Job Description
Koniag IT Systems, LLC, a Koniag Government Services company, is seeking an ICAM Cloud DevOps Engineer with a Secret Security clearance to support KITS and our government customer. The position is remote.
We offer competitive compensation and an extraordinary benefits package including health, dental and vision insurance, 401K with company matching, flexible spending accounts, paid holidays, three weeks paid time off, and more.
Koniag IT Systems, LLC a Koniag Government Services company, is seeking an experienced ICAM Cloud DevOps Engineer to join a team supporting Identity, Credential, and Access Management (ICAM) solutions for our government customers. The ideal candidate is a technically skilled and innovative professional with deep expertise in cloud infrastructure, DevOps practices, and the deployment and operation of enterprise ICAM platforms within a federal government environment. This individual will play a critical role in designing, building, and maintaining the cloud infrastructure, automation pipelines, and operational tooling that underpin ICAM services, ensuring that identity and access management solutions are deployed securely, reliably, and efficiently at enterprise scale.
The ICAM Cloud DevOps Engineer will be responsible for designing, implementing, and maintaining the cloud infrastructure, CI/CD pipelines, automation frameworks, and operational tooling that support the deployment and operation of ICAM platforms and services in a federal government cloud environment. This individual will work closely with ICAM architects, platform engineers, security teams, ISSMs, and government stakeholders to ensure that ICAM cloud infrastructure is secure, scalable, highly available, and compliant with federal requirements and DevSecOps best practices.
Principal responsibilities will include but are not limited to:
• Design, implement, and maintain cloud infrastructure supporting ICAM platforms and services, including computer, networking, storage, and security components, leveraging infrastructure-as-code (IaC) principles and tools.
• Build, maintain, and optimize CI/CD pipelines for the automated deployment, testing, and release of ICAM platform configurations, integrations, and application code across development, test, staging, and production environments.
• Implement and manage infrastructure-as-code (IaC) solutions using tools such as Terraform, AWS CloudFormation, or Ansible to provision and manage cloud resources supporting ICAM platforms in a consistent, repeatable, and auditable manner.
• Support the deployment, configuration, and operational management of ICAM platform components in cloud environments, including Okta tenant configurations, SailPoint cloud deployments, and related identity infrastructure.
• Collaborate with ICAM architects and platform engineers to design cloud architectures that meet federal security requirements, Zero Trust principles, and ICAM platform-specific technical requirements.
• Implement and maintain DevSecOps practices across the ICAM platform delivery lifecycle, integrating security scanning, vulnerability assessment, compliance checks, and policy enforcement into CI/CD pipelines.
• Develop and maintain automated testing frameworks for ICAM platform deployments, including unit tests, integration tests, and smoke tests to validate the correctness and security of deployed configurations.
• Design and implement cloud monitoring, logging, and alerting solutions for ICAM platform infrastructure, leveraging tools such as AWS CloudWatch, Azure Monitor, Splunk, or equivalent platforms to ensure proactive visibility into system health and security events.
• Manage and maintain cloud-based secrets management, certificate management, and key management solutions supporting ICAM platform operations, ensuring secure handling of sensitive credentials and cryptographic material.
• Support the configuration and management of cloud networking components relevant to ICAM platform operations, including VPCs, subnets, security groups, load balancers, DNS, and API gateways.
• Collaborate with security teams and ISSMs to ensure cloud infrastructure and DevOps pipelines comply with federal security standards, including NIST SP 800-53 controls, FedRAMP requirements, and DoD cloud security policies.
• Contribute to ATO documentation and continuous monitoring activities by providing cloud infrastructure configuration details, security assessment evidence, and remediation support for identified findings.
• Implement and maintain disaster recovery (DR) and business continuity capabilities for ICAM cloud infrastructure, including backup and restore procedures, failover configurations, and recovery time objective (RTO) and recovery point objective (RPO) validation.
