Senior ICAM Engineer

Serves as the hands-on technical lead for ICAM engineering integration onboarding and operational delivery across enterprise cloud coalition and mission environments. This roleleadsthe implementation configuration troubleshooting sustainment and modernization of Zero Trust identity and access management services including authentication authorization federation identity governance privileged access management and enterprise application integration capabilities aligned to DoD FICAM NIST and Intelligence Community standards and frameworks.

The Lead ICAM Engineeris responsible fordriving technical execution across the full ICAM lifecycle including platform integration application onboarding federation engineering claims transformation provisioning automation deployment automation operational transition and production sustainment. The role requires hands-on engineering leadership supporting enterprise ICAM modernization efforts across cloud-hosted hybrid multi-domain and mission partner environments.

Primary Responsibilities

• Work with senior leadership customers application owners security teams mission partners and operations personnel to plan and execute ICAM engineering and integration activities using Agile methodologies.

• Lead hands-on configuration integration troubleshooting and sustainment of ICAM platforms including Okta Ping Federate SailPointDelinea Radiant LogicHashiCorp CorshaKeycloak Microsoft Entra ID and related identity and access management technologies.

• Implement andmaintainauthentication authorization federation identity governance privileged access management and application onboarding capabilities supporting Zero Trust and FICAM-aligned enterprise architectures.

• Lead integration and onboarding of legacy cloud-native SaaS mission and coalition applications into enterprise ICAM services.

• Troubleshoot federation authentication claims mapping token transformation provisioning entitlement and access control issues across enterprise and mission environments.

• Develop andmaintainimplementation procedures onboarding standards deployment documentation operational engineering practices and sustainment processes supporting ICAM delivery.

• Configure and integrate SAML 2.0 OIDC OAuth 2.0 SCIM REST APIs PKI CAC/PIV MFA andpasswordlessauthentication technologies.

• Support implementation of RBAC ABAC context-aware access control device posture validation and risk-based authentication capabilities.

• Implement and maintainDevSecOpspipelines infrastructure-as-code deployment automation and configuration management processes supporting ICAM services.

• Support integration of ICAM services across cloud enterprise hybrid and multi-domain mission environments including AWS GovCloud IL5/IL6 and classified systems where applicable.

• Provide hands-on engineering support during testing deployment operational transition incident response troubleshooting and production sustainment activities.

• Develop and present integration artifacts implementation plans deployment procedures technical briefings and operational status updates to internal and external stakeholders.

• Guide engineering teams in implementing scalable secure and operationally sustainable ICAM capabilities aligned to missionobjectives.

• Serve as the technical lead for ICAM engineering federation integration application onboarding and operational delivery activities while mentoring junior engineers.

• Recognized as a trusted technical leader for enterprise ICAM modernization Zero Trust implementation and mission integration.

Required Qualifications

• Active DoD Secret Clearance or higher.

• Typically requires BS degree and 12 years relevant may be considered in lieu of degree.

• Experience with IdAM / ICAM delivery systems authentication authorization federated identity management identity governance entitlement management privileged access management attributes and digital policy management.

• Hands-on experience integrating and troubleshooting enterprise identity providers federation services MFA platforms provisioning systems and application onboarding solutions.

• Experience configuring and supporting SAML 2.0 OIDC OAuth 2.0 SCIM REST APIs CAC/PIV PKI MFA token-based authentication and claims transformation technologies.

• Experience with security accreditation processes and implementation of identity-related security controls supporting DoD environments.

• Experience architecting implementing and sustaining enterprise cloud-hosted ICAM services within AWS or comparable cloud environments using infrastructure-as-code and automation concepts.

• Understanding of Zero Trust architecture federation RBAC ABAC risk-based authentication context-aware access and cloud-native security principles.

• Experience supporting application onboarding and federation integration across enterprise cloud mission and coalition environments.

• Experience interacting with cross-functional teams including Software Development Systems Engineering Security Operations Compliance Verification and Validation and Quality Assurance.

• Experience working in AgileSAFe or Scrum environments usingDevSecOpsand CI/CD technologies such as Git Jenkins Docker Azure DevOps Puppet Terraform and Confluence.

• Knowledge of software configuration management lifecycle deliverables operational sustainment processes and deployment management practices.

• Excellent oral and written communication skills.

Required Certification(s):

• One or more DoD 8140.01 Level IIICertifications

• Active Computing Environment certification relevant to job duties such as AWS Cloud Microsoft Cloud Okta Ping Identity SailPoint Microsoft Entra ID or related ICAM platform certifications.

Desired Qualifications:

• Minimum of one AWS Associate-level certification such as AWS Certified Solutions Architect Associate AWS Certified Developer Associate or AWS CertifiedSysOpsAdministrator Associate.

• Experience supporting C2S DoD cloud GovCloud IL5/IL6 or classified mission environments.

• Experience implementing CloudFormation Terraform serverless architectures and cloud-native deployment patterns.

• Experience integrating legacy COTS SaaS cloud-nativefinancial management and mission applications into enterprise ICAM services.

• Experience supporting large-scale ICAM modernization application migration and federation onboarding initiatives.

• Experience with API security secrets management certificate lifecycle management claims transformation and token exchange capabilities.

• Familiarity with NIST 800-53 NIST 800-63 DoD Zero Trust guidance and FICAM architectures.

• TS/SCI eligible.

If youre looking for comfort keep scrolling. At Leidos we outthink outbuild and outpace the status quo because the mission demands it. Were not hiring followers. Were recruiting the ones who disrupt provoke and refuse to fail. Step 10 is ancient history. Were already at step 30 and moving faster than anyone else dares.

Original Posting:

Pay Range:

The Leidos pay range for this job level is a general guideline onlyand not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job education experience knowledge skills and abilities as well as internal equity alignment with market data applicable bargaining agreement (if any) or other law.