Identity Engineer (Directory Services & Automation)

About The Position

Requirements

• Master’s degree in Information Technology, Cybersecurity, Computer Science, Data Science, Engineering, Mathematics, or a closely related discipline or equivalent practical experience (as permitted by the contract).
• Minimum 6 years of relevant experience supporting enterprise IT environments, with demonstrated work aligned to Identity Engineering Services.
• Must be able to obtain and maintain Public Trust suitability and all required system access (e.g., CAC-enabled accounts) to perform duties.
• This position is aligned to applicable DoD Manual 8140.03 work role 632 (NIST: SP-SYS-002); contractor personnel must meet DoD 8570.01-M baseline certification requirements and transition to DoD Manual 8140.03 work role requirements, including required training, knowledge, skills, abilities, and tasks, within Government-directed timelines.
• At least one: FITSP-D, GCSA, GISF, or SSCP.
• Alternate/equivalent certifications may be accepted with Government approval.

Nice To Haves

• Microsoft Certified: Cyber Security Architect Expert or Microsoft Certified: Azure Solutions Architect Expert.

Responsibilities

• Create standardized, forward-looking, and compliant designs and solutions for directory services, identity, credentialing, access management engineering activities, including Cryptographic Key Management, Privileged Identity Management, Privileged Access Management, Identity Automation, Attribute Aggregation, PKI, and PKE.
• Engineer, design, update, and maintain the mJAD (medical Joint Active Directory) Technical Requirements and Architecture & Design documentation, ensuring alignment with DHA member server baselines, DISA STIGs, and industry best practices.
• Engineer and deliver current and future Microsoft Server Operating System Active Directory Services, Active Directory Lightweight Directory Services, Active Directory–integrated secure DNS roles across the medical enterprise.
• Maintain and update directory services engineering packages and associated risk assessments, and engineer, support, and integrate ADDS, ADLDS on current and future Microsoft Server operating systems in coordination with other enterprise teams and programs.
• Engineer identity solutions enabling MHS (Military Health System) administrators to manage persons, non-person entities, groups, and authorized assets, control access to resources by associating user rights and restrictions with authenticated identities.
• Engineer identity management functionality including policy definition, reporting, alerts, alarms in line with management and operational requirements and DoD Enterprise ICAM Reference Design guidance.
• Provide system requirements for MHS directory services to ensure identity and directory solutions comply with technical architecture authorization standards and DoDI 8520.03.