Overview
Hybrid
Depends on Experience
Accepts corp to corp applications
Contract - W2
Skills
Identity Management
SAML
SAS Cloud Analytic Services
OAuth
OIDC
Orchestration
POC
RFC
Real-time
Roadmaps
Management
Mentorship
Microsoft Azure
STS
WAF
SIEM
IP
F5
Network Security
DNS
CISA
API
Authentication
Cloud Architecture
Cloud Computing
Splunk
Terraform
Virtual Private Network
Leadership
Load Balancing
MySQL
Scalability
Siteminder
Good Clinical Practice
Google Cloud Platform
Intellectual Property
Streaming
Collaboration
Computer Networking
DevOps
Dragon NaturallySpeaking
High Availability
Kubernetes
Job Details
Job Title: Tech Lead - IAM/RAS Architecture | Hybrid | DC
Key Responsibilities:
Lead overall IAM/RAS architecture, operations, and roadmap at NIH.
Manage and enhance Broadcom Layer7 API Gateway RBE implementation as the OAuth/OIDC Secure Token Service (STS).
Maintain and integrate AAA/Federation services using CA SiteMinder, Shibboleth, and SPS.
Oversee directory and identity data services across VDS, AD, LDS, and MySQL environments.
Lead the design and development of AKS (Azure Kubernetes Services) clusters to support scalability and resiliency.
Devise secure networking solutions including Private Link, on-prem DNS resolution, and VPN tunnels with redundancy and high availability.
Architect and implement Secure OAuth/OIDC solutions adhering to RFC 8705, leveraging mTLS and certificate-bound tokens.
Use Google Cloud Platform CAS (Certificate Authority Service) to issue and manage client certificates securely for mTLS-based authentication.
Build real-time observability pipelines by streaming logs from Google Cloud Platform CAS, Azure DevOps, Layer7, etc., to Azure Event Hubs and ingesting them into on-prem Splunk.
Design and implement 6 new RAS environments in alignment with CISA TIC 3.0 and Zero Trust Architecture principles using:
Azure ExpressRoute
Cloud-native security stack
Terraform (Infrastructure as Code)
Azure CNI Overlay Networking for optimal IP management.
Conduct PoC and performance evaluations for Azure-native Load Balancers to replace legacy F5 BigIP:
Selected Azure App Gateway (with WAF & mTLS support) paired with Traffic Manager for multi-region load balancing and DDoS protection.
Qualifications:
8+ years of progressive experience in Identity & Access Management, Cloud Architecture, and Network Security.
Proven expertise in OAuth2.0, OIDC, SAML, mTLS, certificate-based auth, and Zero Trust frameworks.
Strong background in infrastructure automation (Terraform), container orchestration (AKS/Kubernetes), and hybrid networking (VPNs, ExpressRoute).
Experience with public cloud platforms: Azure, Google Cloud Platform.
Proficiency in log ingestion, event-driven architecture (Pub/Sub, Event Hubs), and SIEM integration.
Hands-on experience with enterprise identity solutions: SiteMinder, Shibboleth, SPS, Layer7, AD, VDS.
Ability to work across cross-functional teams, provide leadership, and mentor junior engineers.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.