Principal ICAM Engineer

Minimum Education

Bachelor's degree or equivalent experience

Minimum Experience

6

Summary

The Senior Security Analyst independently provides technical and analytical support for the Board's computer security systems. Monitors current security systems to control access to systems and detects and reports violations. Develops new security measures as needed.

Duties and Responsibilities Manages, maintains, documents and enhances security tools, such as ACF2, which is used to control access to the Board's centralized computer resources, the Ace security server, which is used to control access to the Board's computer resources from telephone lines, Lotus Notes, Windows, firewalls, RAS Enterprise, and other tools as the Board uses them to safeguard the FR System's information resources. Monitors ACF2, firewall, and other security reports regularly. Checks for and researchers violations. Informs appropriate management of any violations. Analyzes and assesses hardware and software to provide security fro PCs, mainframes, local and wide area networks, voice/data systems, etc. Conducts complex security risk assessments, risk certifications, software security reviews, based on FISMA requirements, changes in legislation, professional security standards, and business requirements. Recommends tools, policies and procedures to protect Board computers. Supports the System Information Security Officers, the Board's Information Security Committee, the security liaison officers, and the security administrator by serving on task forces and subcommittees, preparing reports and other supporting documents. Identifies and analyzes emerging technology for impact on Board security issues. Leads technical projects. Reviews the quality, accuracy, and documentation of technical work performed by other analysts. Delegates work and reviews resource utilization and project status, design approach and final products. Recommends emerging security systems and assesses their impact on the Board and System information systems architecture and strategic directions. May assist the Manager in performing supervision of project staff. Performs on-going resource allocation and assignments in order to accommodate priorities. Participates in the development of short and long-range requirements. ,Prepares input to the unit's budget and operating plan and provides technical information to others as requested.

Position Requirements

Summary:

We are seeking a talented Principal Identity, Credential, and Access Management (ICAM) Engineer with 7 years of experience implementing access control modules and policies across multiple systems, applications, data stores and environments. These systems and applications will be deployed in the cloud and on-prem. This may constitute Mandatory Access Control (MAC), Role-Based Access Control (RBAC), Discretionary Access Control (DAC), Rule-Based Access Control (RBAC or RB-RBAC), and/or Policy-Based Access Control (PBAC), with an emphasis on RBAC/PBAC.

The ICAM Engineer will be responsible for:

RBAC and PBAC Implementation: Develop, deploy, and maintain RBAC and PBAC modules for access control, ensuring that users and entities have the appropriate permissions and privileges. Access Control Policies: Collaborate with stakeholders to define and enforce access control policies based on RBAC and PBAC principles. Identity Management: Design and manage the identity lifecycle, including provisioning, de-provisioning, and authentication processes. Access Governance: Monitor and audit access permissions to ensure compliance with security policies, industry standards, and regulatory requirements. Single Sign-On (SSO) Solutions: Integrate with existing and/or implement and maintain SSO solutions for streamlined user authentication and access management, if permitted. Integration: integrate ICAM solutions with various systems, applications, and services, ensuring seamless functionality. Troubleshooting and Incident Response: Investigate and resolve access-related issues and participate in incident response activities as needed. Documentation: Maintain detailed documentation of ICAM configurations, policies, and procedures. Security Awareness: Stay current with emerging ICAM and best practices in access management and security. Collaboration: Work closely with cross-functional teams, including IT, security, compliance, and application development teams, and others to implement and maintain ICAM solutions effectively. User Training: Provide training and support to end-users and administrators on ICAM tools and procedures.

The Senior Security Analyst (Principal ICAM Engineer) is a security engineer expert for identity, credential, and access management that will provide technical direction and leadership to collaboratively prototype, integrate, develop, and test with product teams to identify optimal ICAM enterprise solutions that meet the present and future needs of Board customers. The Senior Security Analyst (Principal ICAM Engineer) directs the coordination of a wide range of major technical, operational, and policy initiatives associated with Federal Identity, Credential, and Access Management (FICAM), cybersecurity, and related IT security policy objectives for the Federal government.

