Job Description

​​Serves as the hands-on technical lead for ICAM engineering, integration, onboarding, and operational delivery across enterprise, cloud, coalition, and mission environments. This role leads the implementation, configuration, troubleshooting, sustainment, and modernization of Zero Trust identity and access management services including authentication, authorization, federation, identity governance, privileged access management, and enterprise application integration capabilities aligned to DoD, FICAM, NIST, and Intelligence Community standards and frameworks.

​The Lead ICAM Engineer is responsible for driving technical execution across the full ICAM lifecycle, including platform integration, application onboarding, federation engineering, claims transformation, provisioning automation, deployment automation, operational transition, and production sustainment. The role requires hands-on engineering leadership supporting enterprise ICAM modernization efforts across cloud-hosted, hybrid, multi-domain, and mission partner environments.

​

​ Primary Responsibilities 

• ​Work with senior leadership, customers, application owners, security teams, mission partners, and operations personnel to plan and execute ICAM engineering and integration activities using Agile methodologies.

• ​Lead hands-on configuration, integration, troubleshooting, and sustainment of ICAM platforms including Okta, Ping Federate, SailPoint, Delinea, Radiant Logic, HashiCorp, Corsha, Keycloak, Microsoft Entra ID, and related identity and access management technologies.

• ​Implement and maintain authentication, authorization, federation, identity governance, privileged access management, and application onboarding capabilities supporting Zero Trust and FICAM-aligned enterprise architectures.

• ​Lead integration and onboarding of legacy, cloud-native, SaaS, mission, and coalition applications into enterprise ICAM services.

• ​Troubleshoot federation, authentication, claims mapping, token transformation, provisioning, entitlement, and access control issues across enterprise and mission environments.

• ​Develop and maintain implementation procedures, onboarding standards, deployment documentation, operational engineering practices, and sustainment processes supporting ICAM delivery.

• ​Configure and integrate SAML 2.0, OIDC, OAuth 2.0, SCIM, REST APIs, PKI, CAC/PIV, MFA, and passwordless authentication technologies.

• ​Support implementation of RBAC, ABAC, context-aware access control, device posture validation, and risk-based authentication capabilities.

• ​Implement and maintain DevSecOps pipelines, infrastructure-as-code, deployment automation, and configuration management processes supporting ICAM services.

• ​Support integration of ICAM services across cloud, enterprise, hybrid, and multi-domain mission environments including AWS, GovCloud, IL5/IL6, and classified systems where applicable.

• ​Provide hands-on engineering support during testing, deployment, operational transition, incident response, troubleshooting, and production sustainment activities.

• ​Develop and present integration artifacts, implementation plans, deployment procedures, technical briefings, and operational status updates to internal and external stakeholders.

• ​Guide engineering teams in implementing scalable, secure, and operationally sustainable ICAM capabilities aligned to mission objectives.

• ​Serve as the technical lead for ICAM engineering, federation integration, application onboarding, and operational delivery activities while mentoring junior engineers.

• ​Recognized as a trusted technical leader for enterprise ICAM modernization, Zero Trust implementation, and mission integration.

​

​ Required Qualifications 

• ​Active DoD Secret Clearance or higher.

• ​Typically requires BS degree and 12+ years relevant experience. Additional experience may be considered in lieu of degree.

• ​Experience with IdAM / ICAM delivery systems, authentication, authorization, federated identity management, identity governance, entitlement management, privileged access management, attributes, and digital policy management.

• ​Hands-on experience integrating and troubleshooting enterprise identity providers, federation services, MFA platforms, provisioning systems, and application onboarding solutions.

• ​Experience configuring and supporting SAML 2.0, OIDC, OAuth 2.0, SCIM, REST APIs, CAC/PIV, PKI, MFA, token-based authentication, and claims transformation technologies.

• ​Experience with security accreditation processes and implementation of identity-related security controls supporting DoD environments.

• ​Experience architecting, implementing, and sustaining enterprise cloud-hosted ICAM services within AWS or comparable cloud environments using infrastructure-as-code and automation concepts.

• ​Understanding of Zero Trust architecture, federation, RBAC, ABAC, risk-based authentication, context-aware access, and cloud-native security principles.

• ​Experience supporting application onboarding and federation integration across enterprise, cloud, mission, and coalition environments.

• ​Experience interacting with cross-functional teams including Software Development, Systems Engineering, Security, Operations, Compliance, Verification and Validation, and Quality Assurance.

• ​Experience working in Agile, SAFe, or Scrum environments using DevSecOps and CI/CD technologies such as Git, Jenkins, Docker, Azure DevOps, Puppet, Terraform, and Confluence.

• ​Knowledge of software configuration management lifecycle deliverables, operational sustainment processes, and deployment management practices.

• ​Excellent oral and written communication skills.

​

​ Required Certification(s): 

• ​One or more DoD 8140.01 Level III Certifications

• ​Active Computing Environment certification relevant to job duties such as AWS Cloud, Microsoft Cloud, Okta, Ping Identity, SailPoint, Microsoft Entra ID, or related ICAM platform certifications.

​

​ Desired Qualifications: 

• ​Minimum of one AWS Associate-level certification such as AWS Certified Solutions Architect Associate, AWS Certified Developer Associate, or AWS Certified SysOps Administrator Associate.

• ​Experience supporting C2S, DoD cloud, GovCloud, IL5/IL6, or classified mission environments.

• ​Experience implementing CloudFormation, Terraform, serverless architectures, and cloud-native deployment patterns.

• ​Experience integrating legacy, COTS, SaaS, cloud-native, financial management, and mission applications into enterprise ICAM services.

• ​Experience supporting large-scale ICAM modernization, application migration, and federation onboarding initiatives.

• ​Experience with API security, secrets management, certificate lifecycle management, claims transformation, and token exchange capabilities.

• ​Familiarity with NIST 800-53, NIST 800-63, DoD Zero Trust guidance, and FICAM architectures.

• ​TS/SCI eligible.

If you're looking for comfort, keep scrolling. At Leidos, we outthink, outbuild, and outpace the status quo — because the mission demands it. We're not hiring followers. We're recruiting the ones who disrupt, provoke, and refuse to fail. Step 10 is ancient history. We're already at step 30 — and moving faster than anyone else dares.

Original Posting:

May 22, 2026

Pay Range:

Pay Range $131,300.00 - $237,350.00

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.