ICAM Federation and App Integration Engineer

Serves as a senior technical engineer for ICAM federation, application onboarding, authentication, authorization, and integration services; designing, configuring, integrating, testing, and sustaining enterprise identity provider, single sign-on, multifactor authentication, claims, token, and API-based access management capabilities across DoD enterprise, cloud, mission, and legacy applications; supporting Zero Trust and FICAM-aligned ICAM services; and ensuring compliance with DoD, NIST, and Intelligence Community standards and frameworks., * Work with senior leadership, customers, application owners, security teams, mission partners, and operations teams to plan and execute ICAM federation and application onboarding activities using Agile methodologies.

• Integrate Okta, Ping Federate, Radiant Logic, Microsoft Entra ID, Keycloak, ForgeRock, SailPoint, Delinea, HashiCorp, and related ICAM platforms with enterprise and mission applications.
• Assess current application authentication and access management architectures; analyze alternatives and implement federation and onboarding solutions that accelerate integration with enterprise ICAM services.
• Develop and present federation designs, claims mappings, integration artifacts, test plans, technical briefings, and application onboarding demonstrations.
• Evaluate emerging federation and authentication technologies and guide engineering teams in implementing scalable, secure, and mission-aligned SSO, MFA, API integration, and application onboarding solutions.
• Develop service design procedures and technical recommendations for application integration, claims release, federation protocols, MFA, API security, deployment automation, and operational handoff.
• Ensure engineering teams deliver effective SSO, federation, MFA, API integration, and onboarding capabilities supporting enterprise mission objectives.
• Support integration of enterprise identity providers and access management services across cloud, mission, and hybrid application environments.
• Provide technical status updates and implementation risk assessments to internal and external stakeholders.
• Serve as a technical lead for federation, identity provider, and application onboarding activities while mentoring junior engineers.
• Prepare and present architecture diagrams, implementation plans, technical demonstrations, and integration briefings.
• Recognized as a trusted technical leader for ICAM federation, single sign-on, multifactor authentication, and enterprise application integration., Washington, DCOn-Site Runbook Auditing Equities Management Automation Market Data Coordinating IT Governance Change Control Prioritization Ancient History Computer Science Operating Systems Windows PowerShell Acceptance Testing Service Management Process Improvement Flexera AdminStudio Endpoint Engineering Operational Reporting Requirements Analysis Customer Service Desk Application Packaging Information Technology Mobile Device Management End-User Training And Support Security Requirements Analysis Enterprise Application Software Microsoft Certified Professional Troubleshooting (Problem Solving) Federal Information Security Management Act Information Technology Infrastructure Library Microsoft Intune (Mobile Device Management Software) +0 Senior ICAM Federation and App Integration Engineer Leidos Reston, VAOn-Site Okta CI/CD OAuth Writing Equities Forgerock HashiCorp

OAuth, Writing Equities Forgerock HashiCorp Operations Leadership Management Automation Mentorship IdentityIQ Scalability Market Data Test Planning Risk Analysis Cloud Hosting Cloud Services Service Design Authentications Access Controls Ancient History Secret Clearance Security Controls Agile Methodology Security Policies Policy Management Amazon Web Services Single Sign-On (SSO) Financial Management Demonstration Skills Cloud-Native Computing API System Integration Requirements Elicitation Application Environments Authorization (Computing) Self Service Technologies Public Key Infrastructure Multi-Factor Authentication Environmental Certification Software As A Service (SaaS) Federated Identity Management Role-Based Access Control (RBAC) Enterprise Application Integration Application Programming Interface (API) Security Assertion Markup Language (SAML) Certified Information Systems Security Professional, * Active DoD Secret Clearance or higher.

