Lead Architect – Identity, Credential, and Access Management (ICAM)

KBR, Inc.•Beavercreek Township, OH

About The Position

KBR is seeking a Lead Architect for Identity, Credential, and Access Management (ICAM) to lead the design, integration, and modernization of enterprise identity solutions supporting mission-critical systems within NASIC. This role serves as the technical lead for AFISRE and drives Zero Trust identity capabilities across NASIC and the AF enterprise in support of Air Force Digital Transformation initiatives. The ideal candidate will bring deep expertise in identity security, cloud-native architectures, and DevSecOps, with the ability to lead both technical teams and customer engagements.

Requirements

Active Top Secret/SCI (TS/SCI) clearance
Bachelor’s degree in a STEM field with 15+ years of relevant experience
Deep understanding of Zero Trust, Identity-as-a-Service (IDaaS), and modern access control models
Extensive experience designing and implementing enterprise ICAM solutions and PKI
Strong knowledge of Active Directory and enterprise identity services
Experience with authentication and federation protocols (SAML, OAuth 2.0, OpenID Connect)
Proven experience architecting cloud-based environments (AWS, Azure)
Hands-on experience with containerization and orchestration (Docker, Kubernetes)
Experience implementing DevSecOps practices and CI/CD pipelines
Proficiency in Linux/Unix operating systems
Development experience in Golang and Python
Experience with relational databases and SQL (MariaDB, PostgreSQL)
Experience working in Agile development environments
Strong written and verbal communication skills
Ability to operate effectively in a secure, in-person/closed-area environment

Nice To Haves

Experience with service mesh and identity platforms (Istio, Keycloak)
Demonstrated expertise in cloud-native and DevSecOps ecosystems, including Helm, YAML, GitLab, and ArgoCD
Strong knowledge of Active Directory
Experience with SAML, OAuth 2.0, OpenID Connect
Experience implementing observability and monitoring solutions (Grafana, Prometheus)
Familiarity with Open Policy Agent (OPA) and policy-as-code frameworks
Web development experience using React, TypeScript, Angular, with a focus on UI/UX
Experience architecting and developing ICAM / Identity Security systems and software
Familiarity with cross-domain solutions and secure data transfer in classified environments
Deep knowledge of Zero Trust frameworks, including: NIST SP 800-207 NIST SP 800-63-4 DoD Zero Trust Reference Architecture (v2.0)
Relevant certifications such as CISSP, CISM, CASP+, Security+
Agile certifications (CSM, CSPO, SAFe)
Experience supporting large IDIQ contracts and federal acquisition processes
Experience supporting DoD and/or Intelligence Community (IC) programs

Responsibilities

Serve as the enterprise technical lead for ICAM architecture, engineering, and integration
Design and Execute the ICAM strategy, roadmap, and modernization initiatives
Architect and implement Zero Trust identity and access management solutions
Design authentication, authorization, federation, and identity governance capabilities
Integrate ICAM solutions across multi-domain, cloud, and mission system environments
Provide subject matter expertise in privileged access management (PAM) and identity governance
Ensure compliance with DoD, NIST, and Intelligence Community standards and frameworks
Lead and mentor engineering teams, architects, and developers
Engage directly with government stakeholders and mission partners
Support secure identity integration across data platforms, applications, and enterprise services
Lead customer engagement
Any other tasks closely associated with the performance of duties listed above