Identity and Access Management Architect

About The Position

Requirements

• Due to nature of client engagement, must be a US Citizen
• High School Diploma AND Fourteen (14+) plus years relevant paid professional experience; Or Associate’s degree AND Twelve (12+) plus years relevant paid professional experience; Or Bachelor’s degree AND Ten (10+) plus years relevant paid professional experience
• Total paid professional work experience MUST include 8+ years in IAM AND 5+ years engineering and architecting Okta solutions at enterprise scale
• Deep experience with Okta (OIE policies, FastPass, integration network, federation, logs), authentication standards (SAML, OIDC, OAuth2, SCIM, directory integrations).
• Hands‑on implementation experience with IAM tools such as SailPoint, CyberArk, Delinea, BeyondTrust, Radiant Logic, and Microsoft Entra ID/AD.
• Strong engineering skills: APIs/SDKs, Terraform, CI/CD, Python/PowerShell, troubleshooting complex identity and access problems.
• Ability to travel
• Ability to work onsite in a Guidehouse Office or Client Office location

Nice To Haves

• Ability to OBTAIN and MAINTAIN a Federal or DoD Public Trust
• Preference will be given to candidates within reasonable driving distance of a Guidehouse Office or Client Office location
• Experience integrating identity signals (Okta, SailPoint, PAM tools, directory telemetry) with Zero Trust analytics platforms and security operations ecosystems, including SIEM (e.g., Splunk, Microsoft Sentinel, Elastic), UEBA/XDR (CrowdStrike Falcon, InsightIDR, Exabeam), and threat intelligence pipelines to enrich detections, correlate anomalous identity behavior, and enable automated response.
• Vendor certifications including Okta Certified Professional, Okta Certified Administrator, Okta Certified Consultant, Okta Certified Developer, Okta Certified Technical Architect, Okta Workflows, Okta Access Gateway
• Additional vendor certifications from SailPoint, Microsoft, CyberArk, BeyondTrust, etc.
• One or more Cybersecurity related certifications such as CISSP, CISM, CISA, Security+, CRISC, OSCP

Responsibilities

• Architect and deploy enterprise Okta Identity Engine implementations, including SSO, MFA policies, federation, lifecycle management, SCIM provisioning, and Okta Workflows automation.
• Implement phishing‑resistant MFA using FIDO2/WebAuthn, platform authenticators, roaming security keys, passkeys, and government‑grade credentials per CISA/OMB guidance.
• Design and integrate IGA + PAM capabilities (SailPoint IIQ/IDN, CyberArk, Delinea/Thycotic, BeyondTrust) to enforce least privilege, JIT access, and robust access governance.
• Implement tools like Okta Universal Directory and Radiant Logic to normalize & virtualize identity data across AD/Entra ID and other authoritative sources.
• Align IAM solutions to Zero Trust and NIST SP 800‑63‑series standards for authentication, identity assurance, and continuous risk evaluation.
• Produce engineering deliverables: architecture diagrams, configuration standards, build/run books, migration plans, and cutover strategies.
• Mentor engineers and consultants; lead workshops with business & technical stakeholders; support pursuit teams with solutioning and orals.

Benefits

• Medical, Rx, Dental & Vision Insurance
• Personal and Family Sick Time & Company Paid Holidays
• Position may be eligible for a discretionary variable incentive bonus
• Parental Leave and Adoption Assistance
• 401(k) Retirement Plan
• Basic Life & Supplemental Life
• Health Savings Account, Dental/Vision & Dependent Care Flexible Spending Accounts
• Short-Term & Long-Term Disability
• Student Loan PayDown
• Tuition Reimbursement, Personal Development & Learning Opportunities
• Skills Development & Certifications
• Employee Referral Program
• Corporate Sponsored Events & Community Outreach
• Emergency Back-Up Childcare Program
• Mobility Stipend