Identity & Access Management Engineer - Keycloak/OIDC Expert

Description

Leidos is committed to delivering innovative solutions through a diverse team dedicated to customer success. Join us to empower your career while contributing to our community and sustainable practices. We believe in doing the right thing for our customers, our people, and our community, guided by our Mission, Vision, and Values. Your most important work is ahead.

If you thrive in a dynamic environment, continue reading!

We are looking for an Identity and Access Management (IdAM) Engineer to support the National Media Exploitation Center (NMEC). Your role will involve maintaining existing enterprise identity management solutions, troubleshooting incidents, and facilitating the transition of new capabilities into production. You'll validate the health and status of identity management systems, leveraging technologies such as Keycloak and OpenID Connect (OIDC). This position requires collaboration with a team supporting a large enterprise across multiple enclaves and sites.

This is a 100% on-site position at the Intelligence Community Campus in Bethesda.

Primary Responsibilities

Design and implement IAM solutions using Keycloak for secure authentication and authorization based on OIDC, OAuth2, and SAML protocols.

Integrate Keycloak with internal and external applications, APIs, and third-party services to ensure secure access and identity federation.

Manage and maintain the Keycloak infrastructure, focusing on clustering, performance tuning, and monitoring.

Develop custom authentication flows, policies, and user federation strategies using Keycloak.

Collaborate with DevOps and infrastructure teams for scalable, secure, and highly available Keycloak deployments.

Automate identity and access workflows, including user provisioning, de-provisioning, and role-based access control (RBAC).

Provide technical expertise in OIDC / OAuth2 standards, staying current with industry trends and ensuring compliance with security requirements.

Troubleshoot authentication, authorization, and access control issues, ensuring a smooth user experience.

Document system configurations, processes, and troubleshooting procedures for internal teams and stakeholders.

Conduct regular security audits and recommend improvements for IAM practices and systems.

Participate in cross-functional teams focused on broader IAM, DevSecOps, and security initiatives.

Support the implementation, troubleshooting, and maintenance of identity management systems.

Quickly distinguish isolated user issues from enterprise-wide problems, providing effective solutions.

Prepare follow-up reports detailing technical findings, feedback, and resolution steps for root cause analysis and process improvement efforts.

Update operational documentation for 24 / 7 enterprise monitoring teams.

Collaborate with Operations, Engineering, and vendor support to devise solutions for complex technical challenges.

Work independently while contributing as part of a virtual team.

Mentor and train junior team members.

Basic Qualifications

Bachelor's degree in Computer Science, Information Technology, or a related field, or equivalent work experience.

3-5 years of experience in Identity and Access Management (IAM), particularly with Keycloak and OIDC / OAuth2 technologies.

Hands-on experience in configuring, deploying, and managing Keycloak in a production environment.

Thorough understanding of authentication and authorization protocols such as OIDC, OAuth2, SAML, and LDAP.

Proficient in Java, Python, or other scripting languages for extending and automating Keycloak functionalities.

Experience with user federation (LDAP, Active Directory, etc.) and social identity providers via Keycloak.

Familiarity with DevOps practices including CI / CD pipelines, and experience with Docker, Kubernetes, and Infrastructure-as-Code (IaC) tools like Terraform.

Strong problem-solving and debugging skills in complex, distributed environments.

Ability to work in an Agile / Scrum environment, collaborating with cross-functional teams.

Excellent communication skills, capable of articulating technical solutions to diverse stakeholders.

Must meet DoD 8570.11- IAT Level II certification requirements.

Education / Experience Requirements

Bachelor's degree with at least 12 years of relevant experience, or additional years of experience may replace degree requirements.

4 years of experience in a supervisory or leadership capacity.

Clearance

Active TS / SCI clearance with Polygraph required OR an active TS / SCI clearance with willingness to obtain a Poly.

US Citizenship required due to the nature of the government contracts we support.

Preferred Qualifications

5 years of experience in IAM or related security engineering roles.

Experience with cloud platforms (AWS, Azure, GCP) and securing cloud-native applications.

Familiarity with identity governance tools (SailPoint, Okta).

Understanding of API security measures (JWT, mTLS) and practices for securing microservices architectures.

Experience implementing MFA, SSO, and zero-trust architectures.

NMECDTP

Original Posting Date : 2025-02-05

This job requisition is expected to remain open for at least 3 days following the original posting date.

Pay Range : Pay Range $126,100.00 - $227,950.00

The pay range for this position is a general guideline and considers several factors including responsibilities, education, experience, and skills.

Salary : $126,100 - $227,950