Identity Provider Engineer

• Experience with Ping Federate, Okta, or Entra ID
• Experience with SAML 2.0, OAuth 2.0, and OpenID Connect (OIDC)
• Experience developing custom SAML, OAuth, and OIDC integrations and troubleshooting protocol exchanges
• Experience with languages used for identity platform development and automation such as Java, JavaScript, Python, PowerShell, or Groovy
• Experience working with RESTful APIs to integrate identity providers with external applications and automate identity lifecycle processes
• Experience integrating and synchronizing with Active Directory (AD) or LDAP
• Knowledge of Zero Trust architectures and implementation of password-less authentication or multifactor authentication (MFA) within the IdP environment
• Ability to resolve complex identity and federation issues, including token validation errors, assertion mismatches, and connectivity problems
• Active TS/SCI clearance; willingness to take a polygraph exam
• HS diploma or GED

Nice If You Have:

• Experience with Ping Identity Suite tools, including development using PingFederate, PingAccess, PingDirectory, or PingOne with custom workflows and scripting
• Experience building or enhancing automated user lifecycle management using System for Cross-domain Identity Management protocols
• Experience integrating identity provider code and configurations into DevOps and CI/CD pipelines for automated build and deployment workflows
• Knowledge of advanced Okta development features such as Okta Workflows, Custom Authorization Servers, Inline Hooks, and Okta APIs for enhanced platform customization
• Knowledge of compliance and regulatory standards such as NIST, FedRAMP, HIPAA, or other frameworks relevant to identity management solutions
• Knowledge of cloud identity platforms such as AWS Cognito, Azure AD B2C, or Google Cloud Identity
• Possession of excellent verbal and written communication skills
• TS/SCI clearance with a polygraph
• Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or a related field

At Booz Allen, we celebrate your contributions, provide you with opportunities and choices, and support your total well-being. Our offerings include health, life, disability, financial, and retirement benefits, as well as paid leave, professional development, tuition assistance, work-life programs, and dependent care. Our recognition awards program acknowledges employees for exceptional performance and superior demonstration of our values. Full-time and part-time employees working at least 20 hours a week on a regular basis are eligible to participate in Booz Allen's benefit programs. Individuals that do not meet the threshold are only eligible for select offerings, not inclusive of health benefits. We encourage you to learn more about our total benefits by visiting the Resource page on our Careers site and reviewing Our Employee Benefits page.

Salary at Booz Allen is determined by various factors, including but not limited to location, the individual's particular combination of education, knowledge, skills, competencies, and experience, as well as contract-specific affordability and organizational requirements. The projected compensation range for this position is $86,800.00 to $198,000.00 (annualized USD). The estimate displayed represents the typical salary range for this position and is just one component of Booz Allen's total compensation package for employees. This posting will close within 90 days from the Posting Date.

Identity Statement

As part of the hiring process, we will ask you to complete an identity verification process that leverages advanced biometrics and artificial intelligence to ensure authenticity and protect against identity fraud. You are expected to be on camera during interviews and assessments. We reserve the right to take your picture to verify your identity and prevent fraud.

You know that the user is the last frontier for cybersecurity. It's where the perimeter is drawn, and securing identities is pivotal in the fight against cybercriminals. As an Identity and Access Management (IAM) specialist, you have the skills and experience to keep hackers from taking data and breaking processes. We're looking for someone like you to help our clients meet their missions without disruption. As an Identity Provider Engineer at Booz Allen, you'll play a critical role in the world of identity and access management and zero trust. In this role, you'll support large-scale IAM projects for our clients. You'll interface with stakeholders and engineering teams to delve into the details and dependencies of critical processes and users' roles within them. You'll analyze the identity lifecycle, articulating access requirements and defining enterprise identity records. You'll use your experience in IAM to design, deploy, and support systems that verify appropriate user privileges and manage credentials for accessing our clients' most valuable assets. From single sign-on to privileged access systems, you'll have the chance to implement enterprise-class solutions and stop adversaries in their tracks. Join us. The world can't wait., AI is a part of our daily work at Booz Allen, and we are committed to the responsible and ethical use of AI tools. However, we want to ensure a fair candidate process based on your own skills and knowledge. As part of this commitment, the use of artificial intelligence (AI) or other tools to assist with responses during interviews (whether in-person or virtual) is prohibited unless permission is explicitly provided. Work Model Our people-first culture prioritizes the benefits of collaboration, whether it occurs in person or virtually. To support engagement and effective communication, employees working virtually are generally expected to have their cameras on during meetings. * Remote: If this position is listed as remote, there may still be occasions when you are required to work in person at a Booz Allen or customer facility. * Hybrid: If this position is listed as hybrid, you will be expected to work from a Booz Allen facility frequently, in alignment with leadership expectations and the needs of the role. You may also be required to work from or visit a customer facility. * Onsite: If this position is listed as onsite, work will primarily be performed at a Booz Allen office or customer facility, where employees will collaborate directly with colleagues and customers as required by the role.