IAM Systems Engineer

Platinum Technologies is a Northern Virginia based integrated solutions firm that specializes in Cybersecurity, Cloud and Digital Services to the Public Sector. Our team solves hard problems and helps our Mission Partners achieve their goals. If you are self-motivated, possess demonstrated learning agility, and are passionate about delivering high-quality work products – we want to hear from you.

We lead with technical expertise, but that is just the tip of the iceberg – the ‘Why’ matters. At Platinum, we don’t hire people to do a job. We provide professional and leadership development to complement our self-motivated domain experts. Our teammates are dot-connecting leaders that operate in a mutually accountable environment to deliver thought leadership, expert technical analysis, and quality execution for our clients

Platinum Technologies currently has an opportunity for an experienced IAM Systems Engineer to help advance the security posture and lead the organization’s Identity, Credential and Access Management (ICAM) environment into compliance with Zero Trust operational and compliance requirements.

The IAM Systems Engineer is a hands-on technical specialist responsible for the implementation, configuration, and management of the core platforms that secure user and system identities across the enterprise. This role focuses on the "hands-on-keyboard" execution of deploying and maintaining the security policies and controls within the organization's Identity Providers (IdP), Privileged Access Management (PAM), and Identity Governance and Administration (IGA) solutions. The ideal candidate will have deep technical expertise in one or more of these domains and a strong commitment to implementing least-privilege access in a complex hybrid environment.

We are offering a competitive sign-on bonus and relocation assistance for qualified candidates.

Located at MacDill AFB, Tampa, Florida. Candidate must hold an active TS/SCI clearance.

 

•Design, build, test, and deploy Microsoft Entra ID Conditional Access policies to enforce Zero Trust principles for access to cloud resources in Azure and AWS. Configure and maintain Certificate-Based Authentication (CBA) for CAC/PKI. Manage and troubleshoot the on-premises ADFS environment for legacy application support.

•Configure and manage the Ping Federate platform as an enterprise federation gateway. Onboard new applications for Single Sign-On (SSO) using SAML and OIDC. Build and maintain authentication policies to enforce strong, phishing- 

•Perform the hands-on onboarding of all privileged user, service, and application accounts into the Delinea vault.

•Configure and enforce Delinea policies for credential rotation, session recording, and monitoring.

•Build and implement Just-in-Time (JIT) and Just-Enough-Administration (JEA) access request and approval workflows to eliminate standing privileges.

•Implement and configure the automation of the Joiner-Mover-Leaver (JML) identity lifecycle process, replacing manual, ticket-based systems.

•Build and maintain the enterprise access catalog in SailPoint to replace the manual IMT48 form with an automated, workflow-driven request and approval system.

•Configure and execute periodic access certification campaigns for critical applications and privileged roles.

•Use the Active Roles console to implement secure, delegated administration for Active Directory, creating policies to automate user/group lifecycle tasks.

•Centrally manage authorization policies for the Linux estate, defining Host-Based Access Control (HBAC) rules and sudo policies to control access to RHEL servers.

•Deep, hands-on experience with at least one of the following core platforms: Microsoft Entra ID, an enterprise PAM solution (e.g., Delinea), or an enterprise IGA solution (e.g., SailPoint).

•Strong understanding of core identity security principles, including least privilege, MFA, JIT/JEA, and RBAC/ABAC.

•Experience with Active Directory administration and group policy management.

•Ability to implement and troubleshoot complex security policies within enterprise tools.

•Microsoft Certified: Identity and Access Administrator (SC-300).

•Delinea Certified Administrator.

•SailPoint Certified IdentityNow Engineer.

•Ping Certified Professional.

•Experience with Red Hat IdM policy management.

•DoD 8140 Compliance (IAT Level II)

The Company is an Equal Opportunity/Affirmative Action employer. All qualified candidates will receive consideration for employment without regard to disability, protected veteran status, race, color, religious creed, national origin, citizenship, marital status, sex, sexual orientation/gender identity, age, or genetic information.