Identity, PKI & Access Engineer

VT-ARC is seeking a Senior to Staff level Identity, PKI and Access Engineer to support identity engineering, Zero Trust-aligned access, PKI, certificate lifecycle management, SSO, OIDC, secrets management, and secure service integration for mission-critical programs within TS/SCI environments.

This role is focused on identity engineering across the full implementation lifecycle, from requirements interpretation and architecture input through detailed design, implementation planning, integration, validation, documentation, and transition to operations. The role supports identity and access capabilities across enterprise, application, platform, network, container, and mission environments, including internet-connected, classified, multi-enclave, and air-gapped settings.

The Identity, PKI and Access Engineer will coordinate closely across technical teams and individual contributors to ensure secure identity management and access delivery. You have a mission focus and take pride in building systems the right way and supporting them end-to-end., * Support end-to-end identity engineering activities, including architecture input, detailed design, implementation planning, integration, validation, and operational transition.

• Design, implement, integrate, and modernize identity, SSO, PKI, certificate lifecycle, federation, access control, and secrets management capabilities in classified and high-assurance environments.
• Engineer secure authentication and authorization patterns using OIDC, OAuth 2.0, SAML, LDAP/LDAPS, Kerberos, mTLS, RBAC, ABAC, and related identity technologies.
• Implement and support identity platforms and integrations involving Entra ID, Keycloak, Active Directory, certificate authorities, cert-manager, secrets managers, container security platforms such as Aqua Security, and related tools.
• Support certificate issuance, renewal, rotation, revocation, trust store management, mTLS enablement, service identity, and application certificate dependencies.
• Coordinate identity and secrets management dependencies across application, platform, cloud, network, UC, crypto, cybersecurity, and operations teams.
• Develop identity implementation plans, integration diagrams, certificate inventories, secrets management procedures, test procedures, and operational support documentation.
• Support Zero Trust-aligned access controls, least privilege, privileged access dependencies, auditability, and secure service-to-service communication.
• Support RMF, ATO, STIG, vulnerability remediation, control inheritance, and cybersecurity compliance activities for identity and access services.

You are an identity engineer with deep experience implementing and integrating identity, access, certificate, PKI, federation, SSO, and/or secrets management capabilities in secure enterprise environments.

You bring hands-on depth with identity providers, certificate lifecycle management, OIDC, OAuth 2.0, SAML, PKI, certificate authorities, cert-manager, Entra ID, Keycloak, secrets platforms, service identities, and secure access patterns. You understand how identity, certificates, and secrets support Zero Trust-aligned architecture across both connected and air-gapped environments.

You are adaptable and comfortable working across cybersecurity, application, platform, cloud, network, UC, crypto, and operations teams to ensure identity capabilities are secure, interoperable, validated, documented, and operationally supportable. You have a mission focus and take pride in building systems the right way and supporting them end-to-end., * Demonstrated senior-level experience implementing and supporting enterprise identity, PKI, certificate management, SSO, federation, or secrets management capabilities.

• Hands-on experience with technologies such as Entra ID, Keycloak, Active Directory, LDAP/LDAPS, OIDC, OAuth 2.0, SAML, PKI, certificate authorities, cert-manager, or equivalent identity platforms.
• Strong practical knowledge of certificate lifecycle management, trust chains, mTLS, service identities, access control, token-based authentication, secrets rotation, and identity troubleshooting.
• Experience supporting classified, TS/SCI, multi-enclave, internet-connected, or air-gapped environments.
• Ability to coordinate technical dependencies across cybersecurity, application, platform, network, UC, crypto, cloud, and operations teams.
• Experience supporting RMF processes, ATO documentation, STIG compliance, security controls, or equivalent cybersecurity compliance activities for identity or platform services.
• Ability to produce clear technical documentation, diagrams, implementation guides, test procedures, certificate inventories, and operational support materials., * Experience with secrets platforms such as HashiCorp Vault, Azure Key Vault, CyberArk, Kubernetes secrets, or equivalent secure secrets management technologies.
• Experience with Aqua Security or equivalent container/cloud-native security tooling, including certificate, secrets, and workload identity integrations.
• Experience with HSMs, private CAs, offline roots, cross-certification, certificate policy, or high-assurance PKI operations.
• Professional certifications such as Security+, CISSP, Microsoft identity credentials, Kubernetes credentials, cloud security credentials, or equivalent technical credentials.
• Experience with Zero Trust architecture, privileged access management, conditional access, device posture, workload identity, and service mesh identity patterns.
• Familiarity with DoD identity, credential, and access management requirements, STIGs, FIPS dependencies, and secure enclave integration.

Security:

• Must be a U.S. Citizen
• Active Top Secret/SCI clearance is required

Competitive Salary: VT-ARC offers a competitive salary and benefits package designed to attract and retain senior technical talent supporting mission-critical programs.

Salary: $185,000-$220,000/yr., based on skills, experience, clearance, technical depth, and mission alignment.

Virginia Tech Applied Research Corporation: VT-ARC is a 501(c)(3), non-profit R&D organization affiliated with Virginia Polytechnic Institute and State University (Virginia Tech or VT). Our mission is to provide superior analytic and technology solutions across multiple domains by leveraging Virginia Techs multidisciplinary research and innovation ecosystem. With unique access to the broad and rich research enterprise found at Virginia Tech, VT-ARC forms multi-disciplinary teams to apply innovative solutions to the real-world problems that strain our social, political, industrial, and economic foundations.

VT-ARC, a technical services and applied research company, has built an organizational culture marked by four primary values: Teamwork, Integrity, Excellence, and Service. Integral to our success is our staffs enthusiasm for solving tough problems by working together in teams to get the job done. We foster a culture where every employees contribution is valued and performed with integrity while maintaining a fun work environment. VT-ARC strives for excellence in all that is done for our clients, and such achievement is recognized through service/merit awards. Moreover, we promote a sense of community larger than VT-ARC alone, where staff and institutional resources can be applied in service to our country. We are proud to be the recipient of the Best Workplace in Defense Award by Emergent Magazine, an honor that recognizes companies with positive cultures that not only impact their people but also make a meaningful difference in the community.