ICAM Identity Engineer

We are seeking an ICAM Identity Engineer to provide hands-on technical expertise implementing, configuring, and maintaining enterprise Identity, Credential, and Access Management (ICAM) solutions. The ideal candidate will bring deep technical knowledge of identity security platforms and a commitment to enforcing least-privilege access within complex hybrid environments.

Responsibilities

The ICAM Identity Engineer will be directly responsible for the deployment, configuration, and sustainment of enterprise identity platforms and controls, including:

Identity Provider & Authentication Management

Design and implement Microsoft Entra ID Conditional Access policies aligned with Zero Trust principles for Azure and AWS. Configure and maintain CAC/PKI-based Certificate Authentication and legacy ADFS environments. Manage Ping Federate as an enterprise federation gateway; onboard applications for SSO using SAML and OIDC; enforce phishing-resistant MFA.

Privileged Access Management (PAM)

Onboard privileged user, service, and application accounts into Delinea. Implement policies for credential rotation, session recording, and privileged session monitoring. Develop and maintain Just-in-Time (JIT) and Just-Enough-Administration (JEA) workflows to reduce standing privileges.

Identity Governance & Administration (IGA)

Configure SailPoint to automate Joiner-Mover-Leaver processes. Build and maintain enterprise access catalogs and automated approval workflows. Execute periodic access certification campaigns for critical roles and applications.

Enterprise Directory & Linux Identity Management

Use One Identity Active Roles to implement delegated administration and automate AD lifecycle tasks. Configure Red Hat IdM policies for host-based access control and sudo privileges across Linux servers.

Required Qualifications:

Demonstrated, hands-on expertise with at least one core ICAM platform (Microsoft Entra ID, enterprise PAM such as Delinea, or enterprise IGA such as SailPoint). Strong understanding of identity security principles: least privilege, MFA, JIT/JEA, RBAC/ABAC. Experience with Active Directory administration and Group Policy management. Ability to design, implement, and troubleshoot complex enterprise security policies. DoD 8140 compliance at IAT Level II.

Preferred:

Microsoft Certified: Identity and Access Administrator (SC-300). Delinea Certified Administrator. SailPoint Certified IdentityNow Engineer. Ping Certified Professional. Experience with Red Hat IdM policy management.