TS/SCI Identity Provider Engineer

An employer in the Reston, Virginia area is seeking a TS/SCI Identity Provider Engineer for a direct hire opportunity. In this role, the selected candidate will support large scale Identity and Access Management (IAM) initiatives, helping clients securely manage user access and protect mission critical systems. The engineer will work closely with stakeholders and engineering teams to understand user roles, access requirements, and identity lifecycle needs, and will design, deploy, and support IAM solutions that manage authentication, authorization, and credentials, including single sign on and privileged access. This position will also contribute to the implementation of zero trust and identity based security solutions to prevent unauthorized access and safeguard sensitive data. An active Top Secret clearance with SCI eligibility is required, along with a willingness to complete a CI polygraph. This role requires on site presence five days per week. Can sit in Reston, VA (preferred)

Active TS/SCI clearance (must be willing to take a polygraph) 5+ years of experience with Ping Federate, Okta, Entra ID, or ADFS Experience with SAML 2.0, OAuth 2.0, and OpenID Connect (OIDC) Experience with Identity federation and Single Sign-On (SSO) Experience with access control models such as RBAC and ABAC Experience integrating IdPs with directory services such as Active Directory (AD) and LDAP, including synchronization and authentication workflows Knowledge of Zero Trust architectures and implementation of password-less authentication or multifactor authentication (MFA) within the IdP environment Ability to resolve complex identity and federation issues, including token validation errors, assertion mismatches, and connectivity problems Ability to design and operate IdP solutions across on-premises, hybrid, and cloud infrastructures, including AWS, Azure, or Google Cloud

Nice to Have Skills & Experience

Experience implementing System for Cross-domain Identity Management (SCIM) protocols for automated user provisioning and lifecycle management between identity providers and applications Experience with advanced platform features such as Okta Workflows, Ping Identity Suite advanced policy scripting, adaptive authentication, and the development of custom login pages Experience with scripting languages such as Python, PowerShell, or Bash to automate IdP configuration, monitoring, and remediation tasks Knowledge of cloud-native IAM services, including Azure Active Directory, AWS IAM, or Google Cloud Identity TS/SCI clearance with a polygraph

Benefit packages for this role will start on the 1st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.