Information Technology Expert (Identity and Access Management Expert), Grade N32

Montgomery County•101 Monroe St Rockville MD 20850 USA, MD

2d•Hybrid

About The Position

The Department of Technology and Enterprise Business Solutions (TEBS) delivers responsive, collaborative, and innovative technology solutions that enable efficient services across all branches of government. TEBS provides high-quality, cost-effective technology and consulting services that reduce service times, lower costs, enhance information security, and improve the overall quality of County services through automation and process optimization. In addition, TEBS leads business process reengineering efforts to modernize legacy workflows and streamline services for our customers. By leveraging industry-leading platforms and emerging AI-driven tools, TEBS ensures a secure, modern, and collaborative digital environment that supports the County’s strategic goals. TEBS is seeking an Information Technology Expert (Identity and Access Management- IAM), Grade N32, to architect and manage secure identity platforms that support employees, contractors, partners, and external users across enterprise applications and cloud services. This role will drive enterprise authentication modernization initiatives, including SSO integrations, identity governance, lifecycle automation, MFA, access certifications, and zero-trust security architecture.

Requirements

Master’s degree in computer science, Information Systems, Cybersecurity, Information Technology, or a related field from accredited college or university.
Six (6) years of experience in Identity and Access Management (IAM), cybersecurity, identity engineering, and application integration
Proven success integrating SaaS, Oracle, custom-developed, and legacy applications with enterprise IAM platforms
Hands-on support of production IAM-integrated enterprise applications
Experience working across cloud, hybrid, and on-premises identity environments
Extensive experience designing, implementing, integrating, and supporting enterprise IAM solutions.
Strong technical proficiency with: Microsoft Entra ID, Azure AD B2C, Oracle Cloud IAM, SailPoint, IdentityNow, Active Directory
Familiarity with open-source identity tools, including Apereo CAS and OpenDJ
Strong background integrating enterprise applications using SSO, federation, and identity governance frameworks
Working knowledge of key authentication and federation protocols: SAML 2.0, OAuth 2.0, OpenID Connect (OIDC), LDAP / LDAPS
Strong written and verbal communication skills

Nice To Haves

Experience in designing and implementing enterprise IAM architecture, standards, and strategic roadmaps.
Experience in modernizing legacy authentication platforms into cloud-native identity solutions.
Strong working knowledge of Microsoft Entra ID, Azure AD B2C, Oracle Cloud Infrastructure Identity and Access Management, SailPoint IdentityNow, Active Directory, ApereoCAS, and OpenDJ.
Strong knowledge of SAML 2.0, OAuth 2.0, OpenID Connect, WS-Federation, LDAP / LDAPS, including troubleshooting token and claims issues.
Experience implementing joiner, mover, leaver workflows, access approvals, certification campaigns, role-based access models, and SoD controls.
Strong understanding of Zero Trust, least-privilege access, privileged access controls, audit logging, and regulatory compliance requirements.
Experience providing production support, incident resolution, root-cause analysis, upgrades, certificate renewals, and platform migrations.
Experience integrating on-premises and cloud identity systems, including directory synchronization and hybrid access models.
Strong ability to diagnose and resolve complex authentication, federation, provisioning, and access-related issues.
Ability to work effectively with business teams, application owners, infrastructure teams, vendors, and leadership

Responsibilities

Design and implement the enterprise Identity and Access Management (IAM) architecture, standards, and strategic roadmap, including modernization of legacy authentication platforms to cloud-native identity solutions
Develop scalable identity strategies for both internal and external identity use cases, covering authentication, authorization, federation, and identity lifecycle management
Provide ongoing operational support, maintenance, incident resolution, and lifecycle management for enterprise applications integrated with the IAM ecosystem across production and non-production environments
Troubleshoot and resolve authentication, authorization, provisioning, federation, token, session, and access-related issues, including root-cause analysis, upgrades, certificate renewals, and platform migrations
Implement, administer, and support enterprise IAM platforms, including Microsoft Entra ID, Azure AD B2C, Oracle Cloud Infrastructure Identity and Access Management, SailPoint, IdentityNow, Active Directory, ApereoCAS, and OpenDJ
Configure and manage authentication policies, Conditional Access, MFA, passwordless authentication, RBAC, and hybrid identity integrations across on-premises and cloud platforms using tools such as Apache Airflow, Azure Functions, and Logic Apps
Design, implement, and support enterprise Single Sign-On (SSO) and federation solutions using SAML 2.0, OAuth 2.0, OpenID Connect, WS-Federation, and LDAP / LDAPS
Integrate and support enterprise applications, including SaaS platforms, Oracle applications, and custom-developed applications, while resolving federation, claims mapping, redirect, and end-user session issues
Implement and manage Identity Governance and Administration (IGA) workflows using SailPoint, IdentityNow, including joiner/mover/leaver processes, access approvals, role models, certification campaigns, remediation workflows, and Segregation of Duties (SoD) controls
Support Zero Trust identity initiatives, regulatory compliance, audit controls, access reviews, privileged access management, audit logging, and least-privilege security models