National Marrow Donor Program - NMDP

Title: Senior Systems Engineer Location: United States Department: Data Center Services Job Description: Description POSITION SUMMARY: The Senior Systems Engineer provides senior technical leadership across two core areas: Identity & Access Management (IAM) and IT Productivity & Collaboration services. The position designs, implements, administers, and supports Identity Governance & Administration (IGA) and enterprise identity services (directory services, SSO/federation, MFA/conditional access alignment, and privileged access) using Okta, Active Directory, and Microsoft Entra. As a Senior Systems Engineer you will identity lifecycle processes (joiner/mover/leaver; provisioning and deprovisioning) and implement access models, policies, and governance that strengthen authentication/authorization, enable least-privilege access, and reduce identity-based risk. In addition, the position serves as technical owner for Microsoft 365 (Teams, SharePoint/OneDrive, Exchange Online) and key adjacent SaaS platforms, delivering secure and reliable operations through monitoring, incident/problem management and on-call participation, change/ITSM execution, and continuous improvement. The Senior role leads application onboarding and integrations, supports audits, access reviews, penetration testing and vulnerability remediation with evidence and corrective actions, delivers migrations and modernization efforts, manages vendor/licensing optimization and escalations, and maintains documentation, runbooks, and knowledge transfer to ensure sustainable support and a strong employee experience. Our team has a solid local presence so local, MN based candidates with easy access to our World Headquarters in downtown Minneapolis are preferred. ACCOUNTABILITIES: Engineering solutions, design, and administration: • Design, implement, and maintain IAM/IGA capabilities (directory services, SSO/federation, and privileged access) using Okta, Active Directory, and Microsoft Entra to deliver secure, reliable access. • Lead discovery and solution delivery for IAM initiatives (requirements, design, build, testing, and rollout); evaluate options and recommend best-fit approaches with internal teams and vendors. • Automate identity lifecycle (joiner/mover/leaver; provisioning/deprovisioning) and related administration using scripting and modern tooling to reduce manual effort and risk. • Define and enforce access governance (RBAC/ABAC), policies, workflows, and secure access patterns (SSO/MFA/conditional access alignment and least-privilege role design), including periodic access reviews. • Support security and compliance by remediating identity-related vulnerabilities and supporting audits, penetration tests, and access reviews with evidence, reporting, and corrective actions. • Onboard and integrate applications and platforms (SaaS and Microsoft 365) using standards-based connectors/integrations; partner with application owners to validate requirements, data flows, and security controls. • Own and administer Microsoft 365 and collaboration services (Teams, SharePoint/OneDrive, Exchange Online) and adjacent SaaS tools, including hybrid identity/access integrations and roadmap execution. • Operate and improve services through monitoring, dashboards/alerts, incident and problem management (RCA/post-incident reviews), and on-call participation; troubleshoot authentication/authorization/provisioning issues to restore service. • Plan, test, and deliver changes using NMDP change management and ITSM practices; validate outcomes and transition to steady-state support. • Create and maintain documentation and enablement (standards, runbooks, procedures, and knowledge articles); support tiered support and knowledge transfer with Service Desk/L2. • Support privileged access practices using approved vaulting and secrets management (e.g., Delinea Secret Server) for administrative accounts, service accounts, and automation credentials. • Partner with Procurement/Vendor Management on renewals, licensing optimization, and vendor escalations; identify cost-saving opportunities through usage analysis and right-sizing. • Evaluate and adopt new features and products (including collaboration AI capabilities) via pilots, guardrails, and measured rollouts. • Other duties as assigned. REQUIRED QUALIFICATIONS: Knowledge of: • IAM/IGA concepts and practices, including identity lifecycle (joiner/mover/leaver), provisioning/deprovisioning, and access recertification. • Identity standards and protocols (SAML, OAuth/OIDC, SCIM) and how they are used for SSO/federation and application integrations. • Okta, Active Directory, and Microsoft Entra ID administration and configuration concepts (tenant/directory structure, groups, app assignments, conditional access/access policies). • Privileged access management principles and controls (least privilege, role-based access, privileged roles/accounts, access request/approval workflows). • Security and compliance practices related to identity services, including logging/monitoring, vulnerability remediation, audit evidence collection, and access reviews. • Enterprise IT operations practices (incident/problem management, change control) and creating/supporting technical documentation such as procedures and runbooks. Ability to: • Demonstrate strong interpersonal and organizational skills, demonstrated success in working both independently and in a team environment. • Demonstrate above-average written and oral communication skills. • Demonstrate strong analytical and creative problem solving, and the ability to manage multiple and rapidly changing priorities. • Work effectively both independently and collaboratively across technical and non-technical teams. • Communicate clearly in writing and verbally, including translating technical concepts for varied audiences. • Analyze complex issues, solve problems systematically, and manage multiple priorities in a fast-changing environment. • Hands-on experience with the relevant technologies and solutions