OverviewGovCIO is currently hiring a highly experienced SME Systems Engineer to support critical Identity, Credential, and Access Management (ICAM) modernization activities for the U.S. Coast Guard (USCG). This technical role focuses on designing, engineering, and executing secure, identity-centric access control frameworks across legacy and modern enterprise architectures. This position will be located in Alexandria, VA, and will be a hybrid position.
Responsibilities
The SME Systems Engineer / ICAM Engineer will serve as a primary technical authority for the enterprise identity management and access control framework. Core responsibilities include:
- Lead Modernize legacy access controls into robust, secure ICAM solutions.
- Manage enterprise directories, federation, authentication, authorization, and SSO protocols.
- Architect identity lifecycles, user provisioning workflows, and privilege management controls.
- Design and deploy strict Zero Trust identity principles (NIST SP 800-207) across network hubs.
- Configure and manage enterprise-grade PKI systems, credentials, and authenticators.
- Implement logical and physical access control systems, including MFA, SSO, and PAM.
- Build federated identity services to enable secure interoperability with mission partners.
- Conduct technical root cause analysis, privilege audits, and system performance tuning.
- Develop custom technical interfaces, architectures, data flows, and compliance documentation.
- Provide advanced engineering and architecture ownership across one of the following specializations:
- Microsoft Entra: Own tenant architecture, Entra Connect Sync, conditional access, and Entra ID Governance (PIM/Access Reviews).
- Power Platform & Automation: Lead MPM/PUMP applications and migrate legacy scripts to cloud-native solutions (Power Automate, Logic Apps, Azure Functions).
- Azure AD B2C (CIAM): Manage the CIAM platform lifecycle, custom policies, user flows, and external application integrations.
- Cloud Credential & PKI: Engineer DigiCert platforms and cloud HSMs; plan Yubikey integration to meet NIST AAL3 standards.
- Governance, Reporting & Analytics: Build Power BI compliance dashboards and develop advanced KQL queries for audits and threat hunting.
- ICAM Enterprise Architecture: Design the hybrid identity strategy (on-premises AD and Entra ID integration) and Domain Controller lifecycle.
Qualifications
High School with 10+ years (or commensurate experience)
Required Skills & Experience
- Certifications: DoD 8570 IAT Level II or higher (e.g., Security+ CE, CySA+, or vendor-specific identity certifications).
- Deep technical understanding of federated identity concepts, including SAML, OAuth, OIDC, and Active Directory / LDAP architecture.
- Hands-on engineering experience managing Smart Card / Common Access Card (CAC) authentication and PKI certificate validation.
- Proven experience designing and applying federal Zero Trust identity guidelines (NIST SP 800-207) within enterprise networks.
Clearance Level: Must have an active Secret clearance
Preferred Skills & Experience
- Prior experience supporting U.S. Coast Guard (USCG) or Department of Homeland Security (DHS) identity management programs.
- Familiarity with integrating data governance frameworks with ICAM solutions to enforce data-level access controls.
- Direct experience with enterprise identity tools such as SailPoint, Okta, Microsoft Entra ID, Ping Identity, DigiCert, or Power BI.
- Advanced knowledge of RESTful API authorization protocols, secure gateways, and data schema security standards.
Posted Salary RangeUSD $135,000.00 - USD $172,000.00 /Yr.