ZERO TRUST (ZT) IDENTITY & CREDENTIAL MANAGEMENT SME

About The Position

Requirements

• A minimum of 10 years of experience supporting identity management, governance, or security, with demonstrated Zero Trust scope.
• Hands-on experience implementing phishing-resistant MFA solutions including PIV/CAC enforcement and FIDO2/WEBAUTHN deployment in a federal or large enterprise environment.
• Hands-on experience with federal IAM platforms including Entra ID (Azure AD) or Okta; must extend beyond administration to include ZT-aligned architecture and configuration design.
• Expert knowledge of NIST SP 800-63, NIST SP 800-207, CISA ZTMM v2.0 identity pillar criteria, and OMB M-22-09.
• Experience with RBAC, ABAC, and PAM architectures in a federal environment.
• Demonstrated experience developing and implementing Zero Trust Identity solutions operationally, to include JEJIT access principles.
• Experience integrating identity posture signals into ZT access enforcement policy decisions.
• Experience supporting ZT-related IG FISMA metrics reporting pertaining to identity and access management.
• Strong written and oral communication skills; ability to translate complex technical findings into CISO-ready recommendations.
• Demonstrated familiarity with ai-assisted analysis tools or prompt engineering; ability to apply AI capabilities ethically to accelerate advisory work and surface higher-value technical insights.
• Minimum of a Bachelor of Science (or higher) in Information Technology, Computer Science, Cybersecurity, or related field.
• Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) or equivalent certification.
• Active Secret clearance is required.

Nice To Haves

• Five years of IT cybersecurity experience, including direct support to the U.S. Government. This experience can be concurrent with the minimum 10 years of identity management, governance, or security
• Prior direct involvement in implementing access and authorization automations.
• Prior direct involvement in a ZT Identity Pillar implementation or enterprise ZT deployment in a technical design or advisory capacity.
• Experience architecting or evaluating ZT-aligned IAM solutions including enterprise IdP integration, federation, and phishing-resistant authentication enforcement.
• Cloud vendor IAM certification (e.g., Microsoft certified: Identity and Access Administrator SC-300, AWS security specialty).
• Experience with ICAM roadmap implementation or federal ICAM architecture design.
• Certified Identity and Access Manager (CIAM) or Microsoft certified: Identity and Access Administrator (SC-300).
• Cloud vendor IAM certification (e.g., Microsoft Azure Security Engineer Associate AZ-500, AWS security specialty).

Responsibilities

• Serve as the primary technical advisor for the CISA ZTMM v2.0 identity pillar across identity architecture, authentication, and access management domains.
• Continuously assess the agency's IAM posture against CISA ZTMM v2.0 identity pillar criteria, OMB M-22-09, and NIST SP 800-63. Proactively surface emerging identity risk indicators and deliver real-time advisory recommendations.
• Provide technical advisory guidance on phishing-resistant MFA strategies, PIV/CAC enforcement, FIDO2 deployment, and enterprise IdP integration - recommending solutions and implementation pathways for agency decision-making.
• Evaluate enterprise IAM/IdP platforms (e.g., Entra ID, Okta, Ping Identity) and provide configuration and enhancement recommendations aligned to ZT principles for agency adoption.
• Advise PAM strategies, RBAC/ABAC models, and least-privilege enforcement aligned to NIST SP 800-207; develop recommended solutions for agency review.
• Provide advisory support for the development and maturation of identity-related entries in the Common Control Catalog (CCC), ensuring traceability to NIST SP 800-53 rev. 5 control families.
• Develop recommended identity pillar inputs to the ZT roadmap, IG FISMA maturity reporting, and enterprise performance reporting for agency review and approval.
• Collaborate with device, network, and application SMEs to ensure identity-based enforcement integrates coherently across all ZTMM pillars.
• Review identity-related policy documents and SOPs; identify gaps relative to ZT mandates and develop recommended updates for agency concurrence.
• Support all identity-related ZT data calls, audits, and compliance reporting by providing advisory analysis and recommended responses.
• Prepare and present technical findings, maturity assessments, and advisory recommendations to senior leadership and the CISO.
• Leverage AI-assisted analysis tools, automation platforms, and prompt engineering techniques to enhance advisory productivity, accelerate gap analysis and documentation tasks, and enable focus on higher-value technical advisory work; apply all AI capabilities in accordance with agency acceptable use policies and Zermount's ethical AI use guidelines.