Posted today
Top Secret/SCI
Unspecified
Unspecified
IT - Security
Tampa, FL (On-Site/Office)
Located at MacDill AFB in Tampa, Florida. Candidates must hold an active TS/SCI clearance.
Key Responsibilities (Hands-on Implementation):
Identity Provider and Authentication Management:
● Microsoft: Design, build, test, and deploy Microsoft Entra ID Conditional Access policies to enforce Zero Trust principles for access to cloud resources in Azure and AWS. Configure and maintain Certificate-Based Authentication (CBA) for CAC/PKI. Manage and troubleshoot the on-premises ADFS environment for legacy application support.
● Ping Federate: Configure and manage the Ping Federate platform as an enterprise federation gateway. Onboard new applications for Single Sign-On (SSO) using SAML and OIDC. Build and maintain authentication policies to enforce strong, phishing-resistant MFA.
Privileged Access Management (PAM):
● Delinea: Perform the hands-on onboarding of all privileged user, service, and application accounts into the Delinea vault.
● Configure and enforce Delinea policies for credential rotation, session recording, and monitoring.
● Build and implement Just-in-Time (JIT) and Just-Enough-Administration (JEA) access request and approval workflows to eliminate standing privileges.
Identity Governance and Administration (IGA):
● SailPoint: Implement and configure the automation of the Joiner-Mover-Leaver (JML) identity lifecycle process, replacing manual, ticket-based systems.
● Build and maintain the enterprise access catalog in SailPoint to replace the manual IMT48 form with an automated, workflow-driven request and approval system.
● Configure and execute periodic access certification campaigns for critical applications and privileged roles.
AD and Linux Identity Management:
● One Identity ARS: Use the Active Roles console to implement secure, delegated administration for Active Directory, creating policies to automate user/group lifecycle tasks.
● Red Hat IdM: Centrally manage authorization policies for the Linux estate, defining Host-Based Access Control (HBAC) rules and sudo policies to control access to RHEL servers.
Qualifications and Technical Skills:
Required :
● Deep, hands-on experience with at least one of the following core platforms: Microsoft Entra ID, an enterprise PAM solution (e.g., Delinea), or an enterprise IGA solution (e.g., SailPoint).
● Strong understanding of core identity security principles, including least privilege, MFA, JIT/JEA, and RBAC/ABAC.
● Experience with Active Directory administration and group policy management.
● Ability to implement and troubleshoot complex security policies within enterprise tools.
● DoD 8140 Compliance (IAT Level II)
Journeyman
● Education: BA/BS or MA/MS
● Years Exp: 3-10
● A Journeyman labor category has 3 to 10 years of experience and a BA/BS or MA/MS degree. A Journeyman labor category typically performs all functional duties independently.
Senior
● Education: MA/MS
● Years: 10+
● A Senior labor category has over 10 years of experience and a MA/MS degree. A Senior labor category typically works on high-visibility or mission critical aspects of a given program and performs all functional duties independently. A Senior labor category may oversee the efforts of less senior staff and/or be responsible for the efforts of all staff assigned to a specific job.
SME
● A Subject Matter Expert is an individual whose qualifications and/or particular expertise are exceptional and/or highly unique. Subject Matter Experts do not have specific experience/education qualifications, but are typically identified as recognized Industry leaders for a given area of expertise. Subject Matter Experts typically perform the following kinds of functions: Initiates, supervises, and/or develops requirements from a project's inception to conclusion for complex to extremely complex programs; Provides strategic advice, technical guidance and expertise to program and project staff; Provides detailed analysis, evaluation and recommendations for improvements, optimization development, and/or maintenance efforts for client-specific or mission critical challenges/issues; Consults with client to define need or problem supervises studies and leads surveys to collect and analyze data to provide advice and recommend solutions.
Preferred:
● Microsoft Certified: Identity and Access Administrator (SC-300).
● Delinea Certified Administrator.
● SailPoint Certified IdentityNow Engineer.
● Ping Certified Professional.
● Experience with Red Hat IdM policy management.
The company is an equal opportunity/affirmative action employer. All qualified candidates will receive consideration for employment without regard to disability, protected veteran status, race, color, religious creed, national origin, citizenship, marital status, sex, sexual orientation/gender identity, age, or genetic information.
