Identity Provider Operations Engineer

Identity Provider Operations Engineer

Identity services are foundational to modern cybersecurity and mission operations. Maintaining secure, resilient, and highly available authentication and access management systems is critical to supporting enterprise users and protecting mission systems from unauthorized access.

As an Identity Provider (IdP) Operations Engineer, you'll support the ongoing operations, maintenance, sustainment, and troubleshooting of enterprise IAM and federation services in support of Zero Trust initiatives and mission-critical environments. In this role, you'll help ensure the reliability, security, and operational readiness of authentication and federation platforms used across the enterprise.

You’ll work closely with cybersecurity teams, system administrators, network engineers, and mission stakeholders to support daily IAM operations, resolve authentication and federation issues, maintain access management services, and ensure compliance with organizational security policies and standards.

Your responsibilities will include monitoring identity systems, troubleshooting SSO and federation issues, maintaining MFA and password‑less authentication capabilities, supporting user lifecycle management processes, applying patches and configuration updates, and assisting with operational automation and service improvement initiatives. You’ll help sustain enterprise‑class identity platforms that enable secure access to critical systems and applications while minimizing operational disruptions.

• Experience administering, supporting, and maintaining identity platforms such as Ping Federate, Okta, or Entra  an enterprise operations environment
• Experience supporting and troubleshooting authentication and federation protocols including SAML 2.0, OAuth 2.0, and OpenID Connect (OIDC)
• Experience troubleshooting SAML, OAuth, and OIDC integrations, token exchanges, assertion mismatches, and federation connectivity issues
• Experience using scripting or automation languages such as Java, JavaScript, Python, Power Shell, or Groovy to support operational tasks, automation, and maintenance activities, and with system monitoring, operational documentation, patching, and maintenance procedures for IAM services
• Experience working with RESTful APIs to support identity platform integrations, operational automation, and user lifecycle management processes
• Experience supporting integrations and synchronization with Active Directory (AD) or LDAP environments
• Knowledge of Zero Trust architectures and operational support of multifactor authentication (MFA) and password‑less authentication solutions
• Ability to diagnose and resolve complex identity and federation operational issues in production environments
• Active TS/SCI clearance; willingness to take a polygraph exam
• HS diploma or GED

• Experience supporting and maintaining Ping Identity Suite tools including Ping Federate, Ping Access, Ping Directory, or Ping One
• Experience supporting automated user lifecycle management processes using SCIM protocols
• Experience maintaining IAM platform integrations within Dev Ops or CI/CD operational environments
• Knowledge of Okta operational features including Okta Workflows, Custom Authorization Servers, Inline Hooks, and Okta APIs
• Knowledge of compliance and regulatory standards including NIST, FedRAMP, HIPAA, or related identity management frameworks
• Knowledge of cloud identity platforms such as AWS Cognito, Azure AD B2C, or Google Cloud Identity
• Possession of strong verbal and written communication skills
• TS/SCI clearance with polygraph
• Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or a related field

Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information. TS/SCI clearance is required.

The projected compensation range for this position is $86,800.00 to $ (annualized USD). Salary is determined by factors including location, experience, education, and organizational requirements. The posting will close within 90 days from the posting date.

All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, local, or international law.

Our people-first culture prioritizes collaboration. Employees working virtually are generally expected to have their cameras on during meetings.

• Remote:
  There may still be occasions when you are required to work in person at a Booz Allen or customer facility.
• Hybrid:
  You will be expected to work from a Booz Allen facility frequently, in alignment with leadership expectations and the needs of the role. You may also be required to work from or visit a customer facility.
• Onsite:
  Work will primarily be performed at a Booz Allen office or customer facility.