Information Technology Expert (Identity and Access Management Expert), Grade N32

Montgomery County
Rockville, United States of America
1 month ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior
Compensation
$ 181K

Job location

Remote
Rockville, United States of America

Tech stack

Microsoft Access
Microsoft Active Directory
Airflow
Application Integration Architecture
Software Applications
Audit Trail
Software as a Service
Cloud Engineering
Computer Security
Information Systems
Identity and Access Management
Lightweight Directory Access Protocols (LDAP)
OAuth
Open Source Technology
OpenID
Oracle Applications
Role-Based Access Control
Openid Connect
Azure
Zero Trust Network Access
Security Assertion Markup Language (SAML)
Single Sign-On
Systems Integration
Enterprise Software Applications
Microsoft Power Automate
Ws-federation
Information Technology
SailPoint
Oracle Cloud Infrastructure
Serverless Computing
Legacy Systems

Job description

This role will drive enterprise authentication modernization initiatives, including SSO integrations, identity governance, lifecycle automation, MFA, access certifications, and zero-trust security architecture. Duties include:

  • Design and implement the enterprise Identity and Access Management (IAM) architecture, standards, and strategic roadmap, including modernization of legacy authentication platforms to cloud-native identity solutions
  • Develop scalable identity strategies for both internal and external identity use cases, covering authentication, authorization, federation, and identity lifecycle management
  • Provide ongoing operational support, maintenance, incident resolution, and lifecycle management for enterprise applications integrated with the IAM ecosystem across production and non-production environments
  • Troubleshoot and resolve authentication, authorization, provisioning, federation, token, session, and access-related issues, including root-cause analysis, upgrades, certificate renewals, and platform migrations
  • Implement, administer, and support enterprise IAM platforms, including Microsoft Entra ID, Azure AD B2C, Oracle Cloud Infrastructure Identity and Access Management, SailPoint, IdentityNow, Active Directory, ApereoCAS, and OpenDJ
  • Configure and manage authentication policies, Conditional Access, MFA, passwordless authentication, RBAC, and hybrid identity integrations across on-premises and cloud platforms using tools such as Apache Airflow, Azure Functions, and Logic Apps
  • Design, implement, and support enterprise Single Sign-On (SSO) and federation solutions using SAML 2.0, OAuth 2.0, OpenID Connect, WS-Federation, and LDAP / LDAPS
  • Integrate and support enterprise applications, including SaaS platforms, Oracle applications, and custom-developed applications, while resolving federation, claims mapping, redirect, and end-user session issues
  • Implement and manage Identity Governance and Administration (IGA) workflows using SailPoint, IdentityNow, including joiner/mover/leaver processes, access approvals, role models, certification campaigns, remediation workflows, and Segregation of Duties (SoD) controls
  • Support Zero Trust identity initiatives, regulatory compliance, audit controls, access reviews, privileged access management, audit logging, and least-privilege security models

Telework: This position may be eligible for limited hybrid telework, up to two days per week, after the initial training period.

A criminal background (and credit history) check will be conducted on the selected candidate prior to appointment and will be a significant factor in the hiring decision., Montgomery County Government(MCG) is an equal opportunity employer, committed to workforce diversity. Accordingly, as it relates to employment opportunities, the County will provide reasonable accommodations to applicants with disabilities, in accordance with the law. Applicants requiring reasonable accommodation for any part of the application and hiring process should email OHR at Hiring@montgomerycountymd.gov. Individual determinations on requests for reasonable accommodation will be made in accordance with all applicable laws.

MCG also provides hiring preference to certain categories of veterans and veterans/persons with a disability. For more information and to claim employment preference, refer to the Careers webpage on Hiring Preference.

All applicants will respond to a series of questions related to their education, relevant experience, knowledge, skills, and abilities required to minimally perform the job. The applicant's responses in conjunction with their resume and all other information provided in the employment application process will be evaluated to determine the minimum qualifications and preferred criteria or interview preference status. Based on the results, the highest qualified applicants will be placed on an Eligible List and may be considered for an interview. Employees meeting minimum qualifications who are the same grade will be placed on the Eligible List as a "Lateral Transfer" candidate and may be considered for an interview.

