Leidos Holding
Identity & Access Management (IAM) Engineer - Keycloak/OIDC Specialist
Leidos Holding, Bethesda, MD
Description
At Leidos, we deliver innovative solutions through the efforts of our diverse and talented people who are dedicated to our customers' success. We empower our teams, contribute to our communities, and operate sustainable practices. Everything we do is built on a commitment to do the right thing for our customers, our people, and our community. Our Mission, Vision, and Values guide the way we do business. Employees enjoy career enrichment opportunities available through mobility and development and experience rewarding relationships with supportive supervisors and talented colleagues and customers. Your most important work is ahead.
If this sounds like the kind of environment where you can thrive, keep reading!
Leidos is seeking an Identity and Access Management (IdAM) Engineer to support the National Media Exploitation Center (NMEC). The System Administrator will be responsible for maintaining existing enterprise identity management solutions, troubleshoot incidents, and assist with transitioning new capabilities to production. Duties will include validating the health and status, operations, and maintenance of identity management systems such as Keycloak and OpenID Connect (OIDC) technologies. This individual will work in a team environment supporting a large enterprise spanning multiple enclaves and sites.
This is a 100% on-site position. All work must be performed at the customer site in Bethesda at the Intelligence Community Campus.
Primary Responsibilities
Basic Qualifications
Education/Experience Requirements
Clearance
Preferred Qualifications
• 5+ years of experience in IAM or related security engineering roles.
• Experience with cloud platforms (AWS, Azure, GCP) and securing cloud-native applications.
• Experience with identity governance tools (e.g., SailPoint, Okta).
• Familiarity with API security (e.g., JWT, mTLS) and best practices for securing microservices architectures.
• Experience implementing MFA, SSO, and zero-trust architectures.
Original Posting Date: 2024-09-25While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.
Pay Range: Pay Range $122,200.00 - $220,900.00
The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.
About Leidos Leidos is a Fortune 500® innovation company rapidly addressing the world's most vexing challenges in national security and health. The company's global workforce of 47,000 collaborates to create smarter technology solutions for customers in heavily regulated industries. Headquartered in Reston, Virginia, Leidos reported annual revenues of approximately $15.4 billion for the fiscal year ended December 29, 2023. For more information, visit www.Leidos.com .
Pay and Benefits Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers. Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement. More details are available here .
Securing Your Data Beware of fake employment opportunities using Leidos' name. Leidos will never ask you to provide payment-related information during any part of the employment application process (i.e., ask you for money), nor will Leidos ever advance money as part of the hiring process (i.e., send you a check or money order before doing any work). Further, Leidos will only communicate with you through emails that are generated by the Leidos.com automated system - never from free commercial services (e.g., Gmail, Yahoo, Hotmail) or via WhatsApp, Telegram, etc. If you received an email purporting to be from Leidos that asks for payment-related information or any other person a l information (e.g., about you or your previous employer), and you are concerned about its legitimacy, please make us aware immediately by emailing us at [email protected] .
If you believe you are the victim of a scam, contact your local law enforcement and report the incident to the U.S. Federal Trade Commission .
Commitment to Diversity All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.
At Leidos, we deliver innovative solutions through the efforts of our diverse and talented people who are dedicated to our customers' success. We empower our teams, contribute to our communities, and operate sustainable practices. Everything we do is built on a commitment to do the right thing for our customers, our people, and our community. Our Mission, Vision, and Values guide the way we do business. Employees enjoy career enrichment opportunities available through mobility and development and experience rewarding relationships with supportive supervisors and talented colleagues and customers. Your most important work is ahead.
If this sounds like the kind of environment where you can thrive, keep reading!
Leidos is seeking an Identity and Access Management (IdAM) Engineer to support the National Media Exploitation Center (NMEC). The System Administrator will be responsible for maintaining existing enterprise identity management solutions, troubleshoot incidents, and assist with transitioning new capabilities to production. Duties will include validating the health and status, operations, and maintenance of identity management systems such as Keycloak and OpenID Connect (OIDC) technologies. This individual will work in a team environment supporting a large enterprise spanning multiple enclaves and sites.
This is a 100% on-site position. All work must be performed at the customer site in Bethesda at the Intelligence Community Campus.
Primary Responsibilities
- Design and implement IAM solutions using Keycloak for secure authentication and authorization based on OIDC, OAuth2, and SAML protocols.
- Integrate Keycloak with internal and external applications, APIs, and third-party services to enable secure access and identity federation.
- Manage and maintain the Keycloak infrastructure, including clustering, performance tuning, and monitoring.
- Implement custom authentication flows, policies, and user federation strategies using Keycloak.
- Collaborate with DevOps and infrastructure teams to ensure the scalability, security, and high availability of Keycloak deployments.
- Automate the management of identity and access workflows, including user provisioning, de-provisioning, and role-based access control (RBAC).
- Provide technical expertise for OIDC/OAuth2 standards, keeping up with industry trends and ensuring compliance with evolving security requirements.
- Troubleshoot issues related to authentication, authorization, and access control, ensuring a seamless user experience.
- Document system configurations, processes, and troubleshooting procedures for internal teams and stakeholders.
- Conduct regular security audits and recommend improvements for IAM practices and systems.
- Participate in and contribute to cross-functional teams working on broader IAM, DevSecOps, and security initiatives.
- Provide support for implementing, troubleshooting and maintaining of identity management systems.
- Rapidly distinguish isolated user problems from enterprise-wide application/system problems and provide recommended solutions.
- Provide follow-up reports (technical findings, feedback, resolution steps taken) for root cause analysis, engineering technical assessment and process improvement initiatives.
- Update operations and maintenance documentation for 24/7/365 enterprise watch personnel.
- Work with Operations, Engineering, and vendor support to develop solutions to complex technical issues.
- Work independently as part of a virtual team
- Provide mentorship and training for junior team members.
Basic Qualifications
- Bachelor's degree in Computer Science, Information Technology, or a related field, or equivalent work experience.
- 3-5 years of experience working in Identity and Access Management (IAM) with a focus on Keycloak and OIDC/OAuth2 technologies.
- Strong hands-on experience with configuring, deploying, and managing Keycloak in a production environment.
- Deep understanding of authentication and authorization protocols including OIDC, OAuth2, SAML, and LDAP.
- Proficiency in Java, Python, or other scripting languages used for extending and automating Keycloak.
- Experience with user federation (LDAP, Active Directory, etc.) and social identity providers (Google, Facebook, etc.) using Keycloak.
- Familiarity with DevOps practices, including CI/CD pipelines, and experience with Docker, Kubernetes, and infrastructure-as-code (IaC) tools such as Terraform.
- Strong problem-solving and debugging skills, particularly in complex, distributed environments.
- Ability to work in an Agile/Scrum environment, collaborating with cross-functional teams.
- Strong communication skills, with the ability to articulate technical solutions to both technical and non-technical stakeholders.
- Candidate must, at a minimum, meet DoD 8570.11- IAT Level II certification requirements (currently Security+ CE, CCNA-Security, GSEC, or SSCP along with an appropriate computing environment (CE) certification)
Education/Experience Requirements
- Candidate must have a Bachelor's, with at least 12 years of relevant experience. Additional years of experience may be considered in lieu of degree.
- Generally has 4+ years of experience supervising or leading teams or projects.
Clearance
- Active TS/SCI clearance with Polygraph required OR active TS/SCI and willingness to get a Poly.
- US Citizenship is required due to the nature of the government contracts we support.
Preferred Qualifications
• 5+ years of experience in IAM or related security engineering roles.
• Experience with cloud platforms (AWS, Azure, GCP) and securing cloud-native applications.
• Experience with identity governance tools (e.g., SailPoint, Okta).
• Familiarity with API security (e.g., JWT, mTLS) and best practices for securing microservices architectures.
• Experience implementing MFA, SSO, and zero-trust architectures.
Original Posting Date: 2024-09-25While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.
Pay Range: Pay Range $122,200.00 - $220,900.00
The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.
About Leidos Leidos is a Fortune 500® innovation company rapidly addressing the world's most vexing challenges in national security and health. The company's global workforce of 47,000 collaborates to create smarter technology solutions for customers in heavily regulated industries. Headquartered in Reston, Virginia, Leidos reported annual revenues of approximately $15.4 billion for the fiscal year ended December 29, 2023. For more information, visit www.Leidos.com .
Pay and Benefits Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers. Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement. More details are available here .
Securing Your Data Beware of fake employment opportunities using Leidos' name. Leidos will never ask you to provide payment-related information during any part of the employment application process (i.e., ask you for money), nor will Leidos ever advance money as part of the hiring process (i.e., send you a check or money order before doing any work). Further, Leidos will only communicate with you through emails that are generated by the Leidos.com automated system - never from free commercial services (e.g., Gmail, Yahoo, Hotmail) or via WhatsApp, Telegram, etc. If you received an email purporting to be from Leidos that asks for payment-related information or any other person a l information (e.g., about you or your previous employer), and you are concerned about its legitimacy, please make us aware immediately by emailing us at [email protected] .
If you believe you are the victim of a scam, contact your local law enforcement and report the incident to the U.S. Federal Trade Commission .
Commitment to Diversity All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.