DevOps Automation Engineer
Capgemini Government Solutions · McLean, VA · 1 wk ago
Engineering$120k–$155k/yrFull-time
About the role
This senior-level technical role designs, implements, and governs enterprise-wide systems that manage user identities and access rights, bridging security strategy and technical implementation across on-premises and cloud environments while mentoring junior engineers.
Responsibilities
- Design, implement, and govern enterprise-wide identity and access management systems across on-premises and cloud environments
- Bridge security strategy and technical implementation, guiding junior engineers and collaborating with stakeholders to deliver secure, compliant, and scalable access solutions
- Implement and support cloud-based Identity Management and Access Governance products
- Lead legacy-to-modern integration using hybrid identity patterns (on-prem and cloud), directory consolidation, application modernization waves, and identity data quality remediation
- Design and deploy access requests, approvals, certifications, Separation of Duties (SoD) controls, role mining and role design, and connectors at scale
- Build and lead runbooks, a Level 1-Level 3 support model, SLAs, and audit-ready evidence for access governance and privileged access
- Implement IAM components in the cloud (e.g., AWS) with secure networking, logging, and deployment patterns
- Apply AI/ML-assisted analytics in Saviynt or similar IGA products (e.g., access anomaly detection, certification prioritization, identity risk scoring, and role/entitlement recommendations)
Requirements
- S. Citizenship
- Ability to obtain and maintain a Tier 4 / High Risk background investigation (High Risk Public Trust), as required for all task areas under this contract
- Bachelor’s degree in Engineering, Computer Science, Systems, Business, Information Systems, Information Resource Management, or a related scientific discipline
- Product certification(s), such as Saviynt, SailPoint, or equivalent
- Demonstrated healthcare IAM delivery across all three sectors: at least one State/Local public health or Medicaid/eligibility environment, one commercial payer/provider environment, and one Federal health (or Federal health-adjacent) environment, with references tied to measurable outcomes (e.g., application onboarding volume, MFA adoption, audit findings reduced)
- Proven multi-identity population design supporting employees, contractors, temporary staff, vendors, and affiliates/partners with distinct lifecycle rules, entitlements, and separation of duties
- Experience with agency/department partitioning, delegated administration, and policy differences across State/Local entities and Federal components
- Expertise implementing and supporting cloud-based Identity Management and Access Governance products
- Expertise in legacy-to-modern integration, including hybrid identity patterns (on-prem and cloud), directory consolidation, application modernization waves, and identity data quality remediation
- Has led at least two IAM modernization or legacy migrations (e.g., AD/LDAP rationalization, custom IAM replacement, SSO federation rollout, provisioning modernization) with a clear cutover strategy (parallel run, staged migration, rollback)
- Operational expertise to build or lead runbooks, a Level 1-Level 3 support model, SLAs, and audit-ready evidence for access governance and privileged access
- Expertise with designing and deploying access request, approvals, certifications, SoD controls, role mining/role design, and connectors at scale
- Experience with applying AI/ML-assisted analytics in Saviynt and/or similar IGA products contexts (e.g., access anomaly detection, certification prioritization, identity risk scoring, role/entitlement recommendations)
- Expertise in cloud and directory and implemented IAM components in cloud (such as AWS) with secure networking, logging, and deployment patterns
- Expertise with the security architecture of the solution, including IAM, Cloud Security, API Security, and Data Security
Qualifications
- Bachelor’s degree in Engineering, Computer Science, Systems, Business, Information Systems, Information Resource Management, or a related scientific discipline
- S. Citizenship
- Ability to obtain and maintain a Tier 4 / High Risk background investigation (High Risk Public Trust), as required for all task areas under this contract
- Product certification(s), such as Saviynt, SailPoint, or equivalent
- Demonstrated healthcare IAM delivery across all three sectors: at least one State/Local public health or Medicaid/eligibility environment, one commercial payer/provider environment, and one Federal health (or Federal health-adjacent) environment, with references tied to measurable outcomes (e.g., application onboarding volume, MFA adoption, audit findings reduced)
- Proven multi-identity population design supporting employees, contractors, temporary staff, vendors, and affiliates/partners with distinct lifecycle rules, entitlements, and separation of duties
- Experience with agency/department partitioning, delegated administration, and policy differences across State/Local entities and Federal components
- Expertise implementing and supporting cloud-based Identity Management and Access Governance products
- Expertise in legacy-to-modern integration, including hybrid identity patterns (on-prem and cloud), directory consolidation, application modernization waves, and identity data quality remediation
- Has led at least two IAM modernization or legacy migrations (e.g., AD/LDAP rationalization, custom IAM replacement, SSO federation rollout, provisioning modernization) with a clear cutover strategy (parallel run, staged migration, rollback)
- Operational expertise to build or lead runbooks, a Level 1-Level 3 support model, SLAs, and audit-ready evidence for access governance and privileged access
- Expertise with designing and deploying access request, approvals, certifications, SoD controls, role mining/role design, and connectors at scale
- Experience with applying AI/ML-assisted analytics in Saviynt and/or similar IGA products contexts (e.g., access anomaly detection, certification prioritization, identity risk scoring, role/entitlement recommendations)
- Expertise in cloud and directory and implemented IAM components in cloud (such as AWS) with secure networking, logging, and deployment patterns
- Expertise with the security architecture of the solution, including IAM, Cloud Security, API Security, and Data Security
Skills
- Strong understanding of IAM principles and practices
- Experience with cloud-based IAM solutions (e.g., AWS, Azure, Google Cloud)
- Hands-on experience with Saviynt, SailPoint, or similar IGA products
- Experience with AI/ML-assisted analytics in IAM contexts
- Expertise in legacy-to-modern integration, including hybrid identity patterns (on-prem and cloud), directory consolidation, application modernization waves, and identity data quality remediation
- Strong problem-solving and analytical skills
- Excellent communication and collaboration skills
- Experience with designing and deploying access request, approvals, certifications, SoD controls, role mining/role design, and connectors at scale
- Experience with cloud and directory and implemented IAM components in cloud (such as AWS) with secure networking, logging, and deployment patterns
- Expertise with the security architecture of the solution, including IAM, Cloud Security, API Security, and Data Security
Benefits
- Flexible work
- Healthcare including dental, vision, mental health, and well-being programs
- Financial well-being programs such as 401(k) and Employee Share Ownership Plan
- Paid time off and paid holidays
- Paid parental leave
- Family building benefits like adoption assistance, surrogacy, and cryopreservation
- Social well-being benefits like subsidized back-up child/elder care and tutoring
- Mentoring, coaching and learning programs
- Employee Resource Groups
- Disaster Relief
Pay
$120k - $155k
Schedule
Contract