Key Responsibilities (Hands-on Implementation):
Identity Provider and Authentication Management:
● Microsoft: Design, build, test, and deploy Microsoft Entra ID Conditional Access policies to enforce Zero Trust principles for access to cloud resources in Azure and AWS. Configure and maintain Certificate-Based Authentication (CBA) for CAC/PKI. Manage and troubleshoot the on-premises ADFS environment for legacy application support.
● Ping Federate: Configure and manage the Ping Federate platform as an enterprise federation gateway. Onboard new applications for Single Sign-On (SSO) using SAML and OIDC. Build and maintain authentication policies to enforce strong, phishing-resistant MFA.
Privileged Access Management (PAM):
● Delinea: Perform the hands-on onboarding of all privileged user, service, and application accounts into the Delinea vault.
● Configure and enforce Delinea policies for credential rotation, session recording, and monitoring.
● Build and implement Just-in-Time (JIT) and Just-Enough-Administration (JEA) access request and approval workflows to eliminate standing privileges.
Identity Governance and Administration (IGA):
● SailPoint: Implement and configure the automation of the Joiner-Mover-Leaver (JML) identity lifecycle process, replacing manual, ticket-based systems.
● Build and maintain the enterprise access catalog in SailPoint to replace the manual IMT48 form with an automated, workflow-driven request and approval system.
● Configure and execute periodic access certification campaigns for critical applications and privileged roles.
AD and Linux Identity Management:
● One Identity ARS: Use the Active Roles console to implement secure, delegated administration for Active Directory, creating policies to automate user/group lifecycle tasks.
● Red Hat IdM: Centrally manage authorization policies for the Linux estate, defining Host-Based Access Control (HBAC) rules and sudo policies to control access to RHEL servers.
Qualifications and Technical Skills:
Required :
● Deep, hands-on experience with at least one of the following core platforms: Microsoft Entra ID, an enterprise PAM solution (e.g., Delinea), or an enterprise IGA solution (e.g., SailPoint).
● Strong understanding of core identity security principles, including least privilege, MFA, JIT/JEA, and RBAC/ABAC.
● Experience with Active Directory administration and group policy management.
● Ability to implement and troubleshoot complex security policies within enterprise tools.
● DoD 8140 Compliance (IAT Level II)
Journeyman
● Education: BA/BS or MA/MS
● Years Exp: 3-10
● A Journeyman labor category has 3 to 10 years of experience and a BA/BS or MA/MS degree. A Journeyman labor category typically performs all functional duties independently.
Senior
● Education: MA/MS
● Years: 10+
● A Senior labor category has over 10 years of experience and a MA/MS degree. A Senior labor category typically works on high-visibility or mission critical aspects of a given program and performs all functional duties independently. A Senior labor category may oversee the efforts of less senior staff and/or be responsible for the efforts of all staff assigned to a specific job.
SME
● A Subject Matter Expert is an individual whose qualifications and/or particular expertise are exceptional and/or highly unique. Subject Matter Experts do not have specific experience/education qualifications, but are typically identified as recognized Industry leaders for a given area of expertise. Subject Matter Experts typically perform the following kinds of functions: Initiates, supervises, and/or develops requirements from a project's inception to conclusion for complex to extremely complex programs; Provides strategic advice, technical guidance and expertise to program and project staff; Provides detailed analysis, evaluation and recommendations for improvements, optimization development, and/or maintenance efforts for client-specific or mission critical challenges/issues; Consults with client to define need or problem supervises studies and leads surveys to collect and analyze data to provide advice and recommend solutions.
Preferred:
● Microsoft Certified: Identity and Access Administrator (SC-300).
● Delinea Certified Administrator.
● SailPoint Certified IdentityNow Engineer.
● Ping Certified Professional.
● Experience with Red Hat IdM policy management.
The company is an equal opportunity/affirmative action employer. All qualified candidates will receive consideration for employment without regard to disability, protected veteran status, race, color, religious creed, national origin, citizenship, marital status, sex, sexual orientation/gender identity, age, or genetic information.
group id: 10290999
