Identity & Directory Management Services Senior Engineer- PKI

Position Description: DIGIT is seeking an Identity and Directory Management Services (IDMS) Engineer to support the design, administration, management, execution & maintenance of GSA’s Identity & Directory Management Services (IDMS) and Identity, Credential, and Access Management (ICAM) solutions to meet the needs of the enterprise users & the enterprise architecture. These services, systems, and capabilities include, but not limited to, directory services management, ICAM, privileged account management, Single Sign-On (SSO), Active Directory (AD) Domain Name System (DNS) services, Public Key

Infrastructure (PKI), Multi-Factor Authentication (MFA), auditing and log management, Continuous Diagnostics and

Mitigation/Dynamic and Evolving Federal Enterprise Network Defense (CDM/DEFEND), and the management of

appliances. GSA IT currently leverages Microsoft (MS) AD as the authoritative account management system.

Responsibilities:

The Identity and Directory Management Services Engineer shall perform the following (to include but not limited

to) activities:

● Manage the enterprise Key Management, Certificate Management, and PKI systems.

● Manage and maintain the GSA PKI environment, to include Microsoft Certificate Authorities and

Certificate Revocation CRL/ OCSP services.

● Extensive experience with Okta includes installation, configuration and migrations.

● Token management by using the HID Credential Management Services

● Knowledge of Hardware Security Module (HSM’s)

● Manage, administer, and support the GSA IT MFA environment with Secureauth, OKTA or similar platform

● Manage, administer, and support ICAM systems and related support activities.

● Utilize automation and role-based management to ensure availability of access and continuity of services.

● Ensure requirements are gathered, processes defined, and use cases documented.

● Test and certify new product versions, bug fix and provide detailed reports.

● Providing on-call rotation support on a routine basis.

● Identifying process improvement opportunities for review and subsequent implementation.

● Providing positive customer service interactions for all levels of the organization up to and include senior

executive staff.

● Performing root cause analysis, risk identification, and risk mitigation.

● Provide support and administration of the GSA IT AD environment, systems, and associated data.

● Continuously review and assess the GSA IT ICAM environment and provide recommendations for how to

manage and administer the environment more efficiently.

● Ensure that all Group Policy Management (GPM) changes are controlled and documented.

● Other operational support duties as assigned.

● Developing new technologies to support existing applications or creating new applications using new

technologies

● Participating in meetings with executives to discuss technical issues and propose solutions

● Collaborating with other members of the engineering team to design new features or improve existing

ones

● Escalate issues to vendor and third-party entities, as necessary and directed by the Government

Requirements

Required Skills:

● Public Trust Clearance or ability to obtain.

● ITILv4 Foundation Training and ITILv4 Foundation Certification, may be obtained within 120 days after

hire.

● Possesses and applies a comprehensive knowledge across key tasks and high impact assignments.

● Plans and leads major technology assignments.

● Functions as a technical expert across multiple project assignments.

● Design and develop solutions to complex applications problems, system administration issues, or network

concerns.

● Perform systems management and integration functions

● Proven ability to work independently in a full and/or partial remote environment with limited supervision

and may supervise/lead others.

● Possess the ability to communicate in both oral and written forms, demonstrating an ability to

communicate effectively with all levels of staff as well as clients.

● Maintain standard working hours per the DIGIT contract and to be available for meetings, and other

collaborative efforts during working hours.

● Demonstrated ability to apply comprehensive knowledge across key tasks and high impact assignments

with the ability to use practical experience and training to determine how to accomplish tasks.

Preferred Skills:

● Strong knowledge of the different identity and access management (IAM) concepts, technologies and

authentication protocols.

● Public Key Infrastructure (PKI):

o Active Directory Certificate Services (AD CS).

o HID Credential Management System (CMS).

o HID ActivClient.

o Federal PIV/CAC.

o Safenet Hardware Security Module (HSM’s).

● Identity Management services operations including but not limited to:

o SailPoint IdentityIQ

o SecureAuth

o SAML 2.0

o Forefront Identity Manager/Microsoft Identity Manager

o Active Directory Federation Services

● Active Directory including but not limited to:

o Microsoft Active Directory

o Azure Active Directory

o NetIQ DRA

o NetIQ Group Policy Administrator (GPA)

o Active Directory Lightweight Directory Services

o Vulnerability Mitigation

● Experience with Splunk engineering and administration.

DIGIT

2 August 2023 DIGIT - GSA 4 | P a g e

● Privileged access management (PAM) systems such as CyberArk.

● Hands-on experience with cloud computing services (O365/Microsoft Azure/AWS).

● Experience with SailPoint IdentityIQ integration and operations.

● Okta certified

● Powershell, java and .NET scripting.

● An understanding of Zero Trust concepts.

● Proficiency in the Google Suite (Gmail, Calendar, Chat, Meet, Docs, Slides, Sheets), Microsoft Office

(Word, Excel, PowerPoint, Outlook), Slack, and ServiceNow.

● Must be willing to work a variety of shifts, including holidays as scheduled.

Education and Experience:

● Bachelor of Science Degree (or equivalent) and 7-12 years of experience.

● 4+ year experience working with IDMS systems.

● Experience as a remote worker demonstrating time management and self discipline with cultural change

management and Agile mindset.

Benefits

SES provides a competitive salary and the following benefits:

• Medical
• Dental
• Vision
• AD&D
• STD
• LTD
• Company paid Life Insurance
• 401k with employer contribution
• Paid Time Off
• Pet Insurance