Identity Access Management Engineering Analyst -- TS SCI Required
GDIT seeks a TS/SCI Cleared qualified IdAM Analyst to provide engineering support for DIA’s Identity Access Management (IdAM) Public Key Infrastructure. IdAM discipline areas consist of digital identities, Access Control, and Authorization such as Active Directory/Virtual Directory Services, PKI and supporting technologies, Attribute Based Access Control (ABAC) / Policy Based Access Control (PBAC) and Role Based Access Control (RBAC). Primary duties consist of integrating IdAM solution designs that include the development of high availability / disaster recovery solutions assuring basic integrity and confidentiality of critical privacy data hosted on DIA supported networks/systems, integrating defense in depth design\security controls based on NIST 800.82 publication, ensuring high availability and data integrity through the enforcement and enhancement of group policy objects (GPOs), integration with standard and future encryption devices and object level encryption, and incorporation of Data Rights Management (DRM), providing security analysis and recommendations on all IDAM capabilities such as authentication, authorization and user management activities, engineering analysis on integration between ArcSight ESM and IdAM Attribute Based Access Control (ABAC), assisting in ensuring all requirements of ICD 503 have been met to facilitate the accreditation of the final solution, as well as develop security test plans and supporting documentation to ensure that developed systems are in compliance with security directives such as ICD 503 and local security policies.The qualified candidate will have knowledge of concepts such as; defense in-depth, vulnerability, assessment, cyber attacking, remote analysis, cross security domain, group policy object (GPO), organizational units (OUs) modeling, encryption, high availability and data integrity, as well as experience with the integration of prevailing commercial identity management software packages for Infrastructure (PKI) interfaces, Two-Factor-Authentication technologies, Robust Certificate Verification System (RCVS), Online Certificate Status Protocol (OCSP) and all interacting interfaces, WEB Services and associated WSDLs, Microsoft Active Directory Lightweight directory service (MS AD-LDS), Microsoft Forefront Identity Manager (FIM), Virtual Directory systems such as Radiant Logic, Optimal and LDAP based infrastructure, Claims-based identity security service and interfacing with web portals, SharePoint and generic web-based applications, as well as knowledge of federated identity standards such as SOAP, REST and the OASIS SAML 2.0 X.509 Attribute Sharing Profile Other functional duties consist of:
- Analyzes user needs to determine functional requirements for a wide variety of projects.
- Performs technical assessments aimed at improving client systems.
- Performs functional allocations to identify tasks and their inter-relationships.
- Researches, identifies, and recommends resources required for task execution and completion.
- Performs functional modeling based on requirements analysis.
- Develops new systems or updates existing systems to meet client needs.
- Serves as technical advisor to clients in assigned subject areas, recommends functional changes, and identifies areas for further investigation.
- Generates recommendations in the form of technical briefings, reports, and other major documents provided to senior level client personnel.
- Consults with clients to determine optimum design for assigned projects.
- Identifies emerging relevant technologies that may result in improvements to current processes and systems.
- Writes and updates project documentation including system procedures, presentations, and training materials.
- Conducts functional testing of various systems.
- Provides guidance and work leadership to less-experienced analysts, and may have supervisory responsibilities.
- May serve as technical team or task lead.
- Maintains current knowledge of relevant technologies and subject areas.
- Participates in special projects as required.