Posted today
Secret
Unspecified
Unspecified
Macdill AFB, FL (On-Site/Office)
Athenix Special Missions is seeking an IGA Engineer (SailPoint), Zero Trust Program (USSOCOM) in MacDill Air Force Base (Tampa), Florida!
We are seeking a highly skilled Identity Governance and Administration (IGA) Engineer to join the Zero Trust execution team at U.S. Special Operations Command (USSOCOM). In a Zero Trust architecture, identity is the new perimeter, and this role is responsible for building and maintaining the "source of truth" that governs access to the Command's most critical data.
As the IGA Engineer, you will lead the implementation and configuration of SailPoint across the NIPR, SIPR, and Top-Secret networks. You will move beyond basic account provisioning to implement a sophisticated Attribute-Based Access Control (ABAC) model. You will be responsible for defining and managing the lifecycle of "Trust Attributes" (such as clearance level, training status, and job role) that are consumed by downstream enforcement tools like Microsoft Purview and Kiteworks. Your work ensures that when a user's status changes, their access to sensitive data is updated instantly-even in air-gapped environments.
Must be a U.S. Citizen
Security Clearance: Must have an Active DoD Top Secret Clearance (SCI Eligibility)
Responsibilities
Why Athenix Special Missions?
Athenix Special Missions is a world leader in designing, building, and developing realistic training exercises for Special Operations, conventional forces, and partner nations. Our experience ranges from planning individual team training events to executing 2,000-person joint exercises.
Our mission-tailored solutions include tactical and strategic training events and exercises and often integrate live forces with virtual and constructive training domains. By bringing together the right combination of subject-matter expertise, domain insight, and advanced technology, we help improve mission readiness, increase situational awareness, and enhance performance.
ASM Quality Policy: To meet or exceed our customers' expectations for quality, delivery, and service through continual improvement, striving to meet our objectives, and committing to meeting all legal and statutory requirements
Requirements
Minimum Clearance Required to Start
Required Experience & Skills ("Must-Haves")
Preferred Experience & Skills ("Nice-to-Haves")
Certifications
Equal Opportunity Employer, including disability and protected veteran status
We are seeking a highly skilled Identity Governance and Administration (IGA) Engineer to join the Zero Trust execution team at U.S. Special Operations Command (USSOCOM). In a Zero Trust architecture, identity is the new perimeter, and this role is responsible for building and maintaining the "source of truth" that governs access to the Command's most critical data.
As the IGA Engineer, you will lead the implementation and configuration of SailPoint across the NIPR, SIPR, and Top-Secret networks. You will move beyond basic account provisioning to implement a sophisticated Attribute-Based Access Control (ABAC) model. You will be responsible for defining and managing the lifecycle of "Trust Attributes" (such as clearance level, training status, and job role) that are consumed by downstream enforcement tools like Microsoft Purview and Kiteworks. Your work ensures that when a user's status changes, their access to sensitive data is updated instantly-even in air-gapped environments.
Must be a U.S. Citizen
Security Clearance: Must have an Active DoD Top Secret Clearance (SCI Eligibility)
Responsibilities
- SailPoint Architecture & Configuration: Lead the design, deployment, and ongoing management of SailPoint IdentityNow (or IIQ) to automate the full dentity lifecycle (Joiner, Mover, Leaver) across hybrid and on-premises environments.
- ABAC Attribute Management: Define and manage the schema for "Trust Attributes" (e.g., Clearance, COI, Project Codes) within SailPoint, ensuring they align with the NIST 8112 metadata standard for consumption by policy decision points.
- Air-Gapped Identity Operations: Manage the offline instance of SailPoint on the Top-Secret network, developing the workflows to import "Attribute Manifests" and ensure that identity data remains synchronized with the low-side source of truth.
- Access Certification: Configure and execute automated access certification campaigns for critical data repositories and privileged roles, ensuring compliance with DoD audit requirements.
- Role Modeling: Work with mission owners to define Technical Roles and Business Roles within SailPoint, replacing broad, static Active Directory groups with granular, policy-driven access roles.
Why Athenix Special Missions?
Athenix Special Missions is a world leader in designing, building, and developing realistic training exercises for Special Operations, conventional forces, and partner nations. Our experience ranges from planning individual team training events to executing 2,000-person joint exercises.
Our mission-tailored solutions include tactical and strategic training events and exercises and often integrate live forces with virtual and constructive training domains. By bringing together the right combination of subject-matter expertise, domain insight, and advanced technology, we help improve mission readiness, increase situational awareness, and enhance performance.
ASM Quality Policy: To meet or exceed our customers' expectations for quality, delivery, and service through continual improvement, striving to meet our objectives, and committing to meeting all legal and statutory requirements
Requirements
Minimum Clearance Required to Start
- Active Top-Secret clearance with SCI eligibility.
Required Experience & Skills ("Must-Haves")
- SailPoint Expertise: Extensive (5+ years) hands-on experience designing, implementing, and administering SailPoint (IdentityNow or IdentityIQ) in a large enterprise environment.
- Identity Lifecycle Management: Deep understanding of the Joiner-Mover-Leaver (JML) process and experience automating provisioning/deprovisioning workflows connected to HR systems and Active Directory.
- Directory Services: Strong knowledge of Active Directory, LDAP, and Azure Active Directory (Entra ID) structures and management.
- Governance Principles: Proven experience with Role-Based Access Control (RBAC) modeling, Separation of Duties (SoD) policy creation, and access certification campaigns.
- Journeyman
- Education: BA/BS or MA/MS
- Years Exp: 3-10
- A Journeyman labor category has 3 to 10 years of experience and a BA/BS or MA/MS degree. A Journeyman labor category typically performs all functional duties independently.
- Senior
- Education: MA/MS
- Years: 10+
- A Senior labor category has over 10 years of experience and a MA/MS degree. A Senior labor category typically works on high-visibility or mission critical aspects of a given program and performs all functional duties independently. A Senior labor category may oversee the efforts of less senior staff and/or be responsible for the efforts of all staff assigned to a specific job.
Preferred Experience & Skills ("Nice-to-Haves")
- Experience implementing Attribute-Based Access Control (ABAC) strategies.
- Familiarity with DoD Identity, Credential, and Access Management (ICAM) reference designs.
- Knowledge of integration protocols such as REST, SCIM, and SOAP.
- Experience supporting USSOCOM or other DoD agencies.
Certifications
- Required: CompTIA Security+ CE (or higher) to meet DoD 8570 IAT Level II requirements.
- Preferred: SailPoint Certified IdentityNow Engineer or SailPoint Certified IdentityIQ Engineer.
- Preferred: Certified Identity and Access Manager (CIAM) or CISA.
Equal Opportunity Employer, including disability and protected veteran status
group id: 10327226
