ICAM Architect

** Description*
* SAIC is seeking a highly skilled and motivated 
** ICAM Architect**  to design, implement, and optimize advanced 
** Identity, Credential, and Access Management (ICAM)**  solutions for a mission-critical enterprise IT environment. This position will support our  
** MAJESTIC Joint Program Office (JPO) Team
** and requires an experienced professional with in-depth knowledge of ICAM architecture and compliance with federal identity and access management standards, such as 
** FICAM**  and 
** Zero Trust Architecture**  principles.

As the ICAM Architect, you will lead efforts to develop secure, scalable, and interoperable identity systems. The role requires expertise in integrating identity and access control solutions across on-premises, hybrid, and cloud environments. The ICAM Architect will collaborate with cross-functional teams to enforce proper access controls, enhance system security, and align with mission priorities, ensuring only properly credentialed individuals have access to critical resources.

All work must be performed on-site in 
** Springfield, VA** .

*
* Key Responsibilities:

*
* + Design and implement ICAM architectures that align with mission needs, Zero Trust principles, and compliance with FICAM.

+ Develop workflows for identity lifecycle management, including provisioning, deprovisioning, and secure credentialing (e.g., PKI, PIV, CAC).

+ Integrate on-premises, hybrid, and cloud identity solutions, leveraging technologies like SAML, OAuth, OpenID Connect, and LDAP.

+ Deploy and manage SSO, MFA, and Privileged Access Management (PAM) solutions to enhance authentication and access security.

+ Optimize secure access to applications and resources by designing RBAC/ABAC models and automating workflows with tools like Ansible, Terraform, or Power Shell.

+ Monitor identity systems using tools like Splunk or other SIEM platforms to detect and respond to threats and anomalies.

+ Collaborate with cross-functional teams to ensure seamless integration of ICAM systems into broader IT environments.

+ Provide technical briefings, metrics, and status updates for leadership while maintaining comprehensive technical documentation.

** Qualifications*
* *
* Education:

*
* + Bachelor's Degree

** Certifications (CWF Requirements):*
* + Candidates must satisfy Cybersecurity Workforce Framework (CWF)  ***
* ** 43 (Network Analyst - Intermediate Level)**  requirements, as outlined by Navy COOL (https://(Use the "Apply for this Job" box below).?

CWFModel) .

This requirement can be met by possessing one or more of the following qualifying certifications:

+ CompTIA Cloud+ CompTIA Security+ GIAC Global Industrial Cyber Security Professional (GICSP)

+ GIAC Security Essentials Certification (GSEC)

+ Systems Security Certified Practitioner (SSCP)

OR This requirement can be met through:

+ A 
** Bachelor's Degree**  in Cybersecurity, Computer Science, IT, or a related field.

*
* Experience:

*
* +  
** 10**  **-15 years**  of professional experience managing and supporting enterprise-level IT environments.

** Technical

Skills:

*
* + Deep expertise in identity federation, authentication, and authorization protocols (e.g., SAML, OAuth, OpenID Connect, Kerberos).

+ Hands-on experience with Active Directory, Azure Active Directory, LDAP, and PKI-based systems.

+ Proficient in designing and implementing Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC) models for secure enterprise systems.

+ Skilled in deploying and managing Single Sign-On (SSO) and Multi-Factor Authentication (MFA) using tools like Okta, Duo, or Ping Identity.

+ Experienced with monitoring and detecting anomalies using identity analytics tools and SIEM platforms like Splunk.

+ Strong background in scripting and workflow automation using tools such as Power Shell, Bash, or Terraform to enhance ICAM processes.

** Preferred Certifications (In Addition to CWF Requirements):*
* + Certified Information Systems Security Professional (CISSP) or equivalent.

+ Microsoft Certified:
Security, Compliance, and Identity Fundamentals.

+ Vendor-specific certifications for identity tools such as Forge Rock, Okta, Ping Identity, or SailPoint.

+ Experience establishing…