ClouId Identity & Access Management - SOCEUR

CACI International
$105,100 - $231,100Hybrid

About The Position

As a CACI Cloud Identity & Access Management (IAM) Engineer, you will architect, build, and maintain the highly available authorization infrastructure for the Special Operations Command Europe (SOCEUR) Hybrid Threat Action Platform (HTAP) ecosystem on Google Cloud Platform (GCP). This role sits inside the HTAP program team and is responsible for designing the core identity federation, access policies, and security boundaries that protect mission-critical data. You will architect distributed authorization systems, broker identities between unclassified and classified environments, and implement a zero-trust security model. You will interact regularly with cybersecurity architects, application developers, and platform engineers to ensure secure, auditable, and least-privilege access across all systems.

Requirements

  • Must be a US Citizen possessing an active TS/SCI security clearance.
  • Bachelor's degree in Computer Science, Cybersecurity, or a related field (or equivalent practical experience).
  • 5+ years of experience in backend software engineering or security engineering, with at least 3+ years specifically focused on designing and implementing Identity and Access Management (IAM) systems on a major cloud platform (GCP preferred).
  • Deep expertise in identity federation protocols (SAML, OAuth, OIDC) and experience integrating with identity providers (e.g., Keycloak, Azure AD, Okta).
  • Hands-on experience with Google Cloud IAM, Google Cloud Identity, and Google Workspace, including service accounts, workload identity, and organization policies.
  • Experience with Infrastructure as Code (IaC), specifically using Terraform to manage IAM resources.
  • Strong proficiency in a language like Python, Go, or C++ for building scalable backend systems.
  • Experience with Public Key Infrastructure (PKI) and integrating smart card authentication (CAC/PIV).
  • Google Cloud Professional Cloud Security Engineer certification.
  • One of the following advanced security or identity certifications: CISSP, CCSP, or Certified Identity and Access Manager (CIAM).

Nice To Haves

  • Google Workspace Professional Collaboration Engineer certification.
  • Experience using AI-assisted tools for secure software development and debugging.
  • Experience working in a high-availability, low-latency distributed services environment.

Responsibilities

  • Architect and scale large-scale, distributed cloud-native authorization services on GCP to support massive query loads and enforce granular access control.
  • Lead the design and implementation of identity federation between on-premises/external identity providers and Google Cloud Identity, using protocols like SAML and OIDC.
  • Integrate and manage identity platforms such as Keycloak with Google Workspace to implement strict Role-Based Access Control (RBAC) and Multi-Factor Authentication (MFA), including CAC/PIV integration.
  • Design, manage, and audit IAM policies, roles, and bindings as code using Terraform to ensure an automated, repeatable, and secure identity lifecycle.
  • Engineer and enforce access control strategies for multi-level security environments, managing identity and access across different security domains (e.g., Unclassified to Secret).
  • Develop and implement context-aware access policies and zero-trust principles to protect sensitive data and APIs.
  • Conduct regular security assessments and audits of IAM policies, access permissions, and service account usage to identify and remediate risks.
  • Collaborate with the security operations team to provide IAM-specific context during incident response and threat analysis.

Benefits

  • flexible time off
  • robust learning resources
  • comprehensive benefits
  • healthcare
  • wellness
  • financial
  • retirement
  • family support
  • continuing education
  • time off benefits
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service