• Participate in changing management processes, assessing the infrastructure and operational impact of proposed changes to ICAM cloud environments and supporting their review, approval, and implementation.
• Develop and maintain comprehensive technical documentation for ICAM cloud infrastructure, including architecture diagrams, runbooks, deployment guides, and operational procedures.
• Provide Tier 3 infrastructure support for ICAM platform incidents, troubleshooting complex cloud infrastructure and pipeline issues in coordination with platform engineers and service desk teams.
• Evaluate and recommend emerging cloud technologies, DevOps tools, and automation frameworks relevant to ICAM platform operations, providing informed assessments of their suitability for adoption within the federal ICAM cloud environment.
• Support the continuous improvement of ICAM cloud operations through automation, tooling enhancements, and process optimization initiatives.
Education and Experience:
Required:
• Bachelor's degree in Computer Science, Information Technology, Cloud Computing, Cybersecurity, or a related field from an accredited college or university; equivalent work experience may be considered in lieu of a degree.
• 4+ years of hands-on experience in cloud engineering, DevOps, or infrastructure automation roles within an enterprise IT environment.
• 2+ years of experience supporting the deployment and operation of enterprise identity and access management platforms or security-focused cloud workloads in a federal government or DoD environment.
• Demonstrated hands-on experience with at least one major cloud platform (AWS, Azure, or Google Cloud), including experience with cloud services relevant to ICAM platform operations.
• Active Secret Clearance required.
Required Skills and Competencies:
• Exceptional communication skills in English – both written and oral – with the ability to communicate complex cloud infrastructure and DevOps concepts clearly to both technical teams and non-technical program managers and government stakeholders.
• Hands-on experience designing, implementing, and managing cloud infrastructure on AWS, Azure, or Google Cloud, including compute, networking, storage, security, and identity services relevant to ICAM platform operations.
• Demonstrated proficiency with infrastructure-as-code (IaC) tools, including Terraform, AWS CloudFormation, Azure Resource Manager (ARM) templates, or equivalent, for the automated provisioning and management of cloud resources.
• Strong experience building and maintaining CI/CD pipelines using tools such as Jenkins, GitLab CI, GitHub Actions, Azure DevOps, or equivalent platforms, including the integration of security and compliance checks into pipeline workflows.
• Experience implementing DevSecOps practices, including the integration of static code analysis (SAST), dynamic analysis (DAST), software composition analysis (SCA), and compliance-as-code tools into CI/CD pipelines.
• Proficiency with containerization and container orchestration technologies, including Docker and Kubernetes, and their application to ICAM platform component deployment and management.
• Experience with configuration management tools such as Ansible, Chef, Puppet, or Salt for automated configuration and compliance enforcement of cloud infrastructure.
• Strong knowledge of cloud networking concepts, including VPCs, subnets, security groups, network access control lists (NACLs), load balancers, DNS, and API gateways, and their application to secure ICAM platform architectures.
• Experience implementing and managing cloud monitoring, logging, and alerting solutions, including centralized log aggregation, security event monitoring, and infrastructure health dashboards.
• Knowledge of secrets management, certificate management, and key management best practices in cloud environments, including experience with tools such as AWS Secrets Manager, Azure Key Vault, HashiCorp Vault, or equivalent solutions.
• Familiarity with Okta and SailPoint platform deployment and configuration management, including the use of APIs, CLI tools, and automation frameworks to manage platform configurations programmatically.
• Understanding federal cloud security requirements, including FedRAMP authorization processes, NIST SP 800-53 controls, and DoD cloud security policies relevant to ICAM platform operations.
• Experience contributing to ATO processes and continuous monitoring programs, including providing infrastructure configuration evidence and supporting security control assessments.
• Proficiency with scripting languages such as Python, PowerShell, Bash, or JavaScript for automation of cloud infrastructure management, deployment tasks, and operational workflows.
• Demonstrated ability to develop and maintain comprehensive technical documentation, including architecture diagrams, runbooks, deployment guides, and operational procedures.
