Identity & Directory Management Services Senior Engineer- PKI
United States - Remote
Systems Engineering Solutions Corporation
Systems Engineering SolutionsYears of Experience: 7-12 years
Education Requirements: Bachelor’s Degree
Program Decsription: As a leading provider of advanced information technology solutions and professional services to U.S. federal government agencies, is the prime for a $807m task order in support of the General Services Administration (GSA) Office of Digital Infrastructure Technologies (IDT) DIGIT (Digital Innovation for GSA Infrastructure Technologies) task order driving digital transformation and delivering continuous
improvement and business value to its customers. The team is comprised of the best-in-class technology partners to leverage forward-leaning technologies and best practices to transform GSA’s IT capabilities and shift offerings to provide a more flexible service delivery model, completing the agency’s shift to a fully digital experience along with its adoption of advanced, emerging technologies such as intelligent automation, artificial intelligence, and machine learning.
Position Description: DIGIT is seeking an Identity and Directory Management Services (IDMS) Senior Engineer with expertise with PKI to support the design, administration, management, execution & maintenance of GSA’s Identity & Directory Management Services (IDMS) and Identity, Credential, and Access Management (ICAM) solutions to meet the needs of the enterprise users & the enterprise architecture. These services, systems, and capabilities include, but are not limited to, directory services management, ICAM, privileged account management, Single Sign-On (SSO), Active Directory (AD) Domain Name System (DNS) services, Public Key Infrastructure (PKI), Multi-Factor Authentication (MFA), auditing and log management, Continuous Diagnostics and Mitigation/Dynamic, Evolving Federal Enterprise Network Defense (CDM/DEFEND), and the management of appliances. GSA IT currently leverages Microsoft (MS) AD as the authoritative account management system.
Responsibilities:
The Identity and Directory Management Services Engineer shall perform the following (to include but not limited
to) activities:
● Manage the enterprise Key Management, Certificate Management, and PKI systems.
● Manage and maintain the GSA PKI environment, to include Microsoft Certificate Authorities and
Certificate Revocation CRL/ OCSP services.
● Extensive experience with Okta includes installation, configuration and migrations.
● Token management by using the HID Credential Management Services
● Knowledge of Hardware Security Module (HSM’s)
● Manage, administer, and support the GSA IT MFA environment with Secureauth, OKTA or similar platform
● Manage, administer, and support ICAM systems and related support activities.
● Utilize automation and role-based management to ensure availability of access and continuity of services.
● Ensure requirements are gathered, processes defined, and use cases documented.
● Test and certify new product versions, bug fix and provide detailed reports.
● Providing on-call rotation support on a routine basis.
● Identifying process improvement opportunities for review and subsequent implementation.
● Providing positive customer service interactions for all levels of the organization up to and include senior
executive staff.
● Performing root cause analysis, risk identification, and risk mitigation.
● Provide support and administration of the GSA IT AD environment, systems, and associated data.
● Continuously review and assess the GSA IT ICAM environment and provide recommendations for how to
manage and administer the environment more efficiently.
● Ensure that all Group Policy Management (GPM) changes are controlled and documented.
● Other operational support duties as assigned.
● Developing new technologies to support existing applications or creating new applications using new
technologies
● Participating in meetings with executives to discuss technical issues and propose solutions
● Collaborating with other members of the engineering team to design new features or improve existing
ones
● Escalate issues to vendor and third-party entities, as necessary and directed by the Government
Requirements
Required Skills:
● Public Trust Clearance or ability to obtain.
● ITILv4 Foundation Training and ITILv4 Foundation Certification, may be obtained within 120 days after
hire.
● Possesses and applies a comprehensive knowledge across key tasks and high impact assignments.
● Plans and leads major technology assignments.
● Functions as a technical expert across multiple project assignments.
● Design and develop solutions to complex applications problems, system administration issues, or network
concerns.
● Perform systems management and integration functions
● Proven ability to work independently in a full and/or partial remote environment with limited supervision
and may supervise/lead others.
● Possess the ability to communicate in both oral and written forms, demonstrating an ability to
communicate effectively with all levels of staff as well as clients.
● Maintain standard working hours per the DIGIT contract and to be available for meetings, and other
collaborative efforts during working hours.
● Demonstrated ability to apply comprehensive knowledge across key tasks and high impact assignments
with the ability to use practical experience and training to determine how to accomplish tasks.
Preferred Skills:
● Strong knowledge of the different identity and access management (IAM) concepts, technologies and
authentication protocols.
● Public Key Infrastructure (PKI):
o Active Directory Certificate Services (AD CS).
o HID Credential Management System (CMS).
o HID ActivClient.
o Federal PIV/CAC.
o Safenet Hardware Security Module (HSM’s).
● Identity Management services operations including but not limited to:
o SailPoint IdentityIQ
o SecureAuth
o SAML 2.0
o Forefront Identity Manager/Microsoft Identity Manager
o Active Directory Federation Services
● Active Directory including but not limited to:
o Microsoft Active Directory
o Azure Active Directory
o NetIQ DRA
o NetIQ Group Policy Administrator (GPA)
o Active Directory Lightweight Directory Services
o Vulnerability Mitigation
● Experience with Splunk engineering and administration.
● Privileged access management (PAM) systems such as CyberArk.
● Hands-on experience with cloud computing services (O365/Microsoft Azure/AWS).
● Experience with SailPoint IdentityIQ integration and operations.
● Okta certified
● Powershell, java and .NET scripting.
● An understanding of Zero Trust concepts.
● Proficiency in the Google Suite (Gmail, Calendar, Chat, Meet, Docs, Slides, Sheets), Microsoft Office
(Word, Excel, PowerPoint, Outlook), Slack, and ServiceNow.
● Must be willing to work a variety of shifts, including holidays as scheduled.
Education and Experience:
● Bachelor of Science Degree (or equivalent) and 7-12 years of experience.
● 4+ year experience working with IDMS systems.
● Experience as a remote worker demonstrating time management and self discipline with cultural change
management and Agile mindset.
Benefits
SES provides a competitive salary and the following benefits:
- Medical
- Dental
- Vision
- AD&D
- STD
- LTD
- Company paid Life Insurance
- 401k with employer contribution
- Paid Time Off
- Pet Insurance
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Active Directory Agile Artificial Intelligence Audits Automation AWS Azure Certificate management Clearance Cloud Cyberark DNS IAM Java Machine Learning Okta PKI PowerShell SailPoint SAML Scripting Splunk SSO Zero Trust
Perks/benefits: 401(k) matching Career development Competitive pay Flex hours Flex vacation Health care
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Product Security Engineer jobs
- Open Senior Cybersecurity Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Information Security Officer jobs
- Open Information Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cloud Security Architect jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Senior Network Security Engineer jobs
- Open Senior Product Security Engineer jobs
- Open Security Specialist jobs
- Open Cyber Security Architect jobs
- Open Security Operations Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Information System Security Officer jobs
- Open Security Consultant jobs
- Open Information Systems Security Officer jobs
- Open Senior Information Security Analyst jobs
- Open Information Security Architect jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Security Architect jobs
- Open CISA-related jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open Analytics-related jobs
- Open SOC-related jobs
- Open Network security-related jobs
- Open GCP-related jobs
- Open ISO 27001-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open DoD-related jobs
- Open DevOps-related jobs
- Open Pentesting-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Vulnerability management-related jobs
- Open Security Clearance-related jobs
- Open Kubernetes-related jobs
- Open CEH-related jobs
- Open SaaS-related jobs
- Open Malware-related jobs
- Open Security assessment-related jobs
- Open SQL-related jobs
- Open PowerShell-related jobs