Serves as a senior technical engineer for ICAM federation, application onboarding, authentication, authorization, and integration services; designing, configuring, integrating, testing, and sustaining enterprise identity provider, single sign-on, multifactor authentication, claims, token, and API-based access management capabilities across DoD enterprise, cloud, mission, and legacy applications; supporting Zero Trust and FICAM-aligned ICAM services; and ensuring compliance with DoD, NIST, and Intelligence Community standards and frameworks.
Primary Responsibilities
Work with senior leadership, customers, application owners, security teams, mission partners, and operations teams to plan and execute ICAM federation and application onboarding activities using Agile methodologies.
Integrate Okta, Ping Federate, Radiant Logic, Microsoft Entra ID, Keycloak, ForgeRock, SailPoint, Delinea, HashiCorp, and related ICAM platforms with enterprise and mission applications.
Assess current application authentication and access management architectures; analyze alternatives and implement federation and onboarding solutions that accelerate integration with enterprise ICAM services.
Develop and present federation designs, claims mappings, integration artifacts, test plans, technical briefings, and application onboarding demonstrations.
Evaluate emerging federation and authentication technologies and guide engineering teams in implementing scalable, secure, and mission-aligned SSO, MFA, API integration, and application onboarding solutions.
Develop service design procedures and technical recommendations for application integration, claims release, federation protocols, MFA, API security, deployment automation, and operational handoff.
Ensure engineering teams deliver effective SSO, federation, MFA, API integration, and onboarding capabilities supporting enterprise mission objectives.
Support integration of enterprise identity providers and access management services across cloud, mission, and hybrid application environments.
Provide technical status updates and implementation risk assessments to internal and external stakeholders.
Serve as a technical lead for federation, identity provider, and application onboarding activities while mentoring junior engineers.
Prepare and present architecture diagrams, implementation plans, technical demonstrations, and integration briefings.
Recognized as a trusted technical leader for ICAM federation, single sign-on, multifactor authentication, and enterprise application integration.
Required Qualifications
Active DoD Secret Clearance or higher.
Typically requires BS degree and 12+ years relevant experience. Additional experience may be considered in lieu of degree.
Experience with IdAM / ICAM delivery systems, enterprise identity providers, SSO, authentication and authorization services, federated identity management, claims engineering, access management APIs, entitlement management, and digital policy management.
Experience with security accreditation processes and identity-related security control implementation.
Experience supporting cloud-hosted identity services, enterprise application integration, and AWS or comparable cloud environments.
Experience with SAML 2.0, OIDC, OAuth 2.0, FIDO2/WebAuthn, CAC/PIV, PKI, MFA, step-up authentication, and token-based access control concepts.
Understanding of context-aware access, RBAC, ABAC, device posture, network context, and risk-based authentication principles.
Experience integrating enterprise applications using federation protocols, APIs, claims transformation, and identity provider technologies.
Excellent oral and written communication skills.
Required Certification(s):
One or more DoD 8140.01 Level III Certifications
Active Computing Environmental certification (CE) in job-related duties such as Okta, Ping Identity, Microsoft Entra ID, F5, Keycloak, or related ICAM platform certification
Desired Qualifications:
Minimum of one identity provider, federation, cloud, or security certification such as Okta, Ping Identity, Microsoft Entra ID, AWS Associate, CISSP, or equivalent
5+ years of Commercial Cloud Services (C2S), DoD cloud, or classified mission environment experience
Experience integrating legacy, COTS, SaaS, cloud-native, financial management, and custom applications with enterprise ICAM services
Experience designing and implementing configurable MFA, step-up authentication, non-CAC authentication, self-service, and mission partner access patterns
Experience with API security, policy enforcement points, claims transformation, token exchange, secrets management, and certificate lifecycle considerations
Managing complex Sponsor relationships and requirements gathering across enterprise, component, application owner, and operations communities
Experience migrating applications from local authentication or legacy SSO to enterprise identity provider and federation services
Injecting detailed technical direction into teams for adoption of federation, application onboarding, CI/CD, and operational integration practices
TS/SCI eligible
If you're looking for comfort, keep scrolling. At Leidos, we outthink, outbuild, and outpace the status quo — because the mission demands it. We're not hiring followers. We're recruiting the ones who disrupt, provoke, and refuse to fail. Step 10 is ancient history. We're already at step 30 — and moving faster than anyone else dares.
May 22, 2026
For U.S. Positions: While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.
Pay Range $131,300.00 - $237,350.00
The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.
Leidos is a Fortune 500® innovation company rapidly addressing the world’s most vexing challenges in national security and health. The company's global workforce of 48,000 collaborates to create smarter technology solutions for customers in heavily regulated industries. Headquartered in Reston, Virginia, Leidos reported annual revenues of approximately $15.4 billion for the fiscal year ended December 29, 2023.
Leidos was cited for the meaningful work employees perform that is challenging, impactful, and aligned with our customers’ missions as reasons professionals want to work and stay at our company. Leidos has also been named to lists including Forbes’ Best Employers for Diversity, Forbes’ America’s Best Employers for Women, Military Times Best for Vets Employers, and Ethisphere Institute’s World's Most Ethical Companies®.
Employees enjoy career enrichment opportunities available through mobility and development and experience rewarding relationships with supportive supervisors and talented colleagues and customers. Employees appreciate our flexible work environment, allowing for and encouraging a true work-life balance. Our professionals are also excited about our Employee Resource Groups, like the Collaborative Outreach with Remote and Embedded Employees (CORE), which strives to create an environment where every employee, regardless of location, feels fully engaged as a valued employee of Leidos.
Your most important work is ahead, visit careers.leidos.com for our latest opportunities.