Position Requirements

FR-27 Minimal Qualifications

Requires excellent analytical ability and oral and written communication skills typically acquired by completion of a bachelor's degree in computer science or related discipline. Requires a minimum of 7 year's experience working with computer security systems. Possesses expertise in emerging technologies.

FR-28 Minimal Qualifications

Requires excellent analytical ability and oral and written communication skills typically acquired by completion of a bachelor's degree in computer science or related discipline. Requires 8 years-experience in working with computer security systems. Requires a mastery of technical knowledge of the functions and interrelationships of the major components of automation systems and technologies, including telecommunications, operating systems, and data base management systems. Possesses expertise in emerging technologies.

Remarks: Act as a technical expert/resource for the team and business partners while leading the analysis, design and development of high volume, low latency applications for mission critical systems delivering high-availability and performance to best meet customer needs. Independently write well designed, testable, efficient code to support varied and highly complex IT solutions. Provide technical leadership to other IT specialists to rapidly develop and deliver stunning solutions that meet changing business needs. Perform all necessary discovery and fact finding to fully understand highly complex business problems and opportunities and independently execute all assignments. Evaluate options to provide solution buy vs. build recommendations to management. Independently analyze and recommend solutions to development and production issues while effectively communicating to the project team, applicable vendors and/or the manager in a timely manner. Research and stay abreast of technology trends and IT best practices, with a focus on continuous learning and possible application to the business. Regularly act in a project lead capacity and/or represent the department on enterprise-wise project teams. Provide direction and assistance to less experienced team members and may oversee or coordinate work efforts as needed. Assist management with employee development initiatives, including training.

Previous large-scale engineering experience with increasing responsibilities over your career. Extensive experience as a systems engineer, architect, or consultant in a government environment. Hands on experience with identity and access management technologies from leading vendors including Microsoft, Saviynt, SailPoint, CyberArk, Entra ID, Azure AD, and Okta. Experience in the decomposition of requirements, use cases, and needs into a technical design, applying user-centric and test-driven design approaches. Strong attention to detail; highly organized. Deep understanding of both cloud and on-premises infrastructure concepts, including compute resources, networking, security, load balancing, operating systems (Linux and others), web and application servers, databases, and storage. Understanding of how to architect a system for high availability and fault tolerance. Strong oral and written communication skills with the ability to tailor your messaging to technical and non-technical audiences. Job involves independent research, implementations, and daily operational assignments. Understanding of credentials, authentication and authorization principles and design alternatives. Experience implementing Windows for Hello for Business, FIDO2 authenticators, and YubiKeys for Multifactor authentication. Diverse technical experience with Active Directory, LDAP, NLTM, Kerberos, federation assurance, Azure Active Directory, identity management, privileged accounts, application development methods, cloud security, Microsoft Office 365, and security operations. Knowledge of Domains, Forests, and organizational units (OUs) along with secure object store, users, computers, and groups in a hybrid cloud environment. Experience with integrating ICAM solutions such as IGA with data access governance tools (DAG) and data catalog solutions.

Highly Desirable:

• 7 years of work experience as an ICAM engineer with a focus on identity as a perimeter or related ICAM leadership role, best practice Identity Governance Administration (IGA), Identity Credentialing Access Management (ICAM) or similar experience that is directly transferable.

• Security enterprise architecture mindset with business acumen

• Certification and/or experience with identity governance & administration (IGA) and identity provider technologies (IdP) with Saviynt, SailPoint, Azure AD, Okta, and Entra ID, etc.

• Certifications and/or Experience with Privileged Access Management (PAM) technologies including Saviynt, CyberArk, Thycotic, Symantec, etc.

• Experience with FIDO2 and phishing-resistant authenticator methods such as YubiKey, windows for hello for business, etc.

• Cloud Solutions Engineer certifications preferred - including Azure, AWS, etc.

• Certifications in CIAM, CSEIP, CISSP, or general identity management specific

• Deep understanding of standards based and service-oriented architectures for Identity and Access Management (IAM)

• Deep understanding of cloud capabilities for each area: Infrastructure-as-a-Service, Platform-as-a-Service, and Software-as-a-Service

• Deep understanding of Zero Trust Reference Architecture

This position is hybrid, requiring a combination of telework and in-office presence in Washington, DC. #J-18808-Ljbffr