Identity, PKI & Access Engineer

About The Position

Requirements

• Demonstrated senior-level experience implementing and supporting enterprise identity, PKI, certificate management, SSO, federation, or secrets management capabilities.
• Hands-on experience with technologies such as Entra ID, Keycloak, Active Directory, LDAP/LDAPS, OIDC, OAuth 2.0, SAML, PKI, certificate authorities, cert-manager, or equivalent identity platforms.
• Strong practical knowledge of certificate lifecycle management, trust chains, mTLS, service identities, access control, token-based authentication, secrets rotation, and identity troubleshooting.
• Experience supporting classified, TS/SCI, multi-enclave, internet-connected, or air-gapped environments.
• Ability to coordinate technical dependencies across cybersecurity, application, platform, network, UC, crypto, cloud, and operations teams.
• Experience supporting RMF processes, ATO documentation, STIG compliance, security controls, or equivalent cybersecurity compliance activities for identity or platform services.
• Ability to produce clear technical documentation, diagrams, implementation guides, test procedures, certificate inventories, and operational support materials.
• Active Top Secret/SCI clearance is required.

Nice To Haves

• Experience with secrets platforms such as HashiCorp Vault, Azure Key Vault, CyberArk, Kubernetes secrets, or equivalent secure secrets management technologies.
• Experience with Aqua Security or equivalent container/cloud-native security tooling, including certificate, secrets, and workload identity integrations.
• Experience with HSMs, private CAs, offline roots, cross-certification, certificate policy, or high-assurance PKI operations.
• Professional certifications such as Security+, CISSP, Microsoft identity credentials, Kubernetes credentials, cloud security credentials, or equivalent technical credentials.
• Experience with Zero Trust architecture, privileged access management, conditional access, device posture, workload identity, and service mesh identity patterns.
• Familiarity with DoD identity, credential, and access management requirements, STIGs, FIPS dependencies, and secure enclave integration.

Responsibilities

• Support end-to-end identity engineering activities, including architecture input, detailed design, implementation planning, integration, validation, and operational transition.
• Design, implement, integrate, and modernize identity, SSO, PKI, certificate lifecycle, federation, access control, and secrets management capabilities in classified and high-assurance environments.
• Engineer secure authentication and authorization patterns using OIDC, OAuth 2.0, SAML, LDAP/LDAPS, Kerberos, mTLS, RBAC, ABAC, and related identity technologies.
• Implement and support identity platforms and integrations involving Entra ID, Keycloak, Active Directory, certificate authorities, cert-manager, secrets managers, container security platforms such as Aqua Security, and related tools.
• Support certificate issuance, renewal, rotation, revocation, trust store management, mTLS enablement, service identity, and application certificate dependencies.
• Coordinate identity and secrets management dependencies across application, platform, cloud, network, UC, crypto, cybersecurity, and operations teams.
• Develop identity implementation plans, integration diagrams, certificate inventories, secrets management procedures, test procedures, and operational support documentation.
• Support Zero Trust-aligned access controls, least privilege, privileged access dependencies, auditability, and secure service-to-service communication.
• Support RMF, ATO, STIG, vulnerability remediation, control inheritance, and cybersecurity compliance activities for identity and access services.

Benefits

• Competitive salary and benefits package designed to attract and retain senior technical talent supporting mission-critical programs.