Information Technology Expert (Identity and Access Management Expert), Grade N32
Role details
Job location
Tech stack
Job description
This role will drive enterprise authentication modernization initiatives, including SSO integrations, identity governance, lifecycle automation, MFA, access certifications, and zero-trust security architecture. Duties include:
- Design and implement the enterprise Identity and Access Management (IAM) architecture, standards, and strategic roadmap, including modernization of legacy authentication platforms to cloud-native identity solutions
- Develop scalable identity strategies for both internal and external identity use cases, covering authentication, authorization, federation, and identity lifecycle management
- Provide ongoing operational support, maintenance, incident resolution, and lifecycle management for enterprise applications integrated with the IAM ecosystem across production and non-production environments
- Troubleshoot and resolve authentication, authorization, provisioning, federation, token, session, and access-related issues, including root-cause analysis, upgrades, certificate renewals, and platform migrations
- Implement, administer, and support enterprise IAM platforms, including Microsoft Entra ID, Azure AD B2C, Oracle Cloud Infrastructure Identity and Access Management, SailPoint, IdentityNow, Active Directory, ApereoCAS, and OpenDJ
- Configure and manage authentication policies, Conditional Access, MFA, passwordless authentication, RBAC, and hybrid identity integrations across on-premises and cloud platforms using tools such as Apache Airflow, Azure Functions, and Logic Apps
- Design, implement, and support enterprise Single Sign-On (SSO) and federation solutions using SAML 2.0, OAuth 2.0, OpenID Connect, WS-Federation, and LDAP / LDAPS
- Integrate and support enterprise applications, including SaaS platforms, Oracle applications, and custom-developed applications, while resolving federation, claims mapping, redirect, and end-user session issues
- Implement and manage Identity Governance and Administration (IGA) workflows using SailPoint, IdentityNow, including joiner/mover/leaver processes, access approvals, role models, certification campaigns, remediation workflows, and Segregation of Duties (SoD) controls
- Support Zero Trust identity initiatives, regulatory compliance, audit controls, access reviews, privileged access management, audit logging, and least-privilege security models
Telework: This position may be eligible for limited hybrid telework, up to two days per week, after the initial training period.
A criminal background (and credit history) check will be conducted on the selected candidate prior to appointment and will be a significant factor in the hiring decision., Montgomery County Government(MCG) is an equal opportunity employer, committed to workforce diversity. Accordingly, as it relates to employment opportunities, the County will provide reasonable accommodations to applicants with disabilities, in accordance with the law. Applicants requiring reasonable accommodation for any part of the application and hiring process should email OHR at Hiring@montgomerycountymd.gov. Individual determinations on requests for reasonable accommodation will be made in accordance with all applicable laws.
MCG also provides hiring preference to certain categories of veterans and veterans/persons with a disability. For more information and to claim employment preference, refer to the Careers webpage on Hiring Preference.
All applicants will respond to a series of questions related to their education, relevant experience, knowledge, skills, and abilities required to minimally perform the job. The applicant's responses in conjunction with their resume and all other information provided in the employment application process will be evaluated to determine the minimum qualifications and preferred criteria or interview preference status. Based on the results, the highest qualified applicants will be placed on an Eligible List and may be considered for an interview. Employees meeting minimum qualifications who are the same grade will be placed on the Eligible List as a "Lateral Transfer" candidate and may be considered for an interview.
Requirements
Do you have experience in Systems integration?, Do you have a Master's degree?, Education:Master's degree in computer science, Information Systems, Cybersecurity, Information Technology, or a related field from accredited college or university., Identity and Access Management Experience
- Six (6) years of experience in Identity and Access Management (IAM), cybersecurity, identity engineering, and application integration
- Proven success integrating SaaS, Oracle, custom-developed, and legacy applications with enterprise IAM platforms
- Hands-on support of production IAM-integrated enterprise applications
- Experience working across cloud, hybrid, and on-premises identity environments
IAM and Technical Expertise
- Extensive experience designing, implementing, integrating, and supporting enterprise IAM solutions. Strong technical proficiency with:
- Microsoft Entra ID
- Azure AD B2C
- Oracle Cloud IAM
- SailPoint IdentityNow
- Active Directory
- Familiarity with open-source identity tools, including Apereo CAS and OpenDJ
Integration and Security
- Strong background integrating enterprise applications using SSO, federation, and identity governance frameworks
- Working knowledge of key authentication and federation protocols:
- SAML 2.0
- OAuth 2.0
- OpenID Connect (OIDC)
- LDAP / LDAPS
Communication: Strong written and verbal communication skills Equivalency: An equivalent combination of education and experience may be substituted. PROBATIONARY PERIOD: Individuals appointed to a position in this class will be required to serve a probationary period of twelve (12) months and, if promoted to a position in this class, will be required to serve a probationary period of six (6) months. Performance will be carefully evaluated during the probationary period. Continuation in this class will be contingent upon successful completion of the probationary period.
Medical Protocol: This position requires successful completion of a pre-employment medical evaluation, which includes a physical examination and drug screening., * Experience in designing and implementing enterprise IAM architecture, standards, and strategic roadmaps.
- Experience in modernizing legacy authentication platforms into cloud-native identity solutions.
- Strong working knowledge of Microsoft Entra ID, Azure AD B2C, Oracle Cloud Infrastructure Identity and Access Management, SailPointIdentityNow, Active Directory,ApereoCAS, andOpenDJ.
- Strong knowledge of SAML 2.0, OAuth 2.0, OpenID Connect, WS-Federation, LDAP / LDAPS, including troubleshooting token and claims issues.
- Experience implementing joiner, mover, leaver workflows, access approvals, certification campaigns, role-based access models, andSoDcontrols.
- Strong understanding of Zero Trust, least-privilege access, privileged access controls, audit logging, and regulatory compliance requirements.
- Experience providing production support, incident resolution, root-cause analysis, upgrades, certificate renewals, and platform migrations.
- Experience integrating on-premises and cloud identity systems, including directory synchronization and hybrid access models.
- Strong ability to diagnose and resolve complex authentication, federation, provisioning, and access-related issues.
- Ability to work effectively with business teams, application owners, infrastructure teams, vendors, and leadership
Benefits & conditions
Pulled from the full job description
- Loan repayment program
- Loan forgiveness
- Tuition reimbursement
- Paid parental leave
- Parental leave
- Paid time off
- Flexible spending account, Please note: The salary range above represents this position's earning potential. The anticipated hiring range for this position will be $111948.00 to $178,116.00, based on the candidate's qualifications and experience.