IAM Engineer

Design, develop, test, implement, and document workflows, integrations, and custom software to meet client requirements.

• Implement Role-Based Access Control (RBAC) frameworks and least-privileged access models based on top-down and bottom-up methodologies.

• Perform hands-on administration, implementation, and configuration of security tools to enhance the risk posture of customer networks. Tools include Okta, MS Entra, and MFA phishing-resistant tokens such as YubiKey.

• Support IAM program requirements at federal agency client sites throughout the DC metro area, working closely with customer delivery managers to prioritize daily tasks.

• Collaborate with cross-functional teams, including network engineers, security analysts, and developers, to integrate security solutions into the broader IT infrastructure. Perform work within a SAFe Agile framework.

• Develop and maintain documentation, including deployment guides, configuration and installation guides, and architecture diagrams.

• Demonstrate self-sufficiency, a growth mindset, and the ability to quickly learn new concepts while maintaining curiosity about emerging technologies.

Due to contract requirements, U.S. citizenship and successful completion of a CGI background check are required prior to beginning work. Candidates must also be able to obtain and maintain a DHS EOD/Public Trust clearance.

• Bachelor's degree in engineering or a related discipline and 1-3 years of relevant work experience.

• 1-3 years of IT solution development, configuration, testing, and implementation experience with IAM products.

• 1-3 years of experience with Okta or Entra ID, including Access Certification, Automated Provisioning, and Governance.

• Knowledge of Lightweight Directory Access Protocol (LDAP) and directory structures.

• Training or experience in process definition, workflow design, and process mapping.

• Demonstrated ability to contribute to the development of client deliverables, including technical documentation.

• Excellent verbal and written communication skills.

• Ability and initiative to set goals and execute effectively.

• Ability to work within a team environment and maintain a strong work ethic.

Desired qualifications:

• 1-3 years of consulting experience.

• Familiarity with PowerShell script development for task automation.

• Thorough understanding of Identity and Access Management (IAM), Privileged Access Management (PAM), user lifecycle management, and Identity Governance and Administration.

• Deep knowledge of SaaS platforms and cloud foundations, including scalability, multi-tenancy, security models, and integration patterns.

• Understanding of modern authentication protocols such as SAML 2.0 and OIDC/OAuth.

• Experience working within a SAFe Agile framework.

• Experience with CISA's Continuous Diagnostics and Mitigation (CDM) program., + Computer Security

CGI is required by law in some jurisdictions to include a reasonable estimate of the compensation range for this role. The determination of this range includes various factors not limited to skill set, level, experience, relevant training, and licensure and certifications. To support the ability to reward for merit-based performance, CGI typically does not hire individuals at or near the top of the range for their role. Compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range for this role in the U.S. is $100,800.00 - $245,500.00.

CGI Federal's benefits are offered to eligible professionals on their first day of employment to include:

• Competitive compensation

• Comprehensive insurance options

• Matching contributions through the 401(k) plan and the share purchase plan

• Paid time off for vacation, holidays and sick time

• Paid parental leave

• Learning opportunities and tuition assistance

• Wellness and well-being programs

#CGIFederalJob

CGI is one of the largest global IT companies, with a presence in more than 40 countries and endless opportunities to grow and expand your career. As a CGI Federal member, you will have the opportunity to become a shareholder and join a family of 90,000 professionals worldwide. CGI Federal has an exciting opportunity for an IAM Engineer to join our CDM Shared Services Program. In this role, you will be part of a cybersecurity team working to improve the security posture of a wide range of agencies by identifying and mitigating cyber risks. The Junior IAM Engineer will support Identity as a Service (IDaaS) and Identity and Access Management (IDAM) services. This consultant-engineering role is responsible for performing system implementation, integration, and support activities. The IAM Engineer serves as the face of client delivery and plays a critical role in delivering services and managing day-to-day client expectations. This position is located in one of CGI Federal's offices in Fairfax, VA or Lafayette, LA; however, a hybrid working model is acceptable. You will be required to work in a CGI Federal office two days per week., Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you'll reach your full potential because... You are invited to be an owner from day 1 as we work together to bring our Dream to life. That's why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company's strategy and direction. Your work creates value. You'll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise. You'll shape your career by joining a company built to grow and last. You'll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons. Come join our team-one of the largest IT and business consulting services firms in the world.