Job DescriptionSAIC is seeking a highly skilled and motivated
ICAM Architect to design, implement, and optimize advanced
Identity, Credential, and Access Management (ICAM) solutions for a mission-critical enterprise IT environment. This position will support our
MAJESTIC Joint Program Office (JPO) Team and requires an experienced professional with in-depth knowledge of ICAM architecture and compliance with federal identity and access management standards, such as
FICAM and
Zero Trust Architecture principles.
As the ICAM Architect, you will lead efforts to develop secure, scalable, and interoperable identity systems. The role requires expertise in integrating identity and access control solutions across on-premises, hybrid, and cloud environments. The ICAM Architect will collaborate with cross-functional teams to enforce proper access controls, enhance system security, and align with mission priorities, ensuring only properly credentialed individuals have access to critical resources.
All work must be performed on-site in
Springfield, VA.
Key Responsibilities:- Design and implement ICAM architectures that align with mission needs, Zero Trust principles, and compliance with FICAM.
- Develop workflows for identity lifecycle management, including provisioning, deprovisioning, and secure credentialing (e.g., PKI, PIV, CAC).
- Integrate on-premises, hybrid, and cloud identity solutions, leveraging technologies like SAML, OAuth, OpenID Connect, and LDAP.
- Deploy and manage SSO, MFA, and Privileged Access Management (PAM) solutions to enhance authentication and access security.
- Optimize secure access to applications and resources by designing RBAC/ABAC models and automating workflows with tools like Ansible, Terraform, or PowerShell.
- Monitor identity systems using tools like Splunk or other SIEM platforms to detect and respond to threats and anomalies.
- Collaborate with cross-functional teams to ensure seamless integration of ICAM systems into broader IT environments.
- Provide technical briefings, metrics, and status updates for leadership while maintaining comprehensive technical documentation.
QualificationsEducation: Certifications (CWF Requirements): - Candidates must satisfy Cybersecurity Workforce Framework (CWF) ID 443 (Network Analyst - Intermediate Level) requirements, as outlined by Navy COOL.
This requirement can be met by possessing one or more of the following qualifying certifications:
- CompTIA Cloud+
- CompTIA Security+
- GIAC Global Industrial Cyber Security Professional (GICSP)
- GIAC Security Essentials Certification (GSEC)
- Systems Security Certified Practitioner (SSCP)
OR This requirement can be met through:
- A Bachelor's Degree in Cybersecurity, Computer Science, IT, or a related field.
Experience: - 10-15 years of professional experience managing and supporting enterprise-level IT environments.
Technical Skills: - Deep expertise in identity federation, authentication, and authorization protocols (e.g., SAML, OAuth, OpenID Connect, Kerberos).
- Hands-on experience with Active Directory, Azure Active Directory, LDAP, and PKI-based systems.
- Proficient in designing and implementing Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC) models for secure enterprise systems.
- Skilled in deploying and managing Single Sign-On (SSO) and Multi-Factor Authentication (MFA) using tools like Okta, Duo, or Ping Identity.
- Experienced with monitoring and detecting anomalies using identity analytics tools and SIEM platforms like Splunk.
- Strong background in scripting and workflow automation using tools such as PowerShell, Bash, or Terraform to enhance ICAM processes.
Preferred Certifications (In Addition to CWF Requirements): - Certified Information Systems Security Professional (CISSP) or equivalent.
- Microsoft Certified: Security, Compliance, and Identity Fundamentals.
- Vendor-specific certifications for identity tools such as ForgeRock, Okta, Ping Identity, or SailPoint.
- Experience establishing ICAM within a Zero Trust Architecture (ZTA) framework.
Clearance Requirement: - Active TS/SCI clearance with the ability to obtain and maintain a TS/SCI with Poly.
Work Environment and Notes: - On-Site Work: All work must be conducted on-site in Springfield, VA.
- Program Scope: Supports on-premises enterprise IT environments, including virtualized Windows servers, MS SQL Server databases, and networking layers.
- Subcontractor Role: Responsibilities and compensation vary based on the subcontract agreement, with a competitive salary aligned to market rates and role-specific requirements.
