Athenix Solutions Group
Athenix Special Missions is seeking an ICAM Identity Engineer in MacDill Air Force Base (Tampa), Florida.
Position Summary The Identity (Cyber) Engineer is a hands‑on technical specialist responsible for implementing, configuring, and managing the core platforms that secure user and system identities across the enterprise. The role focuses on deploying and maintaining security policies and controls within Identity Providers (IdP), Privileged Access Management (PAM), and Identity Governance and Administration (IGA) solutions in a complex hybrid environment.
Must be a U.S. citizen. Security Clearance: TS/SCI.
Duties & Responsibilities
Identity Provider and Authentication Management:
Microsoft Entra ID: Design, build, test, and deploy Conditional Access policies to enforce Zero Trust principles for cloud resources in Azure and AWS. Configure and maintain Certificate‑Based Authentication (CBA) for CAC/PKI.
Ping Federate: Configure and manage the federation gateway. Onboard new applications for Single Sign‑On using SAML and OIDC, and build authentication policies to enforce strong, phishing‑resistant MFA.
Privileged Access Management (PAM):
Delinea: Perform hands‑on onboarding of all privileged user, service, and application accounts into the Delinea vault.
Configure and enforce Delinea policies for credential rotation, session recording, and monitoring.
Build and implement Just‑in‑Time (JIT) and Just‑Enough‑Administration (JEA) access request and approval workflows to eliminate standing privileges.
Identity Governance and Administration (IGA):
SailPoint: Implement and configure the automation of the Joiner‑Mover‑Leaver (JML) identity lifecycle process.
Build and maintain the enterprise access catalog in SailPoint to replace the manual IMT48 form with an automated, workflow‑driven request and approval system.
Configure and execute periodic access certification campaigns for critical applications and privileged roles.
Active Directory and Linux Identity Management:
One Identity ARS: Implement secure, delegated administration for Active Directory using the Active Roles console.
Red Hat IdM: Centrally manage authorization policies for the Linux estate, defining Host‑Based Access Control (HBAC) rules and sudo policies to control access to RHEL servers.
Qualifications
Required:
Deep, hands‑on experience with at least one core platform: Microsoft Entra ID, an enterprise PAM solution (e.g., Delinea), or an enterprise IGA solution (e.g., SailPoint).
Strong understanding of core identity security principles, including least privilege, MFA, JIT/JEA, and RBAC/ABAC.
Experience with Active Directory administration and group policy management.
Ability to implement and troubleshoot complex security policies within enterprise tools.
DoD 8140 Compliance (IAT Level II).
Preferred:
Microsoft Certified: Identity and Access Administrator (SC‑300).
Delinea Certified Administrator.
SailPoint Certified IdentityNow Engineer.
Ping Certified Professional.
Experience with Red Hat IdM policy management.
Equal Opportunity Employer, including disability and protected veteran status.
#J-18808-Ljbffr
Position Summary The Identity (Cyber) Engineer is a hands‑on technical specialist responsible for implementing, configuring, and managing the core platforms that secure user and system identities across the enterprise. The role focuses on deploying and maintaining security policies and controls within Identity Providers (IdP), Privileged Access Management (PAM), and Identity Governance and Administration (IGA) solutions in a complex hybrid environment.
Must be a U.S. citizen. Security Clearance: TS/SCI.
Duties & Responsibilities
Identity Provider and Authentication Management:
Microsoft Entra ID: Design, build, test, and deploy Conditional Access policies to enforce Zero Trust principles for cloud resources in Azure and AWS. Configure and maintain Certificate‑Based Authentication (CBA) for CAC/PKI.
Ping Federate: Configure and manage the federation gateway. Onboard new applications for Single Sign‑On using SAML and OIDC, and build authentication policies to enforce strong, phishing‑resistant MFA.
Privileged Access Management (PAM):
Delinea: Perform hands‑on onboarding of all privileged user, service, and application accounts into the Delinea vault.
Configure and enforce Delinea policies for credential rotation, session recording, and monitoring.
Build and implement Just‑in‑Time (JIT) and Just‑Enough‑Administration (JEA) access request and approval workflows to eliminate standing privileges.
Identity Governance and Administration (IGA):
SailPoint: Implement and configure the automation of the Joiner‑Mover‑Leaver (JML) identity lifecycle process.
Build and maintain the enterprise access catalog in SailPoint to replace the manual IMT48 form with an automated, workflow‑driven request and approval system.
Configure and execute periodic access certification campaigns for critical applications and privileged roles.
Active Directory and Linux Identity Management:
One Identity ARS: Implement secure, delegated administration for Active Directory using the Active Roles console.
Red Hat IdM: Centrally manage authorization policies for the Linux estate, defining Host‑Based Access Control (HBAC) rules and sudo policies to control access to RHEL servers.
Qualifications
Required:
Deep, hands‑on experience with at least one core platform: Microsoft Entra ID, an enterprise PAM solution (e.g., Delinea), or an enterprise IGA solution (e.g., SailPoint).
Strong understanding of core identity security principles, including least privilege, MFA, JIT/JEA, and RBAC/ABAC.
Experience with Active Directory administration and group policy management.
Ability to implement and troubleshoot complex security policies within enterprise tools.
DoD 8140 Compliance (IAT Level II).
Preferred:
Microsoft Certified: Identity and Access Administrator (SC‑300).
Delinea Certified Administrator.
SailPoint Certified IdentityNow Engineer.
Ping Certified Professional.
Experience with Red Hat IdM policy management.
Equal Opportunity Employer, including disability and protected veteran status.
#J-18808-Ljbffr