user avatar

Identity and Access Management/ABAC Architect - Suitland, MD

FGS, LLC

Posted today

Job Requirements

Suitland, MD
Secret Polygraph Unspecified
Career Level not specified
$170,000 - $180,000

Job Description

Regular, Full Time


:


FGS is seeking an experienced Identity and Access Management (IAM) / Attribute-Based Access Control (ABAC) Architect to lead the design, implementation, and modernization of enterprise identity and access management capabilities supporting Department of Defense and Intelligence Community customers.

The successful candidate will serve as the technical authority for Identity, Credential, and Access Management (ICAM) architecture, enabling secure access to enterprise applications, cloud environments, mission systems, and cross-domain services while supporting Zero Trust Architecture initiatives.

This position is responsible for designing scalable authentication, authorization, federation, privileged access management, and attribute-based authorization solutions that meet Federal cybersecurity requirements while improving operational efficiency and user experience.

The architect will work closely with enterprise architects, cybersecurity engineers, cloud architects, system administrators, application developers, and government stakeholders to ensure identity services are securely integrated across hybrid cloud and on-premises environments.

  • Design and maintain enterprise Identity, Credential, and Access Management (ICAM) architectures supporting DoD and Intelligence Community missions.
  • Develop and implement Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC) solutions aligned with Zero Trust principles.
  • Architect secure authentication, authorization, federation, and Single Sign-On (SSO) capabilities using technologies such as SAML, OAuth 2.0, OpenID Connect, PKI, CAC/PIV, and Multi-Factor Authentication (MFA).
  • Design hybrid identity solutions integrating on-premises infrastructure with cloud platforms including Microsoft Entra ID (Azure AD), AWS, and other enterprise identity providers.
  • Develop identity governance, privileged access management (PAM), account lifecycle management, and automated provisioning/deprovisioning processes.
  • Collaborate with cloud architects, cybersecurity engineers, network architects, and application teams to integrate secure identity services across enterprise systems.
  • Ensure IAM solutions comply with DoD Zero Trust Strategy, RMF, NIST SP 800-53, NIST SP 800-63, CNSSI 1253, and applicable federal cybersecurity requirements.
  • Support Authority to Operate (ATO) activities by developing architecture documentation, security designs, implementation guidance, and technical recommendations.
  • Conduct identity security assessments, evaluate emerging technologies, recommend improvements, and mentor junior technical staff on IAM and Zero Trust best practices.

  • U.S. Citizenship.
  • Active Secret clearance and ability to qualify for and obtain a TS/SCI.
  • Bachelor's degree in computer science, Cybersecurity, Information Systems, Engineering, or a related field (or equivalent combination of education and experience).
  • Minimum of eight (5) years of experience designing, implementing, and supporting enterprise Identity and Access Management (IAM) solutions, including Identity Governance, Federation, Privileged Access Management (PAM), RBAC, and ABAC.
  • Experience implementing enterprise authentication technologies, including Active Directory, Microsoft Entra ID (Azure AD), LDAP, PKI, CAC/PIV, SAML, OAuth 2.0, and OpenID Connect.
  • Working knowledge of Zero Trust Architecture, Identity, Credential, and Access Management (ICAM), and cloud identity services within hybrid or cloud environments.
  • Experience supporting DoD or Intelligence Community customers and familiarity with RMF, NIST SP 800-53, NIST SP 800-63, and other federal cybersecurity standards.
  • Strong analytical, problem-solving, and communication skills with the ability to develop technical documentation and collaborate effectively with cross-functional teams.
  • Ability to obtain and maintain a Secret security clearance.
  • Active DoD 8570/8140 baseline certification such as:
    • CISSP, Security+ CE, CASP+, CCSP, GSLC, Equivalent approved certification

  • Active Top Secret or TS/SCI clearance.
  • CISSP certification.
  • Certified Identity and Access Manager (CIAM).
  • Microsoft Certified: Identity and Access Administrator.
  • Microsoft Certified: Cybersecurity Architect Expert.
  • Certified Cloud Security Professional (CCSP).
  • AWS Security Specialty.
  • Azure Security Engineer Associate.
  • Experience with SailPoint, Ping Identity, Okta, ForgeRock, CyberArk, Delinea, BeyondTrust, or similar enterprise IAM platforms.
  • Experience supporting eMASS, ATO packages, and RMF assessments.
  • Experience implementing DoD Enterprise ICAM initiatives.
  • Knowledge of ABAC policy engines such as XACML or Open Policy Agent (OPA).
  • Experience supporting hybrid cloud or multi-cloud enterprise environments.
  • Experience automating identity workflows using PowerShell, Python, or REST APIs.

  • Bachelor's degree in computer science, Cybersecurity, Information Systems, Engineering, or a related field (or equivalent combination of education and experience).
  • Active Secret clearance and ability to qualify for and obtain a TS/SCI.

  • Typical office environment.
  • Must be able to sit or stand at a workstation for extended periods.
  • Occasional standing while working in server rooms or at patch panels.
  • Must be able to lift and move moderately heavy equipment (e.g., routers, switches, servers) typically up to 30-50 pounds.
  • Manual Dexterity required for connecting cables, configuring devices, and handling small tools or components.
  • Must be able to view computer screens for long periods.
  • Ability to distinguish color-coded documents, cabling, and indicator lights.
  • Must be able to climb ladders or crawl in tight spaces for cable runs or equipment installation.
  • May require walking between different buildings or workstations.
  • Must be able to communicate clearly with technical teams and end-users.
  • May need to hear alarms, server beeps, or equipment noises indicating issues

This position description is not intended as, nor should it be construed as, exhaustive of all responsibilities, skills, efforts or working conditions associated with this job. This and all positions are eligible for organization-wide transfer. Management reserves the right to assign or reassign duties and responsibilities at any time.

Company Overview: FGS, LLC is an international, leading-edge provider of technical services to include Secure Information Systems, Security and Engineering and Intelligence Analysis. Our turn-key solutions include design, engineering, deployment operations, and sustainment of secure technology and critical infrastructure for the protection and safety of our customers' mission-critical information, processes, and personnel. Demonstrating an unyielding commitment to our customers, superior trust and dedication with our partners, and leading-edge technical expertise over the past seven years, FGS has experienced explosive growth providing superior services throughout the world, from North America and the Pacific Rim to the Middle East and Europe.

FGS provides secure, leading-edge technology and process management services to military, government, and commercial clients worldwide.

FGS offers a generous compensation package including health, dental, vision, 401(k), group life insurance, educational reimbursement, among other benefits.

We value our employees and strive to offer many opportunities for professional growth.


FGS, LLC is an Equal Opportunity Employer as to all protected groups, including protected veterans and individuals with disabilities
group id: 10203515

Similar Jobs


Job Category
IT - Security
Clearance Level
Secret
Employer
FGS, LLC