Athenix Solutions Group
Overview
Athenix Special Missions is seeking an
ICAM Identity Engineer
in
MacDill Air Force Base (Tampa), Florida .
ASM Quality Policy:
To meet or exceed our customers’ expectations for quality, delivery, and service through continual improvement, striving to meet our objectives, and committing to meeting all legal and statutory requirements.
Primary Location:
MacDill Air Force Base, Florida
Must be a U.S. citizen
Security Clearance:
TS/SCI
Position Summary The Identity (Cyber) Engineer is a hands-on technical specialist responsible for the implementation, configuration, and management of the core platforms that secure user and system identities across the enterprise. This role focuses on the "hands-on-keyboard" execution of deploying and maintaining the security policies and controls within the organization's Identity Providers ( IdP ), Privileged Access Management ( PAM ), and Identity Governance and Administration ( IGA ) solutions. The ideal candidate will have deep technical expertise in one or more of these domains and a strong commitment to implementing least-privilege access in a complex hybrid environment.
Duties & Responsibilities (Hands-on Implementation)
Identity Provider and Authentication Management:
Microsoft:
Design, build, test, and deploy Microsoft Entra ID Conditional Access policies to enforce Zero Trust principles for access to cloud resources in Azure and AWS. Configure and maintain Certificate-Based Authentication (CBA) for CAC/PKI. Manage and troubleshoot the on-premises ADFS environment for legacy application support.
Ping Federate:
Configure and manage the Ping Federate platform as an enterprise federation gateway. Onboard new applications for Single Sign-On (SSO) using SAML and OIDC. Build and maintain authentication policies to enforce strong, phishing-resistant MFA.
Privileged Access Management (PAM):
Delinea:
Perform the hands-on onboarding of all privileged user, service, and application accounts into the Delinea vault.
Configure and enforce Delinea policies for credential rotation, session recording, and monitoring.
Build and implement Just-in-Time (JIT) and Just-Enough-Administration (JEA) access request and approval workflows to eliminate standing privileges.
Identity Governance and Administration (IGA):
SailPoint:
Implement and configure the automation of the Joiner-Mover-Leaver (JML) identity lifecycle process, replacing manual, ticket-based systems.
Build and maintain the enterprise access catalog in SailPoint to replace the manual IMT48 form with an automated, workflow-driven request and approval system.
Configure and execute periodic access certification campaigns for critical applications and privileged roles.
AD and Linux Identity Management:
One Identity ARS:
Use the Active Roles console to implement secure, delegated administration for Active Directory, creating policies to automate user/group lifecycle tasks.
Red Hat IdM:
Centrally manage authorization policies for the Linux estate, defining Host-Based Access Control (HBAC) rules and sudo policies to control access to RHEL servers.
Qualifications and Technical Skills
Required:
Deep, hands-on experience with at least one of the following core platforms: Microsoft Entra ID, an enterprise PAM solution (e.g., Delinea), or an enterprise IGA solution (e.g., SailPoint).
Strong understanding of core identity security principles, including least privilege, MFA, JIT/JEA, and RBAC/ABAC.
Experience with Active Directory administration and group policy management.
Ability to implement and troubleshoot complex security policies within enterprise tools.
DoD 8140 Compliance (IAT Level II)
Preferred:
Microsoft Certified: Identity and Access Administrator (SC-300).
Delinea Certified Administrator.
SailPoint Certified IdentityNow Engineer.
Ping Certified Professional.
Experience with Red Hat IdM policy management.
Equal Opportunity Employer, including disability and protected veteran status
#J-18808-Ljbffr
ICAM Identity Engineer
in
MacDill Air Force Base (Tampa), Florida .
ASM Quality Policy:
To meet or exceed our customers’ expectations for quality, delivery, and service through continual improvement, striving to meet our objectives, and committing to meeting all legal and statutory requirements.
Primary Location:
MacDill Air Force Base, Florida
Must be a U.S. citizen
Security Clearance:
TS/SCI
Position Summary The Identity (Cyber) Engineer is a hands-on technical specialist responsible for the implementation, configuration, and management of the core platforms that secure user and system identities across the enterprise. This role focuses on the "hands-on-keyboard" execution of deploying and maintaining the security policies and controls within the organization's Identity Providers ( IdP ), Privileged Access Management ( PAM ), and Identity Governance and Administration ( IGA ) solutions. The ideal candidate will have deep technical expertise in one or more of these domains and a strong commitment to implementing least-privilege access in a complex hybrid environment.
Duties & Responsibilities (Hands-on Implementation)
Identity Provider and Authentication Management:
Microsoft:
Design, build, test, and deploy Microsoft Entra ID Conditional Access policies to enforce Zero Trust principles for access to cloud resources in Azure and AWS. Configure and maintain Certificate-Based Authentication (CBA) for CAC/PKI. Manage and troubleshoot the on-premises ADFS environment for legacy application support.
Ping Federate:
Configure and manage the Ping Federate platform as an enterprise federation gateway. Onboard new applications for Single Sign-On (SSO) using SAML and OIDC. Build and maintain authentication policies to enforce strong, phishing-resistant MFA.
Privileged Access Management (PAM):
Delinea:
Perform the hands-on onboarding of all privileged user, service, and application accounts into the Delinea vault.
Configure and enforce Delinea policies for credential rotation, session recording, and monitoring.
Build and implement Just-in-Time (JIT) and Just-Enough-Administration (JEA) access request and approval workflows to eliminate standing privileges.
Identity Governance and Administration (IGA):
SailPoint:
Implement and configure the automation of the Joiner-Mover-Leaver (JML) identity lifecycle process, replacing manual, ticket-based systems.
Build and maintain the enterprise access catalog in SailPoint to replace the manual IMT48 form with an automated, workflow-driven request and approval system.
Configure and execute periodic access certification campaigns for critical applications and privileged roles.
AD and Linux Identity Management:
One Identity ARS:
Use the Active Roles console to implement secure, delegated administration for Active Directory, creating policies to automate user/group lifecycle tasks.
Red Hat IdM:
Centrally manage authorization policies for the Linux estate, defining Host-Based Access Control (HBAC) rules and sudo policies to control access to RHEL servers.
Qualifications and Technical Skills
Required:
Deep, hands-on experience with at least one of the following core platforms: Microsoft Entra ID, an enterprise PAM solution (e.g., Delinea), or an enterprise IGA solution (e.g., SailPoint).
Strong understanding of core identity security principles, including least privilege, MFA, JIT/JEA, and RBAC/ABAC.
Experience with Active Directory administration and group policy management.
Ability to implement and troubleshoot complex security policies within enterprise tools.
DoD 8140 Compliance (IAT Level II)
Preferred:
Microsoft Certified: Identity and Access Administrator (SC-300).
Delinea Certified Administrator.
SailPoint Certified IdentityNow Engineer.
Ping Certified Professional.
Experience with Red Hat IdM policy management.
Equal Opportunity Employer, including disability and protected veteran status
#J-18808-Ljbffr