Zero Trust (Zt) Identity & Credential Management Sme

About The Position

Requirements

• A minimum of 10 years of experience supporting identity management, governance, or security, with demonstrated Zero Trust scope.
• Hands-on experience implementing phishing-resistant MFA solutions including PIV/CAC enforcement and FIDO2/WEBAUTHN deployment in a federal or large enterprise environment.
• Hands-on experience with federal IAM platforms including Entra ID (Azure AD) or Okta; must extend beyond administration to include ZT-aligned architecture and configuration design.
• Expert knowledge of NIST SP 800-63, NIST SP 800-207, CISA ZTMM v2.0 identity pillar criteria, and OMB M-22-09.
• Experience with RBAC, ABAC, and PAM architectures in a federal environment.
• Demonstrated experience developing and implementing Zero Trust Identity solutions operationally, to include JEJIT access principles.
• Experience integrating identity posture signals into ZT access enforcement policy decisions.
• Experience supporting ZT-related IG FISMA metrics reporting pertaining to identity and access management.
• Strong written and oral communication skills; ability to translate complex technical findings into CISO-ready recommendations.
• Demonstrated familiarity with ai-assisted analysis tools or prompt engineering; ability to apply AI capabilities ethically to accelerate advisory work and surface higher-value technical insights.
• Five years of IT cybersecurity experience, including direct support to the U.S. Government.
• Prior direct involvement in implementing access and authorization automations.
• Prior direct involvement in a ZT Identity Pillar implementation or enterprise ZT deployment in a technical design or advisory capacity.
• Experience architecting or evaluating ZT-aligned IAM solutions including enterprise IdP integration, federation, and phishing-resistant authentication enforcement.
• Cloud vendor IAM certification (e.g., Microsoft certified: Identity and Access Administrator SC-300, AWS security specialty).
• Experience with ICAM roadmap implementation or federal ICAM architecture design.
• Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) or equivalent certification.
• Certified Identity and Access Manager (CIAM) or Microsoft certified: Identity and Access Administrator (SC-300).
• Cloud vendor IAM certification (e.g., Microsoft Azure Security Engineer Associate AZ-500, AWS security specialty).
• Active Secret clearance is required.

Nice To Haves

• This experience can be concurrent with the minimum 10 years of identity management, governance, or security.

Responsibilities

• Serve as the primary technical advisor for the CISA ZTMM v2.0 identity pillar across identity architecture, authentication, and access management domains.
• Continuously assess the agency's IAM posture against CISA ZTMM v2.0 identity pillar criteria, OMB M-22-09, and NIST SP 800-63.
• Proactively surface emerging identity risk indicators and deliver real-time advisory recommendations.
• Provide technical advisory guidance on phishing-resistant MFA strategies, PIV/CAC enforcement, FIDO2 deployment, and enterprise IdP integration - recommending solutions and implementation pathways for agency decision-making.
• Evaluate enterprise IAM/IdP platforms (e.g., Entra ID, Okta, Ping Identity) and provide configuration and enhancement recommendations aligned to ZT principles for agency adoption.
• Advise PAM strategies, RBAC/ABAC models, and least-privilege enforcement aligned to NIST SP 800-207; develop recommended solutions for agency review.
• Provide advisory support for the development and maturation of identity-related entries in the Common Control Catalog (CCC), ensuring traceability to NIST SP 800-53 rev. 5 control families.
• Develop recommended identity pillar inputs to the ZT roadmap, IG FISMA maturity reporting, and enterprise performance reporting for agency review and approval.
• Collaborate with device, network, and application SMEs to ensure identity-based enforcement integrates coherently across all ZTMM pillars.
• Review identity-related policy documents and SOPs; identify gaps relative to ZT mandates and develop recommended updates for agency concurrence.
• Support all identity-related ZT data calls, audits, and compliance reporting by providing advisory analysis and recommended responses.
• Prepare and present technical findings, maturity assessments, and advisory recommendations to senior leadership and the CISO.
• Leverage AI-assisted analysis tools, automation platforms, and prompt engineering techniques to enhance advisory productivity, accelerate gap analysis and documentation tasks, and enable focus on higher-value technical advisory work; apply all AI capabilities in accordance with agency acceptable use policies and Zermount's ethical AI use guidelines.
• Expert-level mastery of ICAM architecture and authentication engineering including enterprise IAM/PAM/IdP design, phishing-resistant MFA implementation (PIV/CAC enforcement, FIDO2) deployment, and federated identity frameworks demonstrated through operational implementation experience, not framework study.
• Authoritative knowledge of NIST SP 800-63, NIST SP 800-207 identity tenets, CISA ZTMM v2.0 identity pillar criteria, OMB M-22-09, and federal ICAM policy requirements; ability to independently interpret and apply evolving guidance.
• Expert-level proficiency in enterprise IAM platforms including Entra ID (Azure AD), Okta, or equivalent architecture and configuration design depth, not administrative use.
• Expert-level knowledge of RBAC, ABAC, and PAM architectures to support Just Enough, Just In Time (JEJIT) access principles in federal environments; demonstrated ability to advise on least-privilege policy design and privileged account governance.
• Independent decision-making authority on identity pillar advisory scope, maturity assessment methodology, and recommended advancement approach.
• Problem-solving at the intersection of identity enforcement and cross-pillar ZT integration.
• Able to identify how identity posture deficiencies create downstream risk in devices, networks, data, and application pillar enforcement.
• Strong foundational knowledge of directory services (Active Directory, LDAP, Entra ID), cloud identity platforms, and enterprise authentication infrastructure at an architecture or engineering level.
• Hands-on experience with cloud platforms, particularly Azure/Entra ID, AWS IAM, or GCP identity, including conditional access policy design, cross-tenant federation, and hybrid identity architecture.
• Working knowledge of core identity and network access protocols including OAUTH 2.0, SAML, OIDC, RADIUS, and TACACS+, and their role in enforcing ZT identity-based access decisions.
• Foundational understanding of network architecture, database access controls, and systems administration concepts sufficient to assess identity enforcement implications across the enterprise stack.
• Supports identity pillar advisory by enabling technically credible engagement with agency engineers, platform administrators, and cross-pillar SMEs on authentication architecture, access control design, and protocol-level enforcement.
• Interact directly with other ZT SMEs to support access requirements across pillars.
• Provide technical advisory leadership for Identity Pillar.
• Collaborate and integrate with cross-pillar SMEs.
• Provide CISO-facing technical briefing and recommendations.
• Engage with federal engineers and platform administrators.