Identity Engineer (USSOCOM-Zero Trust)
Kentro · Tampa, FL · 2 wk ago
EngineeringFull-time
About the role
The Senior Identity Engineer will support the Zero Trust modernization initiative under the EDAT contract for United States Special Operations Command. The role involves leading the design, integration, implementation, and sustainment of enterprise Identity, Credential, and Access Management (ICAM) solutions aligned with DoD Zero Trust Architecture requirements.
Responsibilities
- Design, implement, and maintain enterprise Identity and Access Management (IAM) solutions supporting Zero Trust initiatives.
- Engineer secure authentication and authorization services utilizing modern identity standards including SAML, OAuth 2.0, OpenID Connect (OIDC), SCIM, and PKI.
- Design and implement Identity Governance and Administration (IGA) capabilities including automated provisioning, lifecycle management, and role-based access control (RBAC).
- Implement and maintain Privileged Access Management (PAM) solutions to secure privileged identities and administrative accounts.
- Integrate enterprise applications with centralized authentication platforms and federation services.
- Support implementation of Continuous Authentication and Conditional Access capabilities aligned with Zero Trust principles.
- Develop identity automation using scripting languages such as PowerShell, Python, or REST APIs.
- Perform identity architecture reviews and recommend improvements to authentication, authorization, and identity lifecycle processes.
- Develop and maintain identity-related documentation including architecture diagrams, implementation guides, SOPs, and security documentation.
- Troubleshoot complex authentication, federation, directory services, and identity synchronization issues.
- Collaborate with cybersecurity teams to support Risk Management Framework (RMF), STIG implementation, vulnerability remediation, and audit readiness.
- Provide technical leadership and mentoring to junior engineers and support personnel.
- Participate in architecture reviews, design sessions, and technical planning activities supporting enterprise modernization efforts.
- Ensure identity services comply with DoD, DISA, NIST 800-53, NIST SP 800-207, and USSOCOM cybersecurity requirements.
Qualifications
- Bachelor's degree in Computer Science, Information Technology, Cybersecurity, Engineering, or related field (or equivalent experience).
- Minimum of 10 years of experience in Identity and Access Management, Identity Engineering, or Enterprise Security Engineering.
- Minimum of 5 years supporting DoD or Federal enterprise cybersecurity environments.
- Technical Skills: Experience implementing or administering Identity Governance (IGA) platforms. Experience implementing or administering Privileged Access Management (PAM) solutions. Experience integrating enterprise applications using SAML, OAuth 2.0, OIDC, and SCIM. Experience automating identity management through PowerShell, Python, REST APIs, or similar scripting languages. Experience supporting cloud identity services across Microsoft Azure and hybrid enterprise environments. Strong understanding of Zero Trust Architecture principles. Experience supporting RMF, STIG compliance, vulnerability remediation, and cybersecurity audits.
- Excellent written and verbal communication skills.
- DoD 8570/8140 IAT Level II or IAM Level II compliant certification required.
Preferred Qualifications
- Experience supporting USSOCOM, DoD, or Intelligence Community environments.
- Experience with SailPoint, Saviynt, or similar Identity Governance platforms.
- Experience with CyberArk, BeyondTrust, Delinea, or comparable Privileged Access Management solutions.
- Experience with Microsoft Entra ID Identity Protection and Conditional Access.
- Experience supporting enterprise cloud migrations.
- Familiarity with DevSecOps and Infrastructure as Code (IaC) methodologies.
- Experience implementing Zero Trust maturity initiatives aligned with DoD guidance.
Pay
Competitive salary based on experience and qualifications.
Schedule
Hybrid schedule with remote work options available.