Senior ICAM Identity Governance and Provisioning Engineer
About the role
Serves as a senior technical engineer for ICAM identity governance, automated account provisioning, entitlement management, and Master User Record capabilities; designing, configuring, integrating, and sustaining identity lifecycle workflows, role and attribute models, access certification, audit reporting, and identity data synchronization across DoD enterprise, cloud, mission, and legacy environments; supporting Zero Trust and FICAM-aligned ICAM services; and ensuring compliance with DoD, NIST, and Intelligence Community standards and frameworks.
Primary Responsibilities
- Work with senior leadership, customers, application owners, and mission partners to plan and execute ICAM governance and provisioning activities using Agile methodologies.
- Integrate identity governance, provisioning, directory, and audit capabilities across platforms such as SailPoint, Radiant Logic, Okta, Saviynt, Delinea, ServiceNow, Microsoft Entra ID, Active Directory, LDAP, and related ICAM technologies.
- Assess current identity governance, provisioning, directory, and entitlement environments; analyze alternatives and implement solutions that modernize enterprise account lifecycle management and replace manual access request processes.
- Develop and present workflow designs, integration artifacts, provisioning rules, access review materials, test plans, technical briefings, and demonstrations.
- Evaluate emerging identity governance and provisioning technologies and guide engineering teams in implementing scalable, compliant, and mission-aligned solutions.
- Develop service design procedures and technical recommendations for identity lifecycle management, delegated administration, access certification, entitlement management, and identity data integration.
- Ensure engineering teams deliver efficient and effective identity governance, provisioning, de-provisioning, audit, and compliance capabilities supporting enterprise mission objectives.
- Support integration of provisioning and entitlement services across cloud, enterprise directory, and mission application environments.
- Provide technical status updates and implementation risk assessments to internal and external stakeholders.
- Serve as a technical lead for identity governance, automated provisioning, and Master User Record implementation activities while mentoring junior engineers.
- Prepare and present technical briefings, demonstrations, architecture diagrams, and implementation plans.
- Recognized as a trusted technical leader for ICAM identity governance, entitlement management, and provisioning automation.
Required Qualifications
- Active DoD Secret Clearance or higher.
- Typically requires BS degree and 12+ years relevant experience. Additionalexperience may be considered in lieu of degree.
- Experience with IdAM / ICAM delivery systems, identity governance, automated provisioning and de-provisioning, authentication, authorization, entitlement management, access certification, role engineering, and digital policy management.
- Experience integrating identity governance platforms with cloud, enterprise directory, and mission application environments using APIs, SCIM, LDAP, Active Directory, REST, SQL, and workflow automation technologies.
- Understanding of RBAC, ABAC, segregation of duties, privileged account auditing, identity data normalization, and identity-related audit/compliance processes supporting DoD accreditation requirements.
- Experience supporting identity governance and provisioning services within cloud-hosted and hybrid enterprise environments.
- Experience interacting with cross-functional teams including Software Development, Systems Engineering, Security, Compliance, Verification and Validation, Quality Assurance, and Operations.
- Excellent oral and written communication skills.
Required Certification(s)
- One or more DoD 8140.01 Level IIICertifications
Desired Qualifications
- Experience supporting DoD ICAM, Zero Trust, or FICAM initiatives.
- Experience implementing SailPoint, Saviynt, Okta Identity Governance, or equivalent IGA platforms.
- Experience supporting Master User Record (MUR), enterprise entitlement reporting, or insider threat analytics capabilities.
- Experience integrating legacy applications into enterprise identity governance and provisioning architectures.
- Experience supporting IL5/IL6, GovCloud, C2S, or classified cloud environments.
- Familiarity with NIST 800-53, NIST 800-63, NIST 800-162, and DoD Zero Trust guidance.
- TS/SCI eligible.
Pay and Benefits
Pay Range $131,300.00 - $237,350.00
About Leidos
All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.
Securing Your Data
Beware of fake employment opportunities using Leidos’ name. Leidos will never ask you to provide payment-related information during any part of the employment application process (i.e., ask you for money), nor will Leidos ever advance money as part of the hiring process (i.e., send you a check or money order before doing any work).
Commitment to Non-Discrimination
All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.