AWS Cloud Security and ICAM Specialist

About The Position

Requirements

• Bachelor’s Degree in Cybersecurity, Information Systems, or related discipline required; Master's Degree preferred
• 10+ years of experience in identity and access management, including 8+ years in cloud-based federal environments required; 12+ years of experience in information systems preferred
• Hands-on experience with Key Cloak and AWS IAM Identity Center for SSO and MFA implementations. (IBM Verify a plus)
• Strong knowledge of identity federation protocols (SAML, OAuth2.0, OIDC, SCIM) and modern authentication flows
• Expertise with RBAC/ABAC frameworks, policy-based access control, and least-privilege enforcement
• Familiarity with NIST 800-63, FISMA, FedRAMP, and ZTA standards and compliance frameworks
• Experience implementing ICAM solutions in Agile and DevSecOps environments
• Working knowledge of PKI, digital certificates, and encryption technologies
• Strong analytical and troubleshooting skills with ability to resolve identity integration issues
• Experience with AWS Container Security and Network Security (preferred, not required)
• Expert in designing logging and monitoring system by correlating events from several AWS and ICAM system
• Experience supporting federal digital modernization or judiciary IT programs.
• Familiarity with Zero Trust Architecture and micro segmentation principles
• Exposure to API gateway authentication (Kong, Apigee, AWS API Gateway).
• Experience integrating identity governance tools (SailPoint, Saviynt).
• Excellent presentation and communication skills
• Consultant mindset with the ability to work with high level customer stakeholders and build excellent customer relationship
• Experience identifying and applying industry tools, solutions, methods best practices, and emerging technologies
• Strong analytical skills and problem-solving skills with the ability to formulate and communicate recommendations for improvement
• Demonstrated ability to work effectively, independently, and as part of a team
• Certified Information Systems Security Professional (CISSP) - preferred
• AWS Certified Security – Specialty or Azure Identity & Access Administrator – preferred
• Certified Identity and Access Manager (CIAM) or Certified Identity Professional (CIP) – beneficial
• SAFe Practitioner (SPC/SSM) – a plus
• Ability to pass a background check to obtain and maintain a position of Public Trust with the Administrative Office of the US Courts.
• Must be a US Person (Green Card Holder, US Permanent Resident Alien, Refugee, Asylee, US Citizen).

Nice To Haves

• Master's Degree
• IBM Verify a plus
• Experience with AWS Container Security and Network Security
• Certified Information Systems Security Professional (CISSP)
• AWS Certified Security – Specialty or Azure Identity & Access Administrator
• Certified Identity and Access Manager (CIAM) or Certified Identity Professional (CIP)
• SAFe Practitioner (SPC/SSM)

Responsibilities

• Design and maintain the ICAM architecture for identity, access, and authentication management across AWS-hosted CMM applications and other legacy ICAM
• Implement federated identity and single sign-on (SSO) solutions using modern protocols (SAML, OAuth2.0, OIDC)
• Collaborate with Cloud and Security Architects to enforce Zero Trust Architecture (ZTA) across microservices and APIs
• Configure and maintain directory services and identity providers (e.g., AWS Cognito, AWS IAM Identity Center, Azure AD, IBM Verify , Key Cloak)
• Deep experience integrating KeyCloak as a broker IdP federating upstream enterprise IdPs while issuing downstream OIDC token to application
• Design ICAM brokerage solutions and support compliance assessments, ensuring adherence to FISMA, NIST 800-63, and FedRAMP security controls
• Develop and document identity lifecycle management processes—provisioning, deprovisioning, and access reviews
• Design and implement least privileged roles, groups, functionalities based on ZTA for both privileged and non-privileged users for a FedRAMP High system
• Experience defining workflow, rules, policies within ICAM tools particularly IBM Verify and Key Cloak
• Conduct access audits, user entitlement reviews, and anomaly detection to ensure least-privilege compliance
• Provide subject matter expertise in identity federation, PKI, certificate management, and secure API authorization
• Design strategies for logging, monitoring and auditing authentication and authorization related events in combination with other AWS event logs
• Design and implement storage level, microservice level Authentication and Authorization
• Support ATO process by providing solutions to all security controls, document implementation plan, maintain Visio diagrams
• Participate in design sessions and work closely with the security lead
• Collaborate with DevSecOps teams to embed ICAM policies within CI/CD pipelines and Infrastructure-as-Code (IaC) templates
• Direct and lead Pen testing, Review architecture diagrams produced by different teams
• Independently lead design and implement of vulnerability management
• Heavily participate in ATO activity
• Lead and direct engineering team

Benefits

• Variety of medical plan options, some with Health Savings Accounts
• Dental plan options
• Vision plan
• 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match
• Full flex work weeks where possible
• Variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave
• 15 days of paid leave per calendar year to be used for vacations, personal business, and illness
• 10 paid holidays per year
• Paid Family Leave program provides a total of up to 160 hours of paid leave in a rolling 12 month period for eligible employees
• Short and long-term disability benefits
• Life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance