Identity, PKI & Access Engineer

About Us:

VT-ARC a technical services and applied research company has built an organizational culture marked by four primary values: Teamwork Integrity Excellence and Service. Integral to our success is our staffs enthusiasm for solving tough problems by working together in teams to get the job done. We foster a culture where every employees contribution is valued and performed with integrity while maintaining a fun work environment. VT-ARC strives for excellence in all that is done for our clients and such achievement is recognized through service/merit awards. Moreover we promote a sense of community larger than VT-ARC alone where staff and institutional resources can be applied in service to our country.

We are proud to be the recipient of the Best Workplace in Defense Award by Emergent Magazine an honor that recognizes companies with positive cultures that not only impact their people but also make a meaningful difference in the community.

About You:

You are an identity engineer with deep experience implementing and integrating identity access certificate PKI federation SSO and/or secrets management capabilities in secure enterprise environments.

You bring hands-on depth with identity providers certificate lifecycle management OIDC OAuth 2.0 SAML PKI certificate authorities cert-manager Entra ID Keycloak secrets platforms service identities and secure access patterns. You understand how identity certificates and secrets support Zero Trust-aligned architecture across both connected and air-gapped environments.

You are adaptable and comfortable working across cybersecurity application platform cloud network UC crypto and operations teams to ensure identity capabilities are secure interoperable validated documented and operationally supportable. You have a mission focus and take pride in building systems the right way and supporting them end-to-end.

Position Overview:

VT-ARC is seeking a Senior to Staff level Identity PKI and Access Engineer to support identity engineering Zero Trust-aligned access PKI certificate lifecycle management SSO OIDC secrets management and secure service integration for mission-critical programs within TS/SCI environments.

This role is focused on identity engineering across the full implementation lifecycle from requirements interpretation and architecture input through detailed design implementation planning integration validation documentation and transition to operations. The role supports identity and access capabilities across enterprise application platform network container and mission environments including internet-connected classified multi-enclave and air-gapped settings.

The Identity PKI and Access Engineer will coordinate closely across technical teams and individual contributors to ensure secure identity management and access delivery. You have a mission focus and take pride in building systems the right way and supporting them end-to-end.

Active Top Secret/SCI clearance is required.

Join our team and take advantage of a competitive signing bonus

Duties/Responsibilities:

• Support end-to-end identity engineering activities including architecture input detailed design implementation planning integration validation and operational transition.
• Design implement integrate and modernize identity SSO PKI certificate lifecycle federation access control and secrets management capabilities in classified and high-assurance environments.
• Engineer secure authentication and authorization patterns using OIDC OAuth 2.0 SAML LDAP/LDAPS Kerberos mTLS RBAC ABAC and related identity technologies.
• Implement and support identity platforms and integrations involving Entra ID Keycloak Active Directory certificate authorities cert-manager secrets managers container security platforms such as Aqua Security and related tools.
• Support certificate issuance renewal rotation revocation trust store management mTLS enablement service identity and application certificate dependencies.
• Coordinate identity and secrets management dependencies across application platform cloud network UC crypto cybersecurity and operations teams.
• Develop identity implementation plans integration diagrams certificate inventories secrets management procedures test procedures and operational support documentation.
• Support Zero Trust-aligned access controls least privilege privileged access dependencies auditability and secure service-to-service communication.
• Support RMF ATO STIG vulnerability remediation control inheritance and cybersecurity compliance activities for identity and access services.

Required Education Certification Skills Capabilities:

• Demonstrated senior-level experience implementing and supporting enterprise identity PKI certificate management SSO federation or secrets management capabilities.
• Hands-on experience with technologies such as Entra ID Keycloak Active Directory LDAP/LDAPS OIDC OAuth 2.0 SAML PKI certificate authorities cert-manager or equivalent identity platforms.
• Strong practical knowledge of certificate lifecycle management trust chains mTLS service identities access control token-based authentication secrets rotation and identity troubleshooting.
• Experience supporting classified TS/SCI multi-enclave internet-connected or air-gapped environments.
• Ability to coordinate technical dependencies across cybersecurity application platform network UC crypto cloud and operations teams.
• Experience supporting RMF processes ATO documentation STIG compliance security controls or equivalent cybersecurity compliance activities for identity or platform services.
• Ability to produce clear technical documentation diagrams implementation guides test procedures certificate inventories and operational support materials.

Desired Education Certification Skills Capabilities:

• Experience with secrets platforms such as HashiCorp Vault Azure Key Vault CyberArk Kubernetes secrets or equivalent secure secrets management technologies.
• Experience with Aqua Security or equivalent container/cloud-native security tooling including certificate secrets and workload identity integrations.
• Experience with HSMs private CAs offline roots cross-certification certificate policy or high-assurance PKI operations.
• Professional certifications such as Security CISSP Microsoft identity credentials Kubernetes credentials cloud security credentials or equivalent technical credentials.
• Experience with Zero Trust architecture privileged access management conditional access device posture workload identity and service mesh identity patterns.
• Familiarity with DoD identity credential and access management requirements STIGs FIPS dependencies and secure enclave integration.

Primary Work Location: Work is expected to be fully onsite in Arlington VA.

Special Work Conditions: Occasional travel may be required; up to 10%

Security:

• Must be a U.S. Citizen
• Active Top Secret/SCI clearance is required

Competitive Salary: VT-ARC offers a competitive salary and benefits package designed to attract and retain senior technical talent supporting mission-critical programs.

Salary: $185000-$220000/yr. based on skills experience clearance technical depth and mission alignment.

Virginia Tech Applied Research Corporation: VT-ARC is a 501(c)(3) non-profit R&D organization affiliated with Virginia Polytechnic Institute and State University (Virginia Tech or VT). Our mission is to provide superior analytic and technology solutions across multiple domains by leveraging Virginia Techs multidisciplinary research and innovation ecosystem. With unique access to the broad and rich research enterprise found at Virginia Tech VT-ARC forms multi-disciplinary teams to apply innovative solutions to the real-world problems that strain our social political industrial and economic foundations.

To learn more about VT-ARCs Benefits Perks Culture & more visit our Careers page: Tech Applied Research Corporation is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race color religion sex sexual orientation gender identity national origin age disability veteran status or any other status protected by law. As a federal contractor we are committed to providing equal employment opportunity and affirmative action for qualified individuals with disabilities under Section503 of the Rehabilitation Act of 1973. If you need a reasonable accommodation to complete the application or interview process please contact Human Resources at

Virginia Tech Applied Research Corporation uses E-Verify to confirm the employment eligibility of all newly hired employees. To learn more about E-Verify including your rights and responsibilities please visit .