Requirements

Do you have experience in Systems integration?, Do you have a Master's degree?, Education:Master's degree in computer science, Information Systems, Cybersecurity, Information Technology, or a related field from accredited college or university., Identity and Access Management Experience

  • Six (6) years of experience in Identity and Access Management (IAM), cybersecurity, identity engineering, and application integration
  • Proven success integrating SaaS, Oracle, custom-developed, and legacy applications with enterprise IAM platforms
  • Hands-on support of production IAM-integrated enterprise applications
  • Experience working across cloud, hybrid, and on-premises identity environments

IAM and Technical Expertise

  • Extensive experience designing, implementing, integrating, and supporting enterprise IAM solutions. Strong technical proficiency with:
  • Microsoft Entra ID
  • Azure AD B2C
  • Oracle Cloud IAM
  • SailPoint IdentityNow
  • Active Directory
  • Familiarity with open-source identity tools, including Apereo CAS and OpenDJ

Integration and Security

  • Strong background integrating enterprise applications using SSO, federation, and identity governance frameworks
  • Working knowledge of key authentication and federation protocols:
  • SAML 2.0
  • OAuth 2.0
  • OpenID Connect (OIDC)
  • LDAP / LDAPS

Communication: Strong written and verbal communication skills Equivalency: An equivalent combination of education and experience may be substituted. PROBATIONARY PERIOD: Individuals appointed to a position in this class will be required to serve a probationary period of twelve (12) months and, if promoted to a position in this class, will be required to serve a probationary period of six (6) months. Performance will be carefully evaluated during the probationary period. Continuation in this class will be contingent upon successful completion of the probationary period.

Medical Protocol: This position requires successful completion of a pre-employment medical evaluation, which includes a physical examination and drug screening., * Experience in designing and implementing enterprise IAM architecture, standards, and strategic roadmaps.

  • Experience in modernizing legacy authentication platforms into cloud-native identity solutions.
  • Strong working knowledge of Microsoft Entra ID, Azure AD B2C, Oracle Cloud Infrastructure Identity and Access Management, SailPointIdentityNow, Active Directory,ApereoCAS, andOpenDJ.
  • Strong knowledge of SAML 2.0, OAuth 2.0, OpenID Connect, WS-Federation, LDAP / LDAPS, including troubleshooting token and claims issues.
  • Experience implementing joiner, mover, leaver workflows, access approvals, certification campaigns, role-based access models, andSoDcontrols.
  • Strong understanding of Zero Trust, least-privilege access, privileged access controls, audit logging, and regulatory compliance requirements.
  • Experience providing production support, incident resolution, root-cause analysis, upgrades, certificate renewals, and platform migrations.
  • Experience integrating on-premises and cloud identity systems, including directory synchronization and hybrid access models.
  • Strong ability to diagnose and resolve complex authentication, federation, provisioning, and access-related issues.
  • Ability to work effectively with business teams, application owners, infrastructure teams, vendors, and leadership

Benefits & conditions

Pulled from the full job description

  • Loan repayment program
  • Loan forgiveness
  • Tuition reimbursement
  • Paid parental leave
  • Parental leave
  • Paid time off
  • Flexible spending account, Please note: The salary range above represents this position's earning potential. The anticipated hiring range for this position will be $111948.00 to $178,116.00, based on the candidate's qualifications and experience.

About the company

The Department of Technology and Enterprise Business Solutions (TEBS) delivers responsive, collaborative, and innovative technology solutions that enable efficient services across all branches of government. TEBS provides high-quality, cost-effective technology and consulting services that reduce service times, lower costs, enhance information security, and improve the overall quality of County services through automation and process optimization. In addition, TEBS leads business process reengineering efforts to modernize legacy workflows and streamline services for our customers. By leveraging industry-leading platforms and emerging AI-driven tools, TEBS ensures a secure, modern, and collaborative digital environment that supports the County's strategic goals.

Apply for this position