Senior IAM Engineer

Senior IAM Engineer

General Info:

Citizenship Required: US Citizenship
Clearance: Secret (TS preferred)
Job Duration: Full Time
Site: Washington D.C. Metro Area
Travel: 5% or Less

Position Overview:

Provide senior-level engineering expertise in the design, integration, and optimization of enterprise IAM solutions. Lead the implementation of secure identity architectures across cloud and on-prem environments, ensuring alignment with federal standards (NIST, FICAM) and Zero Trust principles.

This role requires deep technical knowledge, leadership in complex IAM implementations, and the ability to guide teams and stakeholders on identity strategy and best practices.

Responsibilities:

• Lead design and implementation of enterprise IAM architectures across hybrid environments
• Engineer advanced identity solutions including:

• Federated identity (SSO across multiple domains)
• Complex RBAC/ABAC models
• Cross-domain identity integration

• Architect and implement authentication solutions:

• SAML, OAuth, OpenID Connect
• MFA and adaptive authentication
• Conditional and risk-based access policies

• Lead integration of applications with IAM platforms (custom + COTS systems)
• Design and implement Identity Governance (IGA) solutions including lifecycle workflows and access certifications
• Develop and maintain automation for IAM processes using scripting and APIs
• Provide technical leadership in troubleshooting complex identity issues across systems
• Oversee IAM system performance, scalability, and high availability
• Implement and integrate Privileged Access Management (PAM) solutions
• Ensure IAM architecture aligns with:

• NIST 800-53 / 800-63
• FISMA / FedRAMP
• Zero Trust Architecture

• Lead audit support efforts, including control validation and remediation
• Define IAM standards, patterns, and best practices for the organization
• Mentor junior engineers and provide technical oversight
• Collaborate with architects, security leadership, and program managers on identity strategy
• Contribute to Zero Trust initiatives with identity as a core pillar

Education and Experience Required:

• Bachelor’s degree in Cybersecurity, Information Systems, or related field (or equivalent experience)
• 8–12+ years of experience in IAM/ICAM, identity engineering, or security engineering
• Deep experience with IAM platforms such as:

• Azure AD (Entra ID), Active Directory
• Okta, Ping Identity

• Strong experience with:

• SAML, OAuth, OIDC
• IGA (SailPoint, Saviynt)
• PAM solutions

• Experience designing enterprise identity architectures
• Strong scripting/automation skills (PowerShell, Python, APIs)

Preferred Qualifications:

• Active Secret or Top Secret clearance
• Certifications such as: CISSP, CIAM, Azure Identity certifications
• Experience with Zero Trust implementations
• Experience in federal ICAM (FICAM, CAC/PIV, PKI)
• Experience leading large-scale IAM transformations