GovCIO

SME Systems Engineer (ICAM)

GovCIO$135K — $172K *
Aerospace & Defense
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • High School diploma with 10+ years of experience in relevant roles.
  • Active DoD 8570 IAT Level II certification or higher (e.g., Security+ CE, CySA+).
  • Strong understanding of federated identity concepts (SAML, OAuth, OIDC).
  • Hands-on experience with Smart Card authentication and PKI certificate validation.
  • Experience implementing Zero Trust identity guidelines (NIST SP 800-207).
  • Active Secret clearance required.

Responsibilities

  • Lead the modernization of legacy access controls into secure ICAM solutions.
  • Manage enterprise directories, federation, authentication, and authorization processes.
  • Architect identity lifecycles and user provisioning workflows.
  • Design and implement Zero Trust identity principles across network hubs.
  • Configure and manage enterprise-grade PKI systems and authenticators.
  • Establish logical and physical access control systems, including MFA and SSO.
  • Build federated identity services for secure interoperability with mission partners.

Benefits

  • Hybrid work model allowing flexibility between remote and onsite work.
  • Opportunity to work on critical projects for the U.S. Coast Guard.
  • Involvement in advanced engineering and architecture ownership.
  • Access to ongoing professional development and certifications.
  • Engagement with cutting-edge identity management technologies.
Full Job Description
Overview

GovCIO is currently hiring a highly experienced SME Systems Engineer to support critical Identity, Credential, and Access Management (ICAM) modernization activities for the U.S. Coast Guard (USCG). This technical role focuses on designing, engineering, and executing secure, identity-centric access control frameworks across legacy and modern enterprise architectures. This position will be located in Alexandria, VA, and will be a hybrid position.

Responsibilities

The SME Systems Engineer / ICAM Engineer will serve as a primary technical authority for the enterprise identity management and access control framework. Core responsibilities include:

  • Lead Modernize legacy access controls into robust, secure ICAM solutions.
  • Manage enterprise directories, federation, authentication, authorization, and SSO protocols.
  • Architect identity lifecycles, user provisioning workflows, and privilege management controls.
  • Design and deploy strict Zero Trust identity principles (NIST SP 800-207) across network hubs.
  • Configure and manage enterprise-grade PKI systems, credentials, and authenticators.
  • Implement logical and physical access control systems, including MFA, SSO, and PAM.
  • Build federated identity services to enable secure interoperability with mission partners.
  • Conduct technical root cause analysis, privilege audits, and system performance tuning.
  • Develop custom technical interfaces, architectures, data flows, and compliance documentation.
  • Provide advanced engineering and architecture ownership across one of the following specializations:
    • Microsoft Entra: Own tenant architecture, Entra Connect Sync, conditional access, and Entra ID Governance (PIM/Access Reviews).
    • Power Platform & Automation: Lead MPM/PUMP applications and migrate legacy scripts to cloud-native solutions (Power Automate, Logic Apps, Azure Functions).
    • Azure AD B2C (CIAM): Manage the CIAM platform lifecycle, custom policies, user flows, and external application integrations.
    • Cloud Credential & PKI: Engineer DigiCert platforms and cloud HSMs; plan Yubikey integration to meet NIST AAL3 standards.
    • Governance, Reporting & Analytics: Build Power BI compliance dashboards and develop advanced KQL queries for audits and threat hunting.
    • ICAM Enterprise Architecture: Design the hybrid identity strategy (on-premises AD and Entra ID integration) and Domain Controller lifecycle.
Qualifications

High School with 10+ years (or commensurate experience)

Required Skills & Experience

  • Certifications: DoD 8570 IAT Level II or higher (e.g., Security+ CE, CySA+, or vendor-specific identity certifications).
  • Deep technical understanding of federated identity concepts, including SAML, OAuth, OIDC, and Active Directory / LDAP architecture.
  • Hands-on engineering experience managing Smart Card / Common Access Card (CAC) authentication and PKI certificate validation.
  • Proven experience designing and applying federal Zero Trust identity guidelines (NIST SP 800-207) within enterprise networks.

Clearance Level: Must have an active Secret clearance

 

Preferred Skills & Experience

 

  • Prior experience supporting U.S. Coast Guard (USCG) or Department of Homeland Security (DHS) identity management programs.
  • Familiarity with integrating data governance frameworks with ICAM solutions to enforce data-level access controls.
  • Direct experience with enterprise identity tools such as SailPoint, Okta, Microsoft Entra ID, Ping Identity, DigiCert, or Power BI.
  • Advanced knowledge of RESTful API authorization protocols, secure gateways, and data schema security standards.
Posted Salary RangeUSD $135,000.00 - USD $172,000.00 /Yr.

About GovCIO

GovCIO is a technology and consulting firm that provides IT solutions to government agencies. The company specializes in cloud computing, cybersecurity, and digital transformation. GovCIO's mission is to help government agencies improve their IT infrastructure and enhance their services to the public. The company was founded in 2015 and is headquartered in Washington, DC.
Learn more about GovCIO
Size
50 employees
Industry
Founded
2015

Similar Jobs

More Jobs at GovCIO

More Aerospace & Defense Jobs

Find similar SME Systems Engineer (ICAM) jobs: