Kentro
IGA Engineer (SailPoint), Zero Trust Program (USSOCOM TS/SCI)
Kentro, Tampa, Florida, us, 33646
IGA Engineer (SailPoint), Zero Trust Program (USSOCOM TS/SCI)
Join Kentro as a highly skilled Identity Governance and Administration (IGA) Engineer on the Zero‑Trust execution team at U.S. Special Operations Command (USSOCOM). In this role you will build and maintain the “source of truth” that governs access to the Command’s most critical data.
Location:
Onsite in Tampa, FL
Responsibilities
Lead the design, deployment, and ongoing management of SailPoint IdentityNow (or IIQ) to automate the full identity lifecycle (Joiner, Mover, Leaver) across hybrid and on‑premises environments.
Define and manage the schema for “Trust Attributes” (e.g., Clearance, COI, Project Codes) within SailPoint, ensuring alignment with the NIST 8112 metadata standard for consumption by policy decision points.
Manage the offline instance of SailPoint on the Top‑Secret network, developing workflows to import “Attribute Manifests” and synchronise identity data with the low‑side source of truth.
Configure and execute automated access certification campaigns for critical data repositories and privileged roles, ensuring compliance with DoD audit requirements.
Work with mission owners to define Technical Roles and Business Roles within SailPoint, replacing broad, static Active Directory groups with granular, policy‑driven access roles.
Requirements
Master’s degree (MA/MS) in Computer Science, Information Security / Cybersecurity, Information Systems, Data Science, or a closely related technical field.
10+ years of relevant experience.
Extensive (5+ years) hands‑on experience designing, implementing, and administering SailPoint (IdentityNow or IdentityIQ) in a large enterprise environment.
Deep understanding of the Joiner‑Mover‑Leaver (JML) process and experience automating provisioning/deprovisioning workflows connected to HR systems and Active Directory.
Strong knowledge of Active Directory, LDAP, and Azure Active Directory (Entra ID) structures and management.
Proven experience with Role‑Based Access Control (RBAC) modelling, Separation of Duties (SoD) policy creation, and access certification campaigns.
Preferred Experience & Skills (Nice‑to‑Haves)
Experience implementing Attribute‑Based Access Control (ABAC) strategies.
Familiarity with DoD Identity, Credential, and Access Management (ICAM) reference designs.
Knowledge of integration protocols such as REST, SCIM, and SOAP.
Experience supporting USSOCOM or other DoD agencies.
Certifications
Required:
CompTIA Security+ CE (or higher) to meet DoD 8570 IAT Level II requirements.
Preferred:
SailPoint Certified IdentityNow Engineer or SailPoint Certified IdentityIQ Engineer.
Preferred:
Certified Identity and Access Manager (CIAM) or CISA.
Clearance
Active Top‑Secret clearance with SCI eligibility.
The Company We believe in generating success collaboratively, enabling long‑term mission success, and building trust for the next challenge. As a valued member of our team, you have the unique opportunity to work in a diverse range of technology and business career paths, all while supporting our nation and delivering innovative technology solutions.
Benefits
Competitive benefits package including paid time off, healthcare benefits, supplemental benefits, 401(k) with employer match.
Education reimbursement for certifications, degrees, or professional development.
Discount perks, rewards, and more.
Events and activities, including happy hours, holiday events, fitness & wellness events, and annual celebrations.
Charity galas/events to support community involvement.
Equal Opportunity Employment & VEVRAA Kentro is an equal‑opportunity employer. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local law.
How To Apply To apply, click the “Apply for this Job” button at the bottom of this description or the button at the top titled “Application.” Upload your resume and complete all application steps. If you need alternative application methods, email
careers@kentro.us .
Accommodations To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. Reasonable accommodations may be made to enable qualified individuals with disabilities to perform essential functions. If you need to discuss reasonable accommodations, please email
careers@kentro.us .
#J-18808-Ljbffr
Location:
Onsite in Tampa, FL
Responsibilities
Lead the design, deployment, and ongoing management of SailPoint IdentityNow (or IIQ) to automate the full identity lifecycle (Joiner, Mover, Leaver) across hybrid and on‑premises environments.
Define and manage the schema for “Trust Attributes” (e.g., Clearance, COI, Project Codes) within SailPoint, ensuring alignment with the NIST 8112 metadata standard for consumption by policy decision points.
Manage the offline instance of SailPoint on the Top‑Secret network, developing workflows to import “Attribute Manifests” and synchronise identity data with the low‑side source of truth.
Configure and execute automated access certification campaigns for critical data repositories and privileged roles, ensuring compliance with DoD audit requirements.
Work with mission owners to define Technical Roles and Business Roles within SailPoint, replacing broad, static Active Directory groups with granular, policy‑driven access roles.
Requirements
Master’s degree (MA/MS) in Computer Science, Information Security / Cybersecurity, Information Systems, Data Science, or a closely related technical field.
10+ years of relevant experience.
Extensive (5+ years) hands‑on experience designing, implementing, and administering SailPoint (IdentityNow or IdentityIQ) in a large enterprise environment.
Deep understanding of the Joiner‑Mover‑Leaver (JML) process and experience automating provisioning/deprovisioning workflows connected to HR systems and Active Directory.
Strong knowledge of Active Directory, LDAP, and Azure Active Directory (Entra ID) structures and management.
Proven experience with Role‑Based Access Control (RBAC) modelling, Separation of Duties (SoD) policy creation, and access certification campaigns.
Preferred Experience & Skills (Nice‑to‑Haves)
Experience implementing Attribute‑Based Access Control (ABAC) strategies.
Familiarity with DoD Identity, Credential, and Access Management (ICAM) reference designs.
Knowledge of integration protocols such as REST, SCIM, and SOAP.
Experience supporting USSOCOM or other DoD agencies.
Certifications
Required:
CompTIA Security+ CE (or higher) to meet DoD 8570 IAT Level II requirements.
Preferred:
SailPoint Certified IdentityNow Engineer or SailPoint Certified IdentityIQ Engineer.
Preferred:
Certified Identity and Access Manager (CIAM) or CISA.
Clearance
Active Top‑Secret clearance with SCI eligibility.
The Company We believe in generating success collaboratively, enabling long‑term mission success, and building trust for the next challenge. As a valued member of our team, you have the unique opportunity to work in a diverse range of technology and business career paths, all while supporting our nation and delivering innovative technology solutions.
Benefits
Competitive benefits package including paid time off, healthcare benefits, supplemental benefits, 401(k) with employer match.
Education reimbursement for certifications, degrees, or professional development.
Discount perks, rewards, and more.
Events and activities, including happy hours, holiday events, fitness & wellness events, and annual celebrations.
Charity galas/events to support community involvement.
Equal Opportunity Employment & VEVRAA Kentro is an equal‑opportunity employer. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local law.
How To Apply To apply, click the “Apply for this Job” button at the bottom of this description or the button at the top titled “Application.” Upload your resume and complete all application steps. If you need alternative application methods, email
careers@kentro.us .
Accommodations To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. Reasonable accommodations may be made to enable qualified individuals with disabilities to perform essential functions. If you need to discuss reasonable accommodations, please email
careers@kentro.us .
#J-18808-Ljbffr