Apply on Employer Site

MartinFed · 6 days ago

Senior Identity & Access Management (IAM) Engineer

Oak Ridge, TN

Full-time

Onsite

Senior Level

XCEL Engineering, Inc. is an award-winning small business providing trusted IT solutions to federal agencies. They are seeking a Senior Identity and Access Management Engineer to lead the architecture and implementation of an IAM platform for the American Science Cloud, ensuring secure access to resources and collaborating with various stakeholders.

ConsultingCorporate TrainingInformation ServicesInformation TechnologySoftware

Comp. & Benefits

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Lead the architecture, development and implementation of an Identity and Access Management platform using the Ping suite of products

Contribute to workflow design, API development, and collaborate with application developers and owners to establish robust integrations

Plan, execute and document application onboarding of a diverse and growing application set

Collaborate with IAM personnel from other organizations to design, build and administer a federation hub, allowing users to access resources at any participating facility

Build out and enable ABAC, RBAC, least privilege access and other common IAM standards

Deploy, configure and support identity and access management services such as single sign on (SSO), OAuth, MFA, zero trust, etc

Lead incident response, providing advanced troubleshooting and building out of monitoring and alerting systems

Define and implement define KPIs, processes and drive continuous improvement

Participate in on-call rotation providing 24-hour, 7-day support and off-hours maintenance windows

Coordinate with vendors to resolve hardware and software problems

Deliver AmSC's mission by aligning behaviors, priorities, and interactions with our core values of Impact, Integrity, Teamwork, Safety, and Service. Promote diversity, equity, inclusion, and accessibility by fostering a respectful workplace - in how we treat one another, work together, and measure success

Qualification

IdentityAccess ManagementPing suite of productsSingle Sign-On (SSO)OAuthMulti-Factor Authentication (MFA)API developmentRBAC implementationABAC implementationSAMLLDAPCloud Service Provider (AWS)AutomationScriptingInterpersonal skillsTeamworkProblem-solvingCommunication skills

Required

United States citizen with the ability to obtain a security clearance

Bachelor's degree in Information Technology, IT Operations Management, or a related field

Preferred

Extensive experience in Identity and Access Management supporting SSO, OAuth, MFA, and API development

Excellent interpersonal/communication skills, and the ability to work as part of a team

Proven track record leading and driving the delivery of large, complex IAM projects

Strong experience with the Ping suite of IAM products, bonus points for Ping Government Identity Cloud experience

Extensive experience with web authentication implementation such as SAML, OAuth, API-token, REST, etc

Experience in directory services and directory structure, specifically using LDAP and/or PingDirectory

Experience implementing RBAC and ABAC in complex enterprise environments

Strong experience in identity federation design and implementation using standards like OIDC and SAML to manage user identities across disparate systems

Experience with Automation and scripting (Python, etc...) for IAM tasks

Working knowledge of cloud application architecture patterns and a thorough grasp of common products and managed services for at least one Cloud Service Provider (e.g. AWS)

Working knowledge of Unix system fundamentals and common network protocols

Solid understanding of cloud computing networking concepts

Ability to proactively identify performance issues, problems, and areas for improvement

Ability to identify requirements and to define, plan, and implement requisite solutions

An understanding of code review and familiarity with tools like GitHub and GitLab

Experience using tools such as Nagios, Grafana and Prometheus to monitor systems, metrics, and create dashboards