ICAM Architect
SAIC · Springfield, VA · 2 wk ago
Art & Creative$120k–$160k/yrFull-time
Key Responsibilities
- Design and implement ICAM architectures that align with mission needs, Zero Trust principles, and compliance with FICAM.
- Develop workflows for identity lifecycle management, including provisioning, deprovisioning, and secure credentialing (e.g., PKI, PIV, CAC).
- Integrate on-premises, hybrid, and cloud identity solutions, leveraging technologies like SAML, OAuth, OpenID Connect, and LDAP.
- Deploy and manage SSO, MFA, and Privileged Access Management (PAM) solutions to enhance authentication and access security.
- Optimize secure access to applications and resources by designing RBAC/ABAC models and automating workflows with tools like Ansible, Terraform, or PowerShell.
- Monitor identity systems using tools like Splunk or other SIEM platforms to detect and respond to threats and anomalies.
- Collaborate with cross-functional teams to ensure seamless integration of ICAM systems into broader IT environments.
- Provide technical briefings, metrics, and status updates for leadership while maintaining comprehensive technical documentation.
Qualifications
- Education: Bachelor’s Degree
- Certifications (CWF Requirements): One or more of the following qualifying certifications: CompTIA Cloud+, CompTIA Security+, GIAC Global Industrial Cyber Security Professional (GICSP), GIAC Security Essentials Certification (GSEC), Systems Security Certified Practitioner (SSCP)
- Experience: 10-15 years of professional experience managing and supporting enterprise-level IT environments.
- Technical Skills: Deep expertise in identity federation, authentication, and authorization protocols (e.g., SAML, OAuth, OpenID Connect, Kerberos); hands-on experience with Active Directory, Azure Active Directory, LDAP, and PKI-based systems; proficient in designing and implementing Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC) models for secure enterprise systems; skilled in deploying and managing Single Sign-On (SSO) and Multi-Factor Authentication (MFA) using tools like Okta, Duo, or Ping Identity; experienced with monitoring and detecting anomalies using identity analytics tools and SIEM platforms like Splunk; strong background in scripting and workflow automation using tools such as PowerShell, Bash, or Terraform to enhance ICAM processes.
- Preferred Certifications: Certified Information Systems Security Professional (CISSP) or equivalent; Microsoft Certified Security, Compliance, and Identity Fundamentals; vendor-specific certifications for identity tools such as ForgeRock, Okta, Ping Identity, or SailPoint; experience establishing ICAM within a Zero Trust Architecture (ZTA) framework.