ICAM Authentication & Federation Engineer - Edge Services

About The Position

Requirements

• Bachelor’s Degree. An additional 4 years of experience mat be substituted in lieu of degree.
• Minimum of an active Secret security clearance.
• 8570/8140 IAT Level II certification (Security+ CE or higher).
• 10+ years’ experience supporting Identity and Access Management (IAM), Authentication, Federation, or ICAM solutions within government or regulated environments.
• Strong experience with PingFederate or equivalent federation technologies.
• Experience implementing and supporting enterprise Identity Provider (IdP) and federation services.
• Strong understanding of authentication, authorization, federation, and identity assurance concepts.
• Experience implementing and troubleshooting SAML 2.0, OAuth 2.0, OpenID Connect (OIDC), WS-Federation, and JWT technologies.
• Experience supporting PKI, certificate-based authentication, smart card authentication, and MFA solutions.
• Experience integrating applications, APIs, and enterprise services with federation platforms.
• Experience with Active Directory, LDAP directories, and enterprise identity repositories.
• Experience configuring claims, attribute mappings, policy enforcement, token transformations, and federation workflows.
• Experience supporting Linux and/or Windows Server environments.
• Experience deploying and supporting enterprise COTS products in secure customer environments.
• Experience working in Agile development environments and utilizing associated tools.

Nice To Haves

• Experience with PingFederate clustering, high availability, and large-scale federation deployments.
• Experience with PingAccess, PingDirectory, PingOne, Okta, Entra ID, ADFS, Keycloak, or similar authentication platforms.
• Experience supporting DoW Enterprise ICAM, Federation Hub, or mission partner federation initiatives.
• Experience implementing federation solutions for coalition, partner, or cross-organizational environments.
• Experience supporting NIST 800-63 Identity Assurance Levels (IAL), Authenticator Assurance Levels (AAL), and Federation Assurance Levels (FAL).
• Experience with phishing-resistant authentication technologies and passwordless authentication solutions.
• Experience supporting disconnected, intermittent, low-bandwidth (DDIL) operational environments.
• Experience implementing federation solutions supporting tactical, expeditionary, or edge-computing use cases.
• Experience supporting Zero Trust Architecture and identity-centric security initiatives.
• Experience with container technologies such as Docker and Kubernetes.
• Familiarity with DoW PKI, CAC authentication, derived credentials, and certificate lifecycle management.
• Experience supporting FVEY, NATO, coalition, or mission partner federation architectures.

Responsibilities

• Design, develop, configure, and maintain enterprise authentication and federation services supporting both enterprise and edge ICAM architectures.
• Support PingFederate and related identity platforms used to provide authentication, federation, single sign-on (SSO), and trust management services.
• Engineer federation solutions that extend secure identity services to mission partners, coalition organizations, tactical users, and edge computing environments.
• Configure and maintain trust relationships with internal and external Identity Providers (IdPs), Service Providers (SPs), and federation partners.
• Develop and maintain integrations utilizing SAML 2.0, OAuth 2.0, OpenID Connect (OIDC), WS-Federation, and PKI-based authentication technologies.
• Support onboarding and integration of applications, mission partners, and external organizations into enterprise federation ecosystems.
• Design and implement authentication flows, token services, claims transformation, attribute mapping, and policy enforcement mechanisms.
• Support MFA, phishing-resistant authentication, certificate-based authentication, and emerging identity assurance capabilities.
• Collaborate with cybersecurity, cloud, infrastructure, and application teams to implement secure authentication and federation solutions.
• Support implementation of Zero Trust Architecture through modern authentication, federation, and identity assurance services.
• Troubleshoot and resolve complex issues involving authentication, federation, trust relationships, certificates, tokens, and identity assertions.
• Support deployment and sustainment of identity services operating in disconnected, intermittent, low-bandwidth (DDIL), and edge environments.
• Develop technical documentation including architecture diagrams, integration guides, SOPs, TTPs, and onboarding documentation.
• Participate in Agile development activities and support continuous improvement initiatives.
• Actively manage technical risks and contribute to mission readiness objectives.

Benefits

• Comprehensive benefits and wellness packages
• 401K with company match
• Competitive pay
• Paid time off
• Full flex work weeks where possible
• Variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave.
• Short and long-term disability benefits
• Life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance