Access Management Administrator

We have an opening for an Access Management (AM) Administrator to support both PingAM and Active Directory Federated Services (ADFS) access management solutions in a private cloud environment. This role is responsible for maintaining the existing PingAM stack while assisting with the integration and adoption of ADFS as the new solution. Collaboration with cross-functional teams will be essential to implement and support identity and access management solutions contribute to the modernization of infrastructure and address technical challenges as they arise. This position is in the IT Solutions (ITS) Division within the Computing Directorate supporting the NNSA Enterprise Secure Network (ESN) program.

This position may offer a hybrid schedule which includes the flexibility to work from home one or more days per week after a probationary period. The specifics of the hybrid schedule including the exact number of days required in the office and virtual work options may vary based on the needs of the team and the organization.

This position will be filled at either level based on knowledge and related experience as assessed by the hiring team. Additional job responsibilities (outlined below) will be assigned if hired at the higher level.

You will

• Design implement and maintain tailored Access Management solutions using PingAM and ADFS.
• Collaborate with cross-site teams to integrate PingAM and ADFS into diverse systems and applications leveraging expertise in SAML OAuth2 and OIDC.
• Develop and implement strategies for single sign-on (SSO) and access management.
• Ensure high availability and disaster recovery capabilities for PingAM Services
• Leverage orchestration/automation utilities (e.g. Gitlab Amster Ansible etc.) to standardize configurations support patching and support upgrades across multiple sites.
• Provide systems administration support in both Linux and Windows environments ensuring proper security compliance patch level and adherence to our configuration management standards.
• Enforce security and systems administration policy requirements such as vulnerability remediation and system build standards.
• Perform other duties as assigned.

Additional job responsibilities at the SES.2 level 

• Manage multiple advanced parallel tasks and priorities of customers and stakeholders to ensure deadlines are met while leveraging other team members skills.
• Apply technical expertise to solve complex technical problems and develop solutions using judgment in determining methods techniques and evaluation criteria.
• Develop tools and procedures to facilitate automation efforts as well as cross-platform/environment monitoring solutions both on-premise and using various cloud providers.

Qualifications :

• Ability to secure and maintain a U.S. DOE Q-level security clearance which requires U.S. citizenship. 
• Bachelors degree in Computer Science or related field; or the equivalent combination of education and related work experience.
• Fundamental experience in operationally managing application authentication software such as PingAM PingDS or ADFS
• Basic understanding of software security fundamentals such as SSL certificates group-based access control role-based access control firewalls & network security.
• Experience administering Linux and Windows operating systems using command line tools including performing routine system wellness checks accessing remote servers reviewing error logs and basic troubleshooting.
• Fundamental experience with authentication and authorization protocols (SAML2 OIDC OAuth2).
• Strong analytical skills for troubleshooting and analyzing complex systems and networks.
• Excellent verbal and written communication skills necessary to effectively collaborate in a team environment and present and explain technical information.

Additional qualifications at the SES.2 level

• Broad experience in operationally managing application authentication software ensuring compliance with stringent Support Level Agreements that demand high availability.
• Comprehensive knowledge of access management services and Linux or Windows operating systems administration. This includes tasks such as layered product installation and configuration performance tuning networking security policy enforcement troubleshooting monitoring backup/archiving and hardware management.
• Broad experience with cloud providers such as Amazon Web Services Azure or Google Cloud Platform. Proficient understanding of topics such as virtual private clouds scalability high availability containerization and orchestration tools.

Pay Range

Pay Range

$121830 - $185544 Annually

$121830 - $154500 Annually for the SES.1 level

$146340 - $185544 Annually for the SES.2 level

This is the lowest to highest salary we in good faith believe we would pay for this role at the time of this posting; pay will not be below any applicable local minimum wage.  An employees position within the salary range will be based on several factors including but not limited to specific competencies relevant education qualifications certifications experience skills seniority geographic location performance and business or organizational needs.

Additional Information :

#LI-Hybrid

Position Information

This is a Career Indefinite position open to Lab employees and external candidates.

Why Lawrence Livermore National Laboratory

• Included in 2026 Best Places to Work by Glassdoor!
• Flexible Benefits Package
• 401(k)
• Relocation Assistance
• Education Reimbursement Program
• Flexible schedules (*depending on project needs)
• Our values - visit  Clearance

  This position requires a Department of Energy (DOE) Q-level clearance.  If you are selected we will initiate a Federal background investigation to determine if you meet eligibility requirements for access to classified information or matter. Also all L or Q cleared employees are subject to random drug testing.  Q-level clearance requires U.S. citizenship. 

  Pre-Employment Drug Test

  External applicant(s) selected for this position must pass a post-offer pre-employment drug test. This includes testing for use of marijuana as Federal Law applies to us as a Federal Contractor.

  Wireless and Medical Devices

  Per the Department of Energy (DOE) Lawrence Livermore National Laboratory must meet certain restrictions with the use and/or possession of mobile devices in Limited Areas. Depending on your job duties you may be required to work in a Limited Area where you are not permitted to have a personal and/or laboratory mobile device in your possession.  This includes but not limited to cell phones tablets fitness devices wireless headphones and other Bluetooth/wireless enabled devices.  

  If you use a medical device which pairs with a mobile device you must still follow the rules concerning the mobile device in individual sections within Limited Areas.  Sensitive Compartmented Information Facilities require separate approval. Hearing aids without wireless capabilities or wireless that has been disabled are allowed in Limited Areas Secure Space and Transit/Buffer Space within buildings.

  How to identify fake job advertisements

  Please be aware of recruitment scams where people or entities are misusing the name of Lawrence Livermore National Laboratory (LLNL) to post fake job advertisements. LLNL never extends an offer without a personal interview and will never charge a fee for joining our company. All current job openings are displayed on the Career Page under Find Your Job of our website. If you have encountered a job posting or have been approached with a job offer that you suspect may be fraudulent we strongly recommend you do not respond.

  To learn more about recruitment scams:  Employment Opportunity

  We are an equal opportunity employer that is committed to providing all with a work environment free of discrimination and harassment. All qualified applicants will receive consideration for employment without regard to race color religion marital status national origin ancestry sex sexual orientation gender identity disability medical condition pregnancy protected veteran status age citizenship or any other characteristic protected by applicable laws.

  Reasonable Accommodation

  Our goal is to create an accessible and inclusive experience for all candidates applying and interviewing at the Laboratory.  If you need a reasonable accommodation during the application or the recruiting process please use our online form to submit a request. 

  California Privacy Notice

  The California Consumer Privacy Act (CCPA) grants privacy rights to all California residents. The law also entitles job applicants employees and non-employee workers to be notified of what personal information LLNL collects and for what purpose. The Employee Privacy Notice can be accessed here.

  
  

  Remote Work :

  No

  
  

  Employment Type :

  Full-time