Identity & Access Management Engineer (TS/SCI)

The Judge Group

Feb 21
Top Secret/SCI
Unspecified
Polygraph
IT - Security
Somerset, MD (On-Site/Office)
The Judge Group is currently seeking a Identity & Access Management Engineer with an active TS/SCI clearance to support an IC customer in Bethesda, MD. For immediate consideration email your resume to rkissinger@judge.com.
- Robbie Kissinger

Location: Bethesda, MD

Security Clearance: TS/SCI

About the Role: As an IAM Engineer, you will validate the health, status, operations, and maintenance of identity management systems, including Keycloak and OpenID Connect (OIDC) technologies. You will work in a collaborative team environment supporting a large enterprise across multiple enclaves and sites.

Responsibilities:

  • Design and implement IAM solutions using Keycloak for secure authentication and authorization based on OIDC, OAuth2, and SAML protocols.
  • Integrate Keycloak with internal and external applications, APIs, and third-party services to enable secure access and identity federation.
  • Manage and maintain the Keycloak infrastructure, including clustering, performance tuning, and monitoring.
  • Implement custom authentication flows, policies, and user federation strategies using Keycloak.
  • Collaborate with DevOps and infrastructure teams to ensure the scalability, security, and high availability of Keycloak deployments.
  • Automate identity and access workflows, including user provisioning, de-provisioning, and role-based access control (RBAC).
  • Provide technical expertise for OIDC/OAuth2 standards, keeping up with industry trends and ensuring compliance with evolving security requirements.
  • Troubleshoot issues related to authentication, authorization, and access control, ensuring a seamless user experience.
  • Document system configurations, processes, and troubleshooting procedures for internal teams and stakeholders.
  • Conduct regular security audits and recommend improvements for IAM practices and systems.
  • Participate in and contribute to cross-functional teams working on broader IAM, DevSecOps, and security initiatives.
  • Provide support for implementing, troubleshooting, and maintaining identity management systems.
  • Rapidly distinguish isolated user problems from enterprise-wide application/system problems and provide recommended solutions.
  • Provide follow-up reports for root cause analysis, engineering technical assessment, and process improvement initiatives.
  • Update operations and maintenance documentation for 24/7/365 enterprise watch personnel.
  • Work with Operations, Engineering, and vendor support to develop solutions to complex technical issues.
  • Work independently as part of a virtual team.
  • Provide mentorship and training for junior team members.


Basic Qualifications:

  • Bachelor's degree in Computer Science, Information Technology, or a related field, or equivalent work experience.
  • 3-5 years of experience in Identity and Access Management (IAM) with a focus on Keycloak and OIDC/OAuth2 technologies.
  • Strong hands-on experience with configuring, deploying, and managing Keycloak in a production environment.
  • Deep understanding of authentication and authorization protocols including OIDC, OAuth2, SAML, and LDAP.
  • Proficiency in Java, Python, or other scripting languages used for extending and automating Keycloak.
  • Experience with user federation (LDAP, Active Directory, etc.) and social identity providers (Google, Facebook, etc.) using Keycloak.
  • Familiarity with DevOps practices, including CI/CD pipelines, and experience with Docker, Kubernetes, and infrastructure-as-code (IaC) tools such as Terraform.
  • Strong problem-solving and debugging skills, particularly in complex, distributed environments.
  • Ability to work in an Agile/Scrum environment, collaborating with cross-functional teams.
  • Strong communication skills, with the ability to articulate technical solutions to both technical and non-technical stakeholders.
  • Must meet DoD 8570.11- IAT Level II certification requirements (currently Security+ CE, CCNA-Security, GSEC, or SSCP along with an appropriate computing environment (CE) certification).
  • Must have a Bachelor's degree with at least 12 years of relevant experience. Additional years of experience may be considered in lieu of a degree.
  • Due to the nature of the government contracts we support, US Citizenship is required.
  • TS/SCI clearance with Polygraph required or a TS/SCI and willingness to obtain a Poly.
group id: cxjudgpa
R
Recruiter
Find The Judge Group on Social Media
FacebookFacebookInstagramInstagramXXOther
Network Employers (14)
J
Technical and Engineering Recruiter
N
Senior Technical Recruiter
R
Recruiting Manager
M
Recruiter
B
Sr. Technical Recruiter
About Us
The Judge Group is an international leader in talent solutions that specializes in bridging technology talent gaps. Judge Technical Services, a Judge company, participates in the National Industrial Security Program and can obtain, maintain and service clearances up to and including Top Secret. For decades, Judge has worked with clients across all aspects of the government, aerospace and defense, and commercial sectors. Our greatest asset is the talent we work with.
See The Judge Group profile

The Judge Group Jobs

Job Category
IT - Security
Clearance Level
Top Secret/SCI