Clearance Requirement:
• Active Secret Clearance.
Desired Skills and Competencies:
• Experience supporting cloud DevOps operations for ICAM platforms in a Department of the Air Force (DAF), Department of Defense (DoD), or other federal agency environment.
• Experience with SailPoint and Okta.
• AWS Certified DevOps Engineer, AWS Certified Solutions Architect, Microsoft Certified: Azure DevOps Engineer Expert, or equivalent cloud platform certification.
• AWS GovCloud or Azure Government experience, including familiarity with the unique security and compliance requirements of government cloud environments.
• Experience with FedRAMP-authorized cloud environments and the operational requirements associated with maintaining FedRAMP authorization boundaries.
• Certified Kubernetes Administrator (CKA) or Certified Kubernetes Application Developer (CKAD) certification.
• HashiCorp Certified: Terraform Associate or equivalent IaC certification.
• Experience with GitOps methodologies and tools such as ArgoCD or Flux for declarative, version-controlled management of ICAM platform configurations.
• Familiarity with service mesh technologies such as Istio or Linkerd and their application to secure microservices-based ICAM platform architectures.
• Experience with cloud-native security tools and services, including AWS Security Hub, Azure Defender, or Google Security Command Center, and their integration with ICAM platform security monitoring.
• Knowledge of Zero Trust Architecture principles and their practical application to cloud infrastructure design and DevSecOps pipeline security for ICAM platforms.
• Experience with chaos engineering and resilience testing methodologies and their application to ICAM platform availability and disaster recovery validation.
• Familiarity with AI and machine learning operations (MLOps) concepts and their potential application to intelligent automation of ICAM cloud operations and anomaly detection.
• Understanding of PIV/CAC authentication and its integration within federal cloud environments and ICAM platform architectures.
• Experience with NIPRNet cloud operations and familiarity with DoD network security requirements and constraints relevant to cloud-hosted ICAM services.
• CompTIA Security+, CISSP, Certified Cloud Security Professional (CCSP), or equivalent cybersecurity certification.
• Experience with platform engineering practices and the development of internal developer platforms (IDPs) to streamline ICAM platform deployment and operations.
• Familiarity with emerging cloud-native identity standards and technologies, including Workload Identity Federation, SPIFFE/SPIRE, and their application to secure cloud infrastructure authentication within ICAM ecosystems.
Our Equal Employment Opportunity Policy
The company is an equal opportunity employer. The company shall not discriminate against any employee or applicant because of race, color, religion, creed, ethnicity, sex, sexual orientation, gender or gender identity (except where gender is a bona fide occupational qualification), national origin or ancestry, age, disability, citizenship, military/veteran status, marital status, genetic information or any other characteristic protected by applicable federal, state, or local law. We are committed to equal employment opportunity in all decisions related to employment, promotion, wages, benefits, and all other privileges, terms, and conditions of employment.
The company is dedicated to seeking all qualified applicants. If you require an accommodation to navigate or apply for a position on our website, please get in touch with Heaven Wood via e-mail at accommodations@koniag-gs.com or by calling 703-488-9377 to request accommodations.
Koniag Government Services (KGS) is an Alaska Native Owned corporation supporting the values and traditions of our native communities through an agile employee and corporate culture that delivers Enterprise Solutions, Professional Services and Operational Management to Federal Government Agencies. As a wholly owned subsidiary of Koniag, we apply our proven commercial solutions to a deep knowledge of Defense and Civilian missions to provide forward leaning technical, professional, and operational solutions. KGS enables successful mission outcomes for our customers through solution-oriented business partnerships and a commitment to exceptional service delivery. We ensure long-term success with a continuous improvement approach while balancing the collective interests of our customers, employees, and native communities. For more information, please visit www.koniag-gs.com.
Equal Opportunity Employer/Veterans/Disabled. Shareholder Preference in accordance with Public Law 88-352