Senior Identity and Access Management (IAM) Engineer

Company OverviewXCEL Engineering, Inc. is an award-winning small business that provides trusted information technology, engineering, consulting and project management solutions and services to federal agencies and organizations. Originally founded in 1971 by professional engineers at the University of Tennessee, XCEL was acquired in 2003 by U.S. Army and Navy veterans and in 2023 became a MartinFed company.XCEL Engineering is a part of IT Lab Partners (ITLP) which was created to support a leading research facility in the East Tennessee region in recruiting the best and the brightest technical talent. Considering joining our impressive team today!Job OverviewXCEL Engineering is seeking a qualified applicant for a Senior Identity and Access Management Engineering for the American Science Cloud. AmSC is a secure, federated, and science-optimized cloud environment that integrates the DOE's world-leading computing and experimental facilities, data resources, and high-performance networks. The AmSC platform enables DOE scientists to create, access, and integrate world-class AI-ready datasets, run scalable model training on leadership-class systems, perform distributed simulations, control instruments, and move data efficiently across sites.Essential Functions Lead the architecture, development and implementation of an Identity and Access Management platform using the Ping suite of products Contribute to workflow design, API development, and collaborate with application developers and owners to establish robust integrations Plan, execute and document application onboarding of a diverse and growing application set Collaborate with IAM personnel from other organizations to design, build and administer a federation hub, allowing users to access resources at any participating facility Build out and enable ABAC, RBAC, least privilege access and other common IAM standards Deploy, configure and support identity and access management services such as single sign on (SSO), OAuth, MFA, zero trust, etc.... Lead incident response, providing advanced troubleshooting and building out of monitoring and alerting systems Define and implement define KPIs, processes and drive continuous improvement. Participate in on-call rotation providing 24-hour, 7-day support and off-hours maintenance windows. Coordinate with vendors to resolve hardware and software problems. Deliver AmSC's mission by aligning behaviors, priorities, and interactions with our core values of Impact, Integrity, Teamwork, Safety, and Service. Promote diversity, equity, inclusion, and accessibility by fostering a respectful workplace - in how we treat one another, work together, and measure success.Basic Qualifications United States citizen with the ability to obtain a security clearance. Bachelor's degree in Information Technology, IT Operations Management, or a related field.Desired QualificationsExtensive experience in Identity and Access Management supporting SSO, OAuