Identity and Access Management/ABAC Architect

FGS LLC

$170K — $180K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • U.S. Citizenship required.
  • Active Secret clearance with ability to obtain TS/SCI.
  • Bachelor's degree in computer science, Cybersecurity, Information Systems, Engineering, or a related field.
  • 5+ years experience in IAM solutions including governance and privileged access management.
  • Experience with authentication technologies like Active Directory, SAML, and OAuth 2.0.
  • Familiarity with Zero Trust architecture and hybrid clouds.
  • Strong analytical skills and ability to collaborate across teams.

Responsibilities

  • Design and maintain enterprise ICAM architectures for DoD missions.
  • Implement Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC) aligned with Zero Trust principles.
  • Architect secure authentication and authorization solutions using industry standards.
  • Create hybrid identity solutions integrating on-premises and cloud environments.
  • Develop identity governance and account lifecycle management processes.
  • Collaborate to ensure secure integration of identity services.
  • Conduct identity security assessments and mentor junior staff.

Benefits

  • Comprehensive health, dental, and vision insurance.
  • 401(k) retirement plan.
  • Group life insurance coverage.
  • Educational reimbursement for continued learning.
  • Opportunities for professional growth.
Full Job Description
Requires US Citizenship Yes
Employment Term and Type:
Regular, Full Time
Required Security Clearance: (Minimum for hire) Secret with ability to obtain TS/SCI
Required Education:(Minimum for hire)Bachelor's Degree in Engineering or engineering discipline; Computer science or IT discipline; Technical discipline
Salary Band: $170,000- $180,000

Job Description:
FGS is seeking an experienced Identity and Access Management (IAM) / Attribute-Based Access Control (ABAC) Architect to lead the design, implementation, and modernization of enterprise identity and access management capabilities supporting Department of Defense and Intelligence Community customers.

The successful candidate will serve as the technical authority for Identity, Credential, and Access Management (ICAM) architecture, enabling secure access to enterprise applications, cloud environments, mission systems, and cross-domain services while supporting Zero Trust Architecture initiatives.

This position is responsible for designing scalable authentication, authorization, federation, privileged access management, and attribute-based authorization solutions that meet Federal cybersecurity requirements while improving operational efficiency and user experience.

The architect will work closely with enterprise architects, cybersecurity engineers, cloud architects, system administrators, application developers, and government stakeholders to ensure identity services are securely integrated across hybrid cloud and on-premises environments.

Primary Duties and Responsibilities:
  • Design and maintain enterprise Identity, Credential, and Access Management (ICAM) architectures supporting DoD and Intelligence Community missions.
  • Develop and implement Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC) solutions aligned with Zero Trust principles.
  • Architect secure authentication, authorization, federation, and Single Sign-On (SSO) capabilities using technologies such as SAML, OAuth 2.0, OpenID Connect, PKI, CAC/PIV, and Multi-Factor Authentication (MFA).
  • Design hybrid identity solutions integrating on-premises infrastructure with cloud platforms including Microsoft Entra ID (Azure AD), AWS, and other enterprise identity providers.
  • Develop identity governance, privileged access management (PAM), account lifecycle management, and automated provisioning/deprovisioning processes.
  • Collaborate with cloud architects, cybersecurity engineers, network architects, and application teams to integrate secure identity services across enterprise systems.
  • Ensure IAM solutions comply with DoD Zero Trust Strategy, RMF, NIST SP 800-53, NIST SP 800-63, CNSSI 1253, and applicable federal cybersecurity requirements.
  • Support Authority to Operate (ATO) activities by developing architecture documentation, security designs, implementation guidance, and technical recommendations.
  • Conduct identity security assessments, evaluate emerging technologies, recommend improvements, and mentor junior technical staff on IAM and Zero Trust best practices.

Required Qualifications:
  • U.S. Citizenship.
  • Active Secret clearance and ability to qualify for and obtain a TS/SCI.
  • Bachelor's degree in computer science, Cybersecurity, Information Systems, Engineering, or a related field (or equivalent combination of education and experience).
  • Minimum of eight (5) years of experience designing, implementing, and supporting enterprise Identity and Access Management (IAM) solutions, including Identity Governance, Federation, Privileged Access Management (PAM), RBAC, and ABAC.
  • Experience implementing enterprise authentication technologies, including Active Directory, Microsoft Entra ID (Azure AD), LDAP, PKI, CAC/PIV, SAML, OAuth 2.0, and OpenID Connect.
  • Working knowledge of Zero Trust Architecture, Identity, Credential, and Access Management (ICAM), and cloud identity services within hybrid or cloud environments.
  • Experience supporting DoD or Intelligence Community customers and familiarity with RMF, NIST SP 800-53, NIST SP 800-63, and other federal cybersecurity standards.
  • Strong analytical, problem-solving, and communication skills with the ability to develop technical documentation and collaborate effectively with cross-functional teams.
  • Ability to obtain and maintain a Secret security clearance.
  • Active DoD 8570/8140 baseline certification such as:
    • CISSP, Security+ CE, CASP+, CCSP, GSLC, Equivalent approved certification

Desired Qualification:
  • Active Top Secret or TS/SCI clearance.
  • CISSP certification.
  • Certified Identity and Access Manager (CIAM).
  • Microsoft Certified: Identity and Access Administrator.
  • Microsoft Certified: Cybersecurity Architect Expert.
  • Certified Cloud Security Professional (CCSP).
  • AWS Security Specialty.
  • Azure Security Engineer Associate.
  • Experience with SailPoint, Ping Identity, Okta, ForgeRock, CyberArk, Delinea, BeyondTrust, or similar enterprise IAM platforms.
  • Experience supporting eMASS, ATO packages, and RMF assessments.
  • Experience implementing DoD Enterprise ICAM initiatives.
  • Knowledge of ABAC policy engines such as XACML or Open Policy Agent (OPA).
  • Experience supporting hybrid cloud or multi-cloud enterprise environments.
  • Experience automating identity workflows using PowerShell, Python, or REST APIs.

Education Requirements:
  • Bachelor's degree in computer science, Cybersecurity, Information Systems, Engineering, or a related field (or equivalent combination of education and experience).
Security Clearance Requirements:
  • Active Secret clearance and ability to qualify for and obtain a TS/SCI.

Physical, Work Environment & Conditions: (please update)
  • Typical office environment.
  • Must be able to sit or stand at a workstation for extended periods.
  • Occasional standing while working in server rooms or at patch panels.
  • Must be able to lift and move moderately heavy equipment (e.g., routers, switches, servers) typically up to 30-50 pounds.
  • Manual Dexterity required for connecting cables, configuring devices, and handling small tools or components.
  • Must be able to view computer screens for long periods.
  • Ability to distinguish color-coded documents, cabling, and indicator lights.
  • Must be able to climb ladders or crawl in tight spaces for cable runs or equipment installation.
  • May require walking between different buildings or workstations.
  • Must be able to communicate clearly with technical teams and end-users.
  • May need to hear alarms, server beeps, or equipment noises indicating issues

This position description is not intended as, nor should it be construed as, exhaustive of all responsibilities, skills, efforts or working conditions associated with this job. This and all positions are eligible for organization-wide transfer. Management reserves the right to assign or reassign duties and responsibilities at any time.

FGS offers a generous compensation package including health, dental, vision, 401(k), group life insurance, educational reimbursement, among other benefits.

We value our employees and strive to offer many opportunities for professional growth.

#cjpost -Information Security

Similar Jobs

More Jobs at FGS LLC

More Information Technology Jobs

Find similar Identity and Access Management/ABAC Architect jobs: