Description
Duties/Responsibilities:
- Support end-to-end identity engineering activities, including architecture input, detailed design, implementation planning, integration, validation, and operational transition.
- Design, implement, integrate, and modernize identity, SSO, PKI, certificate lifecycle, federation, access control, and secrets management capabilities in classified and high-assurance environments.
- Engineer secure authentication and authorization patterns using OIDC, OAuth 2.0, SAML, LDAP/LDAPS, Kerberos, mTLS, RBAC, ABAC, and related identity technologies.
- Implement and support identity platforms and integrations involving Entra ID, Keycloak, Active Directory, certificate authorities, cert-manager, secrets managers, container security platforms such as Aqua Security, and related tools.
- Support certificate issuance, renewal, rotation, revocation, trust store management, mTLS enablement, service identity, and application certificate dependencies.
- Coordinate identity and secrets management dependencies across application, platform, cloud, network, UC, crypto, cybersecurity, and operations teams.
- Develop identity implementation plans, integration diagrams, certificate inventories, secrets management procedures, test procedures, and operational support documentation.
- Support Zero Trust-aligned access controls, least privilege, privileged access dependencies, auditability, and secure service-to-service communication.
- Support RMF, ATO, STIG, vulnerability remediation, control inheritance, and cybersecurity compliance activities for identity and access services.
Required Education, Certification, Skills, Capabilities:
- Demonstrated senior-level experience implementing and supporting enterprise identity, PKI, certificate management, SSO, federation, or secrets management capabilities.
- Hands-on experience with technologies such as Entra ID, Keycloak, Active Directory, LDAP/LDAPS, OIDC, OAuth 2.0, SAML, PKI, certificate authorities, cert-manager, or equivalent identity platforms.
- Strong practical knowledge of certificate lifecycle management, trust chains, mTLS, service identities, access control, token-based authentication, secrets rotation, and identity troubleshooting.
- Experience supporting classified, TS/SCI, multi-enclave, internet-connected, or air-gapped environments.
- Ability to coordinate technical dependencies across cybersecurity, application, platform, network, UC, crypto, cloud, and operations teams.
- Experience supporting RMF processes, ATO documentation, STIG compliance, security controls, or equivalent cybersecurity compliance activities for identity or platform services.
- Ability to produce clear technical documentation, diagrams, implementation guides, test procedures, certificate inventories, and operational support materials.
Desired Education, Certification, Skills, Capabilities:
- Experience with secrets platforms such as HashiCorp Vault, Azure Key Vault, CyberArk, Kubernetes secrets, or equivalent secure secrets management technologies.
- Experience with Aqua Security or equivalent container/cloud-native security tooling, including certificate, secrets, and workload identity integrations.
- Experience with HSMs, private CAs, offline roots, cross-certification, certificate policy, or high-assurance PKI operations.
- Professional certifications such as Security+, CISSP, Microsoft identity credentials, Kubernetes credentials, cloud security credentials, or equivalent technical credentials.
- Experience with Zero Trust architecture, privileged access management, conditional access, device posture, workload identity, and service mesh identity patterns.
- Familiarity with DoD identity, credential, and access management requirements, STIGs, FIPS dependencies, and secure enclave integration