ICAM SME​/Engineer

Job #3035727

Apex Systems is seeking an Identity Credential and Access Management (ICAM) Subject Matter Expert (SME)/Engineer to work in our Ft. Meade, MD office in an onsite capacity.

ECS is seeking an ICAM SME/Engineer (ICAM SME/E) to support robust Impact Level (IL) 5 and IL6 programs in an operational DoD environment that houses multiple U.S. Coalition Mission Partner Environments (MPE). The ICAM SME/E will serve as the Ping Identity SME displaying expertise with Ping Federate and Ping Directory. You will help clients understand emerging technical solutions relative to client policies and operational requirements and apply analytical and innovative strategies to develop solutions to address client needs.

The candidate will contribute to technical artifacts and thought leadership for IAM tools relating to Credential Management, Public Key Infrastructure, Alternate Credentials, Directory Services, Authentication solutions, and ICAM integrations.

This position is a demanding, high-energy role that requires innovative ideas to manage identities, credentials, and access across Mission Partner Environments (MPE). The ideal candidate has advanced technical acumen and essential soft skills including analytical thinking, problem solving, communication, and proven leadership abilities. The ICAM SME/Engineer reports to the Senior Technical Program Manager and collaborates closely with the Engineering team.

• Serve as the ICAM SME for Azure based DOD environments.
• Implement, maintain, and optimize enterprise systems in alignment with organizational standards and SOPs.
• Monitor and manage all installed systems, infrastructure, and directory services.
• Configure, test, and maintain operating systems, application software, and system management tools.
• Evaluate existing systems and provide technical guidance to IT support teams.
• Lead the development and integration of customized software and hardware solutions.
• Plan and implement automation to improve operational efficiency.
• Design and maintain security controls to ensure data integrity and system protection.
• Ensure high availability of technical resources and maintain accurate system inventories.
• Provide timely reporting and rapid response to system issues or outages.
• Support the development and enhancement of the client’s Enterprise Directory, including LDAP schema design, object classes, attributes, queries, and group structures.
• Develop directory integration solutions across directory and database systems.
• Configure and support enterprise Identity Management systems, including role based access, segregation of duties, workflow automation, and periodic access reviews.
• Review and implement ICAM integration requirements with adherence to an organization’s mission, goals, and standards.
• Experience working in client services environments and engaging with both business and technical stakeholders.
• Prepare technical standards, provide technical advice and guidance, and collaborate with other programmers to conceptualize and develop design.
• Demonstrated ability to write technical documentation, including product analysis, as-is/to-be architectures, and network and infrastructure diagrams.
• Demonstrated experience in migration of ICAM technologies, including transitioning legacy applications to innovative and best of breed solutions.
• Experience developing and briefing materials and executive summaries on ICAM architecture, implementation, and policy.
• Support security assessments, audits, and ATO activities, including documentation and control evidence related to ICAM.
• Other duties, as assigned.

• U.S. Citizen.
• Active Secret security clearance, with the ability to obtain a Top Secret security clearance.
• Ability to work 5 days/week onsite at 6910 Cooper Ave, Ft. Meade, MD with the possibility of some telework.
• Bachelor's degree in Cybersecurity, Information Security, Computer Science, or related STEM discipline.
• 10+ years of technical experience developing ICAM architectures and strategies with a wide array of products (e.g., Intercede MyID, SailPointIIQ, Okta, Cyber Ark, PKI).
• Minimum DoD 8140 IAT Level 2 certification (e.g., CompTIA Security+, CySA+, GSEC, SSCP).
• Strong Power Shell scripting experience.
• Knowledge of ADFS, Azure App Proxy, WPAD, and MFA technologies, especially Certificate Based Authentication (CBA).
• Deep knowledge of Active Directory, including:
  Domain controller maintenance and upgrades, GPO management, DNS and core AD infrastructure.
• Experience with Entra  (Azure AD), including:
  Application registrations and SSO onboarding, Intune policy management, DNS and core AD infrastructure.
• Understanding of PKI technologies (LDAP directories, HSMs, OCSP) and security best practices.
• Experience working within large federal IT infrastructures.
• Recent experience with deployment of identity and credential management solutions; knowledge of federal cybersecurity and zero trust policies, requirements and standards.
• Strong understanding stakeholder requirements and expectations,…