Senior Identity, Credential, and Access Management (ICAM) Security Engineer

Description

Senior Identity, Credential, and Access Management (ICAM) Security Engineer

Personnel Qualifications

• At least five years of experience performing the functions associated with this labor category.
• Experience designing, deploying, and supporting enterprise ICAM architectures for the federal government that meet zero- trust mandates.
• Experience planning, designing, and implementing multifactor authentication methods (e.g., FIDO2, Windows Hello for Business, Azure Authenticator, and Okta) both for enterprise platforms on the cloud as well as for on-premises custom applications.
• Experience planning, deploying, and operating an identity governance and administration solutions that provide master user records, privileged access management (PAM), access management, unifying validations, identity analytics, and integrations with enterprise applications.
• Familiarity with identity strategies that meet OMB M-22-09 requirements.
• Knowledge of policies and best practices for cloud group and identity management within Azure AD, Okta, and AWS, including integrations for containers, applications, and enterprise products.

Capabilities

• Support the deployment and management of enterprise- wide ICAM solutions and services.
• Ensure the Board meets Office of Management and Budget and other federal identity requirements.
• Provide technical expertise related to identity, authentication, authorization, credentialing, device signals, analytics, and identity management solutions by establishing a master user record (MUR) in support of the complete user identity lifecycle.
• Implement enterprise-wide identity providers (IdP) supporting multifactor authentication (MFA) solutions.
• Implement device-level signals alongside identity information about authenticated users.
• Incorporate identity governance solutions with enterprise data governance solutions at the Board that properly define roles, attributes, and tagging features.
• Plan, design, test, and implement phishing-resistant multifactor authentication methods for enterprise platforms on the cloud, as well as for those hosted on- premises.
• Ensure credential solutions and/or authenticators meet the intent of HSPD-12 and align to NIST guidelines and government-wide ICAM requirements.
• Strengthen policies, governance, and best practices related to cloud identities, with a focus on both security and user experience.
• Plan, implement, and support identity governance and administration solutions that provide master user records, privileged access management, access management, unifying validations, identity analytics, and integrations with enterprise applications.
• Conduct scenario-based and functional security testing during authenticated and unauthenticated testing.
• Develop comprehensive reports and presentations for both technical and executive audiences.

Certification

• Certified Information Systems Security Professional (CISSP)
• GIAC Enterprise Vulnerability Assessor (GEVA)
• Equivalent