Senior ICAM Federation and App Integration Engineer

Serves as a senior technical engineer for ICAM federation, application onboarding, authentication, authorization, and integration services; designing, configuring, integrating, testing, and sustaining enterprise identity provider, single sign-on, multifactor authentication, claims, token, and API-based access management capabilities across DoD enterprise, cloud, mission, and legacy applications; supporting Zero Trust and FICAM-aligned ICAM services; and ensuring compliance with DoD, NIST, and Intelligence Community standards and frameworks., * Work with senior leadership, customers, application owners, security teams, mission partners, and operations teams to plan and execute ICAM federation and application onboarding activities using Agile methodologies.

• Integrate Okta, Ping Federate, Radiant Logic, Microsoft Entra ID, Keycloak, ForgeRock, SailPoint, Delinea, HashiCorp, and related ICAM platforms with enterprise and mission applications.
• Assess current application authentication and access management architectures; analyze alternatives and implement federation and onboarding solutions that accelerate integration with enterprise ICAM services.
• Develop and present federation designs, claims mappings, integration artifacts, test plans, technical briefings, and application onboarding demonstrations.
• Evaluate emerging federation and authentication technologies and guide engineering teams in implementing scalable, secure, and mission-aligned SSO, MFA, API integration, and application onboarding solutions.
• Develop service design procedures and technical recommendations for application integration, claims release, federation protocols, MFA, API security, deployment automation, and operational handoff.
• Ensure engineering teams deliver effective SSO, federation, MFA, API integration, and onboarding capabilities supporting enterprise mission objectives.
• Support integration of enterprise identity providers and access management services across cloud, mission, and hybrid application environments.
• Provide technical status updates and implementation risk assessments to internal and external stakeholders.
• Serve as a technical lead for federation, identity provider, and application onboarding activities while mentoring junior engineers.
• Prepare and present architecture diagrams, implementation plans, technical demonstrations, and integration briefings.
• Recognized as a trusted technical leader for ICAM federation, single sign-on, multifactor authentication, and enterprise application integration.

• Active DoD Secret Clearance or higher.
• Typically requires BS degree and 12+ years relevant experience. Additional experience may be considered in lieu of degree.
• Experience with IdAM / ICAM delivery systems, enterprise identity providers, SSO, authentication and authorization services, federated identity management, claims engineering, access management APIs, entitlement management, and digital policy management.
• Experience with security accreditation processes and identity-related security control implementation.
• Experience supporting cloud-hosted identity services, enterprise application integration, and AWS or comparable cloud environments.
• Experience with SAML 2.0, OIDC, OAuth 2.0, FIDO2/WebAuthn, CAC/PIV, PKI, MFA, step-up authentication, and token-based access control concepts.
• Understanding of context-aware access, RBAC, ABAC, device posture, network context, and risk-based authentication principles.
• Experience integrating enterprise applications using federation protocols, APIs, claims transformation, and identity provider technologies.
• Excellent oral and written communication skills., * One or more DoD 8140.01 Level III Certifications
• Active Computing Environmental certification (CE) in job-related duties such as Okta, Ping Identity, Microsoft Entra ID, F5, Keycloak, or related ICAM platform certification, * Minimum of one identity provider, federation, cloud, or security certification such as Okta, Ping Identity, Microsoft Entra ID, AWS Associate, CISSP, or equivalent
• 5+ years of Commercial Cloud Services (C2S), DoD cloud, or classified mission environment experience
• Experience integrating legacy, COTS, SaaS, cloud-native, financial management, and custom applications with enterprise ICAM services
• Experience designing and implementing configurable MFA, step-up authentication, non-CAC authentication, self-service, and mission partner access patterns
• Experience with API security, policy enforcement points, claims transformation, token exchange, secrets management, and certificate lifecycle considerations
• Managing complex Sponsor relationships and requirements gathering across enterprise, component, application owner, and operations communities
• Experience migrating applications from local authentication or legacy SSO to enterprise identity provider and federation services
• Injecting detailed technical direction into teams for adoption of federation, application onboarding, CI/CD, and operational integration practices
• TS/SCI eligible

Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers. Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement. More details are available at www.leidos.com/careers/pay-benefits .

Leidos is an industry and technology leader serving government and commercial customers with smarter, more efficient digital and mission innovations. Headquartered in Reston, Virginia, with 47,000 global employees, Leidos reported annual revenues of approximately $16.7 billion for the fiscal year ended January 3, 2025. For more information, visit www.Leidos.com .