Responsibilities:
The candidate shall provide support for the ICAM Unit that includes, but is not limited to, the following tasks:
- Lead the development of an ICAM strategy.
- Provide research support for—and lead modernization efforts in the areas of—identity governance and access, identity and access management, and privileged access management.
- Apply knowledge of OMB M-22-09, HSPD-12, NIST guidelines, and other relevant mandates to ensure that solutions meet all applicable standards.
- Provide technical expertise related to identity, authentication, authorization, credentialing, device signals, analytics, and identity management solutions establishing a master user record (MUR) in support of the complete user identity lifecycle.
- Plan, design, test, and implement phishing-resistant multifactor authentication methods for enterprise platforms on the cloud, as well as for those hosted on-premises.
- Implement enterprise-wide identity providers (IdPs) supporting multifactor authentication (MFA) solutions.
- Implement device-level signals alongside identity information about authenticated users.
- Incorporate identity governance solutions with enterprise data governance solutions that properly define roles, attributes, and tagging features.
Requirements:
- At least 5 years of experience performing the functions associated with this labor category.
- Strong information security engineering skills and operational experience, including, but not limited to identity and access management, network security, endpoint security, cloud security, mobility, API and application services, IoT, and end user computing.
- Knowledge of enterprise architecture frameworks, including enterprise ICAM services.
- Understanding of the current identity and access management marketplace as it applies to the federal sector.
- Experience creating and implementing ICAM strategies, to-be architectures, concepts of operations, and transformation roadmaps, to include hybrid architectures with both on premises and cloud technologies (specifically Amazon Web Services and Microsoft Azure).
- Experience assessing existing ICAM solutions, capturing technical requirements, and making recommendations on best practices or enterprise-wide architecture improvements.
- Experience creating and developing cost models, technical delivery plans, technical solutions, basis of estimates (BOEs), and Bills of Materials (BOMs).
- Experience developing and implementing policies, governance, and best practices related to cloud identities, with a focus on both security and user experience.
- Experience with scenario-based and functional security testing (both authenticated and unauthenticated).
- Experience creating and presenting stakeholder-specific reports and presentations for both technical and executive audiences.
- Experience designing, deploying, and supporting enterprise ICAM architectures for the federal government that meet zero-trust mandates.
- Experience planning, designing, and implementing multifactor authentication methods (e.g., FIDO2, Windows Hello for Business, Azure Authenticator, and Okta) both for enterprise platforms on the cloud as well as for on-premises custom applications.
- Experience planning, deploying, and operating an identity governance and administration solutions that provide master user records, privileged access management (PAM), access management, unifying validations, identity analytics, and integrations with enterprise applications.
- Familiarity with identity strategies that meet OMB M-22-09 requirements.
- Knowledge of policies and best practices for cloud group and identity management within Azure AD, Okta, and AWS, including integrations for containers, applications, and enterprise products.
Job Type: Full-time
Pay: $140,000.00 - $145,000.00 per year
Benefits:
- 401(k)
- 401(k) matching
- Dental insurance
- Health insurance
- Life insurance
- Paid time off
- Professional development assistance
- Referral program
- Tuition reimbursement
- Vision insurance
Experience level:
Schedule:
- 8 hour shift
- Monday to Friday
Experience:
Ability to Commute:
- Washington, DC 20006 (Required)
Work Location: Hybrid remote in Washington, DC 20006