Senior ICAM Federation and App Integration Engineer

About The Position

Requirements

• Active DoD Secret Clearance or higher.
• Typically requires BS degree and 12+ years relevant experience. Additional experience may be considered in lieu of degree.
• Experience with IdAM / ICAM delivery systems, enterprise identity providers, SSO, authentication and authorization services, federated identity management, claims engineering, access management APIs, entitlement management, and digital policy management.
• Experience with security accreditation processes and identity-related security control implementation.
• Experience supporting cloud-hosted identity services, enterprise application integration, and AWS or comparable cloud environments.
• Experience with SAML 2.0, OIDC, OAuth 2.0, FIDO2/WebAuthn, CAC/PIV, PKI, MFA, step-up authentication, and token-based access control concepts.
• Understanding of context-aware access, RBAC, ABAC, device posture, network context, and risk-based authentication principles.
• Experience integrating enterprise applications using federation protocols, APIs, claims transformation, and identity provider technologies.
• Excellent oral and written communication skills.
• One or more DoD 8140.01 Level III Certifications
• Active Computing Environmental certification (CE) in job-related duties such as Okta, Ping Identity, Microsoft Entra ID, F5, Keycloak, or related ICAM platform certification

Nice To Haves

• Minimum of one identity provider, federation, cloud, or security certification such as Okta, Ping Identity, Microsoft Entra ID, AWS Associate, CISSP, or equivalent
• 5+ years of Commercial Cloud Services (C2S), DoD cloud, or classified mission environment experience
• Experience integrating legacy, COTS, SaaS, cloud-native, financial management, and custom applications with enterprise ICAM services
• Experience designing and implementing configurable MFA, step-up authentication, non-CAC authentication, self-service, and mission partner access patterns
• Experience with API security, policy enforcement points, claims transformation, token exchange, secrets management, and certificate lifecycle considerations
• Managing complex Sponsor relationships and requirements gathering across enterprise, component, application owner, and operations communities
• Experience migrating applications from local authentication or legacy SSO to enterprise identity provider and federation services
• Injecting detailed technical direction into teams for adoption of federation, application onboarding, CI/CD, and operational integration practices
• TS/SCI eligible

Responsibilities

• Work with senior leadership, customers, application owners, security teams, mission partners, and operations teams to plan and execute ICAM federation and application onboarding activities using Agile methodologies.
• Integrate Okta, Ping Federate, Radiant Logic, Microsoft Entra ID, Keycloak, ForgeRock, SailPoint, Delinea, HashiCorp, and related ICAM platforms with enterprise and mission applications.
• Assess current application authentication and access management architectures; analyze alternatives and implement federation and onboarding solutions that accelerate integration with enterprise ICAM services.
• Develop and present federation designs, claims mappings, integration artifacts, test plans, technical briefings, and application onboarding demonstrations.
• Evaluate emerging federation and authentication technologies and guide engineering teams in implementing scalable, secure, and mission-aligned SSO, MFA, API integration, and application onboarding solutions.
• Develop service design procedures and technical recommendations for application integration, claims release, federation protocols, MFA, API security, deployment automation, and operational handoff.
• Ensure engineering teams deliver effective SSO, federation, MFA, API integration, and onboarding capabilities supporting enterprise mission objectives.
• Support integration of enterprise identity providers and access management services across cloud, mission, and hybrid application environments.
• Provide technical status updates and implementation risk assessments to internal and external stakeholders.
• Serve as a technical lead for federation, identity provider, and application onboarding activities while mentoring junior engineers.
• Prepare and present architecture diagrams, implementation plans, technical demonstrations, and integration briefings.
• Recognized as a trusted technical leader for ICAM federation, single sign-on, multifactor authentication, and enterprise application integration.

Benefits

• competitive compensation
• Health and Wellness programs
• Income Protection
• Paid Leave
• Retirement