for fulfilling the activities in the accountabilities section. Education and/or Experience: • Bachelor’s degree in computer science, Management Information Systems, Computer Science, Information Security or related field (or equivalent related experience and/or education). • Minimum of five or more years of experience in engineering and supporting solutions in a heterogeneous enterprise IT environment. PREFERRED QUALIFICATIONS: (Additional qualifications that may make a person even more effective in the role, but are not required for consideration) • Modern Workplace/Automation: Defines and completes project tasks, including scripting, related to workplace automation, leveraging Intune, SharePoint (including migrations), Viva, PowerApps, Power Automate, Microsoft Power Platform, etc. • Strong experience with Okta tenant configuration and core components (policies, claims, scopes, access policies) beyond day-to-day administration. • Experience partnering with application developers and using Okta APIs to automate integrations and workflows. • Experience with log management and reporting tools (e.g., Varonis, Okta reporting) for monitoring and investigation. #LI-DNI

Platform Engineer - Hybrid, Minneapolis United States (Remote) Job Description POSITION SUMMARY The Platform engineer will perform duties on application and web environments and help with the automation, support, and strategy of NMDP’s emerging cloud and DevOps practices. This position also participates in a 24/7 production support rotation with an emphasis on system reliability and excellent customer service. We have preference for candidates local to the Twin Cities with easy access to meet on site at our World Headquarters in Downtown Minneapolis. ACCOUNTABILITIES NMDP Application, integration, and web server architecture and administration: - Leads life cycle efforts to analyze requirements, design, evaluate, automate, and implement new middleware technologies and services. This includes working closely with IT development teams, users as well as vendors to define, implement, and maintain the best business solution. - Drives operational efficiency by automating manual processes across supported applications. - Architects, installs, configures, monitors and upgrades cloud and on-prem application and web server infrastructure. Provides daily administration duties for the application environments including support for developer tools. - Monitors system performance, usage trends, and upcoming projects to do performance tuning and capacity planning. - Ensure proper security infrastructure and configuration are in place and maintained. COTS (Commercial Off the Shelf) System Administration, support, and troubleshooting: - Administer security and configuration settings within COTS software as appropriate. - Support the installation and configuration of COTS environments and applications. - Design, Coordinate, Perform and implement COTS upgrades and new releases. Support and Troubleshooting: - Troubleshoots and provides service for support requests, incidents, and problems. - Works with team members to improve overall support initiatives. - Provides 24x7 on-call support for supported system problems. - Other duties as assigned. REQUIRED QUALIFICATIONS Knowledge of: - Experience with Kubernetes. - Experience working with cloud integration platforms – API Gateway, SQS and Amazon MQ. - Experience with observability platforms such as Dynatrace, CloudWatch, Datadog and Splunk. - Experience with enhanced monitoring capabilities such as open telemetry, distributed tracing, and log monitoring. - Experience designing, implementing, or operating AI agents or agent-based automation solutions in production environments. - Supporting and configuring Windows, Unix/Linux, and Java. - Familiar with cloud and on-prem Database platforms such as PostgreSQL, RDS, Oracle or MS SQL. - Familiarity and experience working with CI/CD pipelines. - Scripting technologies - PowerShell, Ansible, Git and Puppet. - Experience with APM or Infrastructure monitoring platforms. - Experience in middleware integration technologies - IIS, Tomcat, WebLogic, WebSphere, IBM MQ, WSO2 or MuleSoft. - Knowledge of authentication and authorization protocols (OAuth, JWT). - Understanding of Databases, network, storage, virtual environments, and containerized applications. Ability to: - Excellent written and verbal communication skills. - Deliver automation solutions and infrastructure as code. - Strong interpersonal and organizational skills. Experience evaluating, installing, and supporting development environments and tools. - Demonstrate success in working both independently and in a team environment. - Demonstrate strong analytical and creative problem solving. Education and/or Experience: - Bachelor’s degree in computer science, Management Information Systems, or related field. Equivalent related experience and/or education may be substituted for degree requirement. - Two or more years' work experience in a position with general Platform system administration and/or COTS administration and support. #LI-DNI Benefits and Compensation NMDP offers regular, full-time employees medical, dental, vision, life and disability, accident/critical illness/hospital, well-being, legal, identity theft and pet benefits. Retirement, paid time off/holidays, leave and incentive plans are also offered to eligible employees. Please reference this link for more information: NMDP Benefit Information Job Info - Job Identification1911 - Job CategoryInformation Technology - Apply Before06/19/2026, 01:00 AM - Job ScheduleFull time - Driver PolicyNo - Professional LicensureNo - Salary Range Minimum$90,000 - Salary Range Maximum$115,000 - Average Number of Hours Worked per Week40 - Domestic Travel RequiredNo All qualified applicants will receive consideration for employment without regard to, among other grounds, race, color, religion, sex, national origin, sexual orientation, age, gender identity, protected veteran status or status as an individual with a disability.