent judgment on architecture and operational design, not just implementation of designs provided by others.

Experience with modern software development practices including configuration management, peer review, and CI/CD pipelines. Proficiency in at least one structured programming language and experience with integration technologies such as REST, SOAP, SQL, or equivalent.

Demonstrated ownership orientation: a track record of identifying what an organization needs, taking responsibility for delivering it, and sustaining that delivery through obstacles and competing priorities without requiring close direction.

Demonstrated ability to earn and sustain trust across a wide range of partners, including non-technical stakeholders, by communicating with clarity and honesty about progress, risk, and problems - including when the news is unwelcome.

Demonstrated bias for action: the ability to distinguish decisions that require careful deliberation from those that require speed, and to act decisively in both cases.

Experience with Internet2 Trusted Access Platform solutions, including Shibboleth, COmanage, or equivalent federation and collaboration tools.

Experience contributing to or maintaining open-source projects relevant to identity and access management.

Experience operating in large, decentralized organizations where security standards must be enforced across distributed technology environments without centralized control of infrastructure.

Experience working in hybrid environments spanning Linux and Windows, including both native and containerized workloads (Docker, Kubernetes, or equivalent).

Experience in a regulated environment requiring compliance with federal security standards such as NIST 800-63, HIPAA, or CMMC.

The University is an equal opportunity employer and welcomes all to apply without regard to age, color, gender, gender expression, gender identity, genetic information, national origin, race, religion, sex, or sexual orientation. We encourage all qualified applicants to apply, including protected veterans and individuals with disabilities.