Bethesda, MD, 20814, USA
15 days ago
Identity & Access Management (IAM) Engineer Keycloak/OIDC Specialist - TS/SCI
Identity & Access Management (IAM) Engineer – Keycloak / OIDC Xcelerate Solutions is seeking an Identity and Access Management (IdAM) Engineer to support the National Media Exploitation Center (NMEC). The System Administrator will be responsible for maintaining existing enterprise identity management solutions, troubleshoot incidents, and assist with transitioning new capabilities to production. Duties will include validating the health and status, operations, and maintenance of identity management systems such as Keycloak and OpenID Connect (OIDC) technologies. This individual will work in a team environment supporting a large enterprise spanning multiple enclaves and sites. Location: Bethesda, MD Security Clearance: TS/SCI Responsibilities: + Design and implement IAM solutions using Keycloak for secure authentication and authorization based on OIDC, OAuth2, and SAML protocols. + Integrate Keycloak with internal and external applications, APIs, and third-party services to enable secure access and identity federation. + Manage and maintain the Keycloak infrastructure, including clustering, performance tuning, and monitoring. + Implement custom authentication flows, policies, and user federation strategies using Keycloak. + Collaborate with DevOps and infrastructure teams to ensure the scalability, security, and high availability of Keycloak deployments. + Automate the management of identity and access workflows, including user provisioning, de-provisioning, and role-based access control (RBAC). + Provide technical expertise for OIDC/OAuth2 standards, keeping up with industry trends and ensuring compliance with evolving security requirements. + Troubleshoot issues related to authentication, authorization, and access control, ensuring a seamless user experience. + Document system configurations, processes, and troubleshooting procedures for internal teams and stakeholders. + Conduct regular security audits and recommend improvements for IAM practices and systems. + Participate in and contribute to cross-functional teams working on broader IAM, DevSecOps, and security initiatives. + Provide support for implementing, troubleshooting and maintaining of identity management systems. + Rapidly distinguish isolated user problems from enterprise-wide application/system problems and provide recommended solutions. + Provide follow-up reports (technical findings, feedback, resolution steps taken) for root cause analysis, engineering technical assessment and process improvement initiatives. + Update operations and maintenance documentation for 24/7/365 enterprise watch personnel. + Work with Operations, Engineering, and vendor support to develop solutions to complex technical issues. + Work independently as part of a virtual team + Provide mentorship and training for junior team members. Basic Qualifications: + Bachelor’s degree in Computer Science, Information Technology, or a related field, or equivalent work experience. + 3-5 years of experience working in Identity and Access Management (IAM) with a focus on Keycloak and OIDC/OAuth2 technologies. + Strong hands-on experience with configuring, deploying, and managing Keycloak in a production environment. + Deep understanding of authentication and authorization protocols including OIDC, OAuth2, SAML, and LDAP. + Proficiency in Java, Python, or other scripting languages used for extending and automating Keycloak. + Experience with user federation (LDAP, Active Directory, etc.) and social identity providers (Google, Facebook, etc.) using Keycloak. + Familiarity with DevOps practices, including CI/CD pipelines, and experience with Docker, Kubernetes, and infrastructure-as-code (IaC) tools such as Terraform. + Strong problem-solving and debugging skills, particularly in complex, distributed environments. + Ability to work in an Agile/Scrum environment, collaborating with cross-functional teams. + Strong communication skills, with the ability to articulate technical solutions to both technical and non-technical stakeholders. + Candidate must, at a minimum, meet DoD 8570.11- IAT Level II certification requirements (currently Security+ CE, CCNA-Security, GSEC, or SSCP along with an appropriate computing environment (CE) certification) + Candidate must have a Bachelor's, with at least 12 years of relevant experience. Additional years of experience may be considered in lieu of degree. + Due to the nature of the government contracts we support, US Citizenship is required. + TS/SCI clearance with Polygraph required or a TS/SCI and willingness to get a Poly. Preferred Qualifications: + 5+ years of experience in IAM or related security engineering roles. + Experience with cloud platforms (AWS, Azure, GCP) and securing cloud-native applications. + Experience with identity governance tools (e.g., SailPoint, Okta). + Familiarity with API security (e.g., JWT, mTLS) and best practices for securing microservices architectures. + Experience implementing MFA, SSO, and zero-trust architectures. About Xcelerate Solutions: Founded in 2009 and headquartered in McLean, VA, Xcelerate Solutions (www.xceleratesolutions.com) is one of America's fastest-growing companies. Xcelerate’s culture is defined by our diversified workforce of dynamic and versatile professionals, supported with growth and development opportunities that contribute to individual and company growth. This strong commitment to our employees has been recognized by our inclusion on the Washington Business Journal’s “50 Best Places to Work” list as well as being a “Great Place to Work” certified company with a 4.6 star, and a 99% CEO approval Glassdoor rating. Come find out why Xcelerate Solutions is one of the DC Metro top employers! Xcelerate Solutions is an Equal Employment Opportunity/Affirmative Action Employer. We evaluate qualified applicants without regard to race, color, national origin, religion, age, equal pay, disability, veteran status, sex, sexual orientation, gender identity, genetic information, or expression of another protected characteristic. As part of this commitment to the full inclusion of all qualified individuals, Xcelerate provides reasonable accommodations if needed because of an applicant's or an employee's disability. Pay Transparency Notice: Xcelerate Solutions will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant.
Confirm your E-mail: Send Email