Cloud-Based IAM Modernization Consultant -Rockville MD

Cloud-Based IAM Modernization and Oracle Integration Consultant – Hybrid Rockville MD  

About us 

Creative Information Technology Inc (CITI) is an esteemed IT enterprise renowned for its exceptional customer service and innovation. We serve both government and commercial sectors, offering a range of solutions such as Healthcare IT, Human Services, Identity Credentialing, Cloud Computing, and Big Data Analytics. With clients in the US and abroad, we hold key contract vehicles including GSA IT Schedule 70, NIH CIO-SP3, GSA Alliant, and DHS-Eagle II.

Join us in driving growth and seizing new business opportunities.

Role and Responsibilities 

The Office of Strategic Partnership (OSP) is responsible for modernizing its Identity and Access Management (IAM) system by migrating to a cloud-based platform. This includes integrating the legacy Oracle Echo system with Microsoft Azure Entra ID and Azure B2C. We are seeking consultant with a proven track record in enterprise IAM implementations and secure cloud integrations.

Objectives:

• Design and implement OCI IAM, Microsoft Entra, and Azure B2C–based SSO for Oracle EBS, OAS, PeopleSoft, Oracle Learning Management (OLM), and other Oracle workloads.
• Enable seamless authentication for internal users (employees), external users, and contractors.
• Architect and document a secure DMZ access pattern to protect on-premises resources while allowing selective inbound connections.
• Ensure end-to-end security, high availability, and compliance with industry best practices.

Minimum Qualification

• Define logical SSO flow between internal users, Entra ID, OCI IAM, and Oracle apps for internal users
• Define logical SSO flow between external users, Azure B2C, OCI IAM, and Oracle apps for external users
• Configure Microsoft Entra as an SAML/OIDC identity provider for Oracle applications
• Configure OCI IAM identity providers and federation with Entra ID
• Configure Azure B2C as an SAML/OIDC identity provider for Oracle applications
• Design DMZ zoning: reverse proxy, firewalls, and application gateways
• Deploy and configure DMZ components
• Define access policies, attribute mappings, and claim rules
• Perform functional, security (penetration/vulnerability), and performance testing
• Conduct user acceptance testing with internal and external stakeholder groups
• Produce end-to-end security architecture diagrams and DMZ access patterns
• Document configuration steps, policy definitions, and operational runbooks
• Deliver a knowledge-transfer workshop and train-the-trainer sessions
• Work with the Operations team for production migration

Deliverables:

• Solution Design Package: Includes high-level architecture diagrams, detailed SSO and federation flowcharts, DMZ zone definitions, firewall rule sets, and a working prototype.
• Implementation Artifacts: Covers configurations for Entra ID, Azure B2C, and OCI IAM.
• Test Reports: Includes functional and integration test cases with results, as well as security scan reports.
• Operational Documentation: Comprises system configuration guides, access management runbooks, and troubleshooting guides.
• Knowledge Transfer: Provides training to the operational team, including Q&A sessions and a support plan.

Teams Expertise Requirement:

• Extensive experience with OCI IAM, Microsoft Entra ID, Azure B2C, and SAML/OIDC protocols.
• Strong expertise in DMZ design, firewall configurations, and application gateway setup.
• Proficient in conducting penetration testing and vulnerability assessments.
• Skilled in technical writing and training, with the ability to document and transfer knowledge effectively.

Acceptance Criteria:

• Successful SSO login for all defined user personas without manual intervention.
• DMZ enforces least-privilege access, passing only necessary traffic.
• All test cases pass with documented outcomes.
• Documentation reviewed and approved by the client security team.
• Knowledge transfer session delivered, and the client can independently manage the solution.