Join our talent network

Job #: R-00003140
Location: Lorton, VA
Category: Info Security
Schedule (FT/PT): Full time
Travel Required: Yes, 10% of the time
Shift: Day
Potential for Telework: No
Clearance Required: Top Secret
Referral Eligibility: Eligible
Group: Civil

Job Description:

As a Senior Identity & Access Management (IAM) engineer, you will report directly to the Security Services Manager. Your senior technical and engineering expertise will be critical for contributing to a PKI team for implementing and supporting the programs Identity & Access Management program architecture, infrastructure, capabilities, components and standards. Specifically, you will be responsible for contributing to and in cases leading engineering activities for PKI, Enterprise SHA-1 to SHA-2 testing and implementation, PKI Reporting, PKI/IAM service development, service integration, implementation and operations of all program-wide PKI services. This position collaborates closely with core services architects, engineers, and service providers to implement the PKI/IAM Program modernization efforts for the program. Familiarity with DISA PKI Governance and CSP required. Our ideal candidate will be an emerging technical leader and highly knowledgeable with a demonstrable history with the following:
  • Modern approaches to IT service-oriented architectures and applications. Specifically, substantial experience with implementing services and applications in a hybrid computing environment.
  • Services based Integration of role-based access control, Active Directory, LDAP, Single Sign-On, End-User provisioning, Department of Defense identity and access governance, and identity data synchronization services with existing applications and systems.
  • API Gateways, Enterprise Directories, Enterprise Databases, SSO and Access Management systems, and identity federation protocols.
  • Scripting languages such as PowerShell, JavaScript, Beanshell, LUA, and Groovy.
  • SQL scripting in a large data base environment.
  • Programming languages such as C, C++, Go, and Java - desired.
  • Leading mentorship exercises for junior level IAM engineers.
  • To ensure that essential services are provided program community, the employee will be required to work outside their regular working hours as needed.


Qualifications: Overall Identity and Access Management Qualifications
  • BS in computer science or related discipline with 12 years of years of experience; or an Associates degree with 16+ years of experience. Equivalent work experience may be substituted in lieu of a degree.
  • Significant experience in understanding, leading, and implementing engineering efforts against technical IAM architecture designs across six major capability areas:
  • Identity Lifecycle Management
  • Identity Data Models
  • Access Lifecycle Management
  • Runtime Enforcement
  • Credential Management
  • Identity Federation


* Extensive history of leading engineering contributions to enterprise IAM deployments in a senior or equivalent engineering role. Significant deployment experience must include a minimum of four or above of the following IAM solutions:
  • Identity Governance and Administration ( IGA) for aggregating application and system data for access certification.
  • Identity Lifecycle Management and user provisioning/de-provisioning.
  • Single Sign On ( SSO) integration and session management for multiple web and cloud applications.
  • Identity Federation ( SAML) configuration and integration across multiple trusted third parties, applications, and systems.
  • Directory ( LDAP) service implementation and integration for identity data consumption by applications and systems.
  • Multi Factor Authentication ( MFA) such as Duo security integration into the authentication, authorization, and single sing on process for applications and systems.
  • API security and API integration with IAM systems for sharing identity contexts.


* Extensive and deep knowledge in identity and access data correlation, normalization and building of cohesive identity and access data models for large enterprises.
  • Significant and demonstrable history with complex Identity and Access Management integration and service delivery use cases and requirements.
  • Has experience in working with software development disciplines (i.e. DevOps) including previous hands on development experience with a programming language such as C, C++, or Java.
  • Excellent and demonstrable experience with relational database management systems (i.e. Oracle, SQL Server) including significant experience with writing SQL extracts, development of custom views and stored procedures.
  • Expert knowledge in IT, service-oriented architectures, software development life cycles, or information security platforms and applications.


Team Dynamics
  • Ability to work with a dynamic IA team for supporting multiple competing priorities at the same time including project work, production support and monthly governance board meetings.
  • Ability to contribute, lead, and collaborate with the Security Services Manager in establishing a growth and training program applicable for TA and RA role.
  • Very comfortable with working closely with security services stakeholders, architects, and engineers for project and program delivery milestones.
  • Possesses advanced listening skills and advanced team dynamic problem solving, root cause analysis, and resolution.
  • Has worked and lead efficient and effective IAM engineering teams of 2+ individuals in a demanding environment.
  • Proven and demonstrable performance in critical thinking and usage of innovative thinking for enhancing engineering team capabilities and providing solutions for new challenges, issues, and requirements.


Desired Assets:
  • 5+ years experience in integrating security and IAM products in mid to large enterprises.
  • 3+ years working knowledge of DevOps, CI/CD pipelines, and application containerization.
  • 4+ years of experience across a variety of technologies such databases, directory services, application servers, network infrastructures, Linux operating systems, and an understanding of fundamental security and data flows within these components.
  • 4+ years of experience with identity management products such as One Identity, SailPoint, IBM, CA and/or Oracle Identity Manager ( OIM) - desired.
  • 4+ years of experience with Access Management and Federation products such as ForgeRock OpenAM, IBM Security Access Manager, or Oracle Access Manager.
  • 3+ years of experience with requirements, design, implementation, integration, and testing for IAM component integration into on-premise and cloud-based applications.
  • 3+ years of experience with managing and operating Unix or Linux based operating systems.
  • 3+ years of experience with object-oriented program languages (C++, Java, C#).
  • 3+ years of web services development and implementation experience.
  • 3+ years experience with XML, REST, or JSON.
  • Excellent verbal and written communication skills.
  • Desired Certifications
  • CISSP highly preferred.


Leidos is a Fortune 500® information technology, engineering, and science solutions and services leader working to solve the world's toughest challenges in the defense, intelligence, homeland security, civil, and health markets. The company's 32,000 employees support vital missions for government and commercial customers. Headquartered in Reston, Virginia, Leidos reported annual revenues of approximately $10.19 billion for the fiscal year ended December 28, 2018. For more information, visit www.Leidos.com .

Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers. Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement. More details are available here .

Leidos will never ask you to provide payment-related information at any part of the employment application process. And Leidos will communicate with you only through emails that are sent from a Leidos.com email address. If you receive an email purporting to be from Leidos that asks for payment-related information or any other personal information, please report the email to spam.leidos@leidos.com .

All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.

Talent Community

Join our Talent Community to create a profile, enabling a streamlined application process and to help our recruiters better understand your areas of expertise and interest.

Join our Talent Community