• Typically requires BS degree and 12+ years relevant experience. Additional experience may be considered in lieu of degree.
• Experience with IdAM / ICAM delivery systems, enterprise identity providers, SSO, authentication and authorization services, federated identity management, claims engineering, access management APIs, entitlement management, and digital policy management.
• Experience with security accreditation processes and identity-related security control implementation.
• Experience supporting cloud-hosted identity services, enterprise application integration, and AWS or comparable cloud environments.
• Experience with SAML 2.0, OIDC, OAuth 2.0, FIDO2/WebAuthn, CAC/PIV, PKI, MFA, step-up authentication, and token-based access control concepts.
• Understanding of context-aware access, RBAC, ABAC, device posture, network context, and risk-based authentication principles.
• Experience integrating enterprise applications using federation protocols, APIs, claims transformation, and identity provider technologies.
• Excellent oral and written communication skills.

Required Certification(s):

• One or more DoD 8140.01 Level III Certifications
• Active Computing Environmental certification (CE) in job-related duties such as Okta, Ping Identity, Microsoft Entra ID, F5, Keycloak, or related ICAM platform certification, * Minimum of one identity provider, federation, cloud, or security certification such as Okta, Ping Identity, Microsoft Entra ID, AWS Associate, CISSP, or equivalent
• 5+ years of Commercial Cloud Services (C2S), DoD cloud, or classified mission environment experience
• Experience integrating legacy, COTS, SaaS, cloud-native, financial management, and custom applications with enterprise ICAM services
• Experience designing and implementing configurable MFA, step-up authentication, non-CAC authentication, self-service, and mission partner access patterns
• Experience with API security, policy enforcement points, claims transformation, token exchange, secrets management, and certificate lifecycle considerations
• Managing complex Sponsor relationships and requirements gathering across enterprise, component, application owner, and operations communities
• Experience migrating applications from local authentication or legacy SSO to enterprise identity provider and federation services
• Injecting detailed technical direction into teams for adoption of federation, application onboarding, CI/CD, and operational integration practices
• TS/SCI eligible, DevOps, Ansible Jenkins Planning Equities OpenShift Bitbucket DevSecOps Operations Leadership Management Automation Innovation Purchasing Reliability Market Data Artifactory Data Centers Shell Script Communication Virtual Teams Prioritization Linux Commands Detail Oriented Ancient History Customer Service CompTIA Security+ Computer Networks Service Offerings Windows PowerShell Development Testing Systems Integration Amazon Web Services Information Systems Network Engineering Virtual Environment System Administration Functional Management Wire And Cable Pulling Technical Documentation Ubuntu (Operating System) IAT Level II Certification Standard Operating Procedure Software As A Service (SaaS) Platform As A Service (PaaS) Python (Programming Language) Troubleshooting (Problem Solving), Leadership Management Automation Mentorship IdentityIQ Scalability Market Data Test Planning Risk Analysis Cloud Hosting Cloud Services Service Design Authentications Access Controls Ancient History Secret Clearance Security Controls Agile Methodology Security Policies Policy Management Amazon Web Services Single Sign-On (SSO) Financial Management Demonstration Skills Cloud-Native Computing API System Integration Requirements Elicitation Application Environments Authorization (Computing) Self Service Technologies Public Key Infrastructure Multi-Factor Authentication Environmental Certification Software As A Service (SaaS) Federated Identity Management Role-Based Access Control (RBAC) Enterprise Application Integration Application Programming Interface (API) Security Assertion Markup Language (SAML) Certified Information Systems Security Professional

Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers. Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement. More details are available at www.leidos.com/careers/pay-benefits .

If you're looking for comfort, keep scrolling. At Leidos, we outthink, outbuild, and outpace the status quo - because the mission demands it. We're not hiring followers. We're recruiting the ones who disrupt, provoke, and refuse to fail. Step 10 is ancient history. We're already at step 30 - and moving faster than anyone else dares., Leidos is an industry and technology leader serving government and commercial customers with smarter, more efficient digital and mission innovations. Headquartered in Reston, Virginia, with 47,000 global employees, Leidos reported annual revenues of approximately $16.7 billion for the fiscal year ended January 3, 2025. For more information, visit www.Leidos.com .