TS/SCI Identity Provider Engineer

An employer in the Reston, Virginia area is seeking a TS/SCI Identity Provider Engineer for a direct hire opportunity. In this role, the selected candidate will support large scale Identity and Access Management (IAM) initiatives, helping clients securely manage user access and protect mission critical systems. The engineer will work closely with stakeholders and engineering teams to understand user roles, access requirements, and identity lifecycle needs, and will design, deploy, and support IAM solutions that manage authentication, authorization, and credentials, including single sign on and privileged access. This position will also contribute to the implementation of zero trust and identity based security solutions to prevent unauthorized access and safeguard sensitive data. An active Top Secret clearance with SCI eligibility is required, along with a willingness to complete a CI polygraph. This role requires on site presence five days per week. Can sit in Reston, VA (preferred), Charlottesville, VA, Mclean, VA or Colorado Springs, CO.

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.

Active TS/SCI clearance (must be willing to take a polygraph)
5+ years of experience with Ping Federate, Okta, Entra ID, or ADFS
Experience with SAML 2.0, OAuth 2.0, and OpenID Connect (OIDC)
Experience with Identity federation and Single Sign-On (SSO)
Experience with access control models such as RBAC and ABAC
Experience integrating IdPs with directory services such as Active Directory (AD) and LDAP, including synchronization and authentication workflows
Knowledge of Zero Trust architectures and implementation of password-less authentication or multifactor authentication (MFA) within the IdP environment
Ability to resolve complex identity and federation issues, including token validation errors, assertion mismatches, and connectivity problems
Ability to design and operate IdP solutions across on-premises, hybrid, and cloud infrastructures, including AWS, Azure, or Google Cloud

Experience implementing System for Cross-domain Identity Management (SCIM) protocols for automated user provisioning and lifecycle management between identity providers and applications
Experience with advanced platform features such as Okta Workflows, Ping Identity Suite advanced policy scripting, adaptive authentication, and the development of custom login pages
Experience with scripting languages such as Python, PowerShell, or Bash to automate IdP configuration, monitoring, and remediation tasks
Knowledge of cloud-native IAM services, including Azure Active Directory, AWS IAM, or Google Cloud Identity
TS/SCI clearance with a polygraph

Benefit packages for this role will start on the 1st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.