ICAM SME / Engineer

Job Description

ECS is seeking an Identity Credential and Access Management (ICAM) Subject Matter Expert (SME)/Engineer to work in our Ft. Meade, MD office in an onsite capacity.

ECS is seeking an ICAM SME/Engineer (ICAM SME/E) to support robust Impact Level (IL) 5 and IL6 programs in an operational DoD environment that houses multiple U.S. Coalition Mission Partner Environments (MPE). The ICAM SME/E will help clients understand emerging technical solutions relative to client policies and operational requirements and apply analytical and innovative strategies to develop solutions to address client needs. The candidate will contribute to technical artifacts and thought leadership for IAM tools relating to Credential Management, Public Key Infrastructure, Alternate Credentials, Directory Services, Authentication solutions, and ICAM integrations.

This position is a demanding, high-energy role that requires innovative ideas to manage identities, credentials, and access across Mission Partner Environments (MPE). The ideal candidate has advanced technical acumen; essential soft skills, including analytical thinking, problem-solving, communication, and proven leadership abilities; and intellectual curiosity critical for analyzing ICAM needs and developing solutions to address them. The ICAM SME/Engineer reports to the Senior Technical Program Manager and collaborates closely with the Engineering team.

Responsibilities:

• Serve as the ICAM SME for Azure based DOD environments.
• Implement, maintain, and optimize enterprise systems in alignment with organizational standards and SOPs.
• Monitor and manage all installed systems, infrastructure, and directory services.
• Configure, test, and maintain operating systems, application software, and system management tools.
• Evaluate existing systems and provide technical guidance to IT support teams.
• Lead the development and integration of customized software and hardware solutions.
• Plan and implement automation to improve operational efficiency.
• Design and maintain security controls to ensure data integrity and system protection.
• Ensure high availability of technical resources and maintain accurate system inventories.
• Provide timely reporting and rapid response to system issues or outages.
• Support the development and enhancement of the client's Enterprise Directory, including LDAP schema design, object classes, attributes, queries, and group structures.
• Develop directory integration solutions across directory and database systems.
• Configure and support enterprise Identity Management systems, including role based access, segregation of duties, workflow automation, and periodic access reviews.
• Review and implement ICAM integration requirements with adherence to an organization's mission, goals, and standards.
• Experience working in client services environments and engaging with both business and technical stakeholders.
• Prepare technical standards, provide technical advice and guidance, and collaborate with other programmers to conceptualize and develop design.
• Demonstrated ability to write technical documentation, including product analysis, as-is/to-be architectures, and network and infrastructure diagrams.
• Demonstrated experience in migration of ICAM technologies, including transitioning legacy applications to innovative and best of breed solutions.
• Experience developing and briefing materials and executive summaries on ICAM architecture, implementation, and policy
• Support security assessments, audits, and ATO activities, including documentation and control evidence related to ICAM.
• Other duties, as assigned.

Salary Range: $175,000 - $190,000

General Description of Benefits

Required Skills

• U.S. Citizen.
• Active Secret security clearance, with the ability to obtain a Top Secret security clearance.
• Ability to work 5 days/week onsite at 6910 Cooper Ave, Ft. Meade, MD with the possibility of some telework.
• Bachelor's degree in Cybersecurity, Information Security, Computer Science, or related STEM (Science, Technology, Engineering and Mathematics) discipline.
• 10+ years of technical experience developing ICAM architectures and strategies with a wide array of products (e.g., Intercede MyID, SailPointIIQ, Okta, CyberArk, PKI).
• Minimum DoD 8140 IAT Level 2 certification (e.g., CompTIA Security+, CySA+, GSEC, SSCP).
• Strong PowerShell scripting experience.
• Knowledge of: ADFS, Azure App Proxy, WPAD, and MFA technologies, especially Certificate Based Authentication (CBA).
• Deep knowledge of Active Directory, including:
  • Domain controller maintenance and upgrades
  • GPO management
  • DNS and core AD infrastructure
• Experience with Entra ID (Azure AD), including:
  • Application registrations and SSO onboarding
  • Intune policy management
  • DNS and core AD infrastructure
• Understanding of PKI technologies (LDAP directories, HSMs, OCSP) and security best practices.
• Experience working within large federal IT infrastructures.
• Recent experience with deployment of identity and credential management solutions; knowledge of federal cybersecurity and zero trust policies, requirements and standards.
• Strong understanding stakeholder requirements and expectations, system architecture, infrastructure build and documentation, configuration and deployment, as well as existing and emerging federal policy including HSPD-12 and NIST documents.
• Exceptional analytical, problem-solving, and communication skills.
• Strong decision-making ability to weigh the relative costs and benefits of potential actions and identify the most appropriate solution.
• Proven ability to remain calm, decisive, and methodical under pressure.
• Advanced proficiency with Microsoft Office tools and O365, including Word, Excel, PowerPoint, Teams, Outlook, and SharePoint.
• Experience designing, implementing, and supporting ICAM solutions in Microsoft Azure cloud environments.

Desired Skills

• Active Top Secret security clearance.
• Master's degree in a STEM discipline.
• Prior experience with DoD environments and components/organizations.
• DoD 8140 IAT Level 3 or other advanced certification (CISSP, CISM, GIAC GSLC/GSOM, CEH).
• Knowledge of IAM in both on-premise and cloud architectures (e.g., AWS, Azure).
• Experience with Zero Trust Architectures and aligning ICAM tools to an agency's ZTA mission.
• Experience with emerging technologies such as AI/ML and quantum security and the application to cybersecurity.
• Experience with:
  • Netwrix Auditor
  • Splunk
  • Quest Recovery Manager for AD (RMAD)
  • SDM Change Manager for Group Policy (CMGP)
• Knowledge of Microsoft Identity Manager (MIM).
• Experience with federated identity and web services security (SAML, ADFS, WS Federation, WS Security).
• Familiarity with Microsoft 365 and Azure AD integration.
• Ability to quickly learn new technologies and tools.

#ECS1

ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.

ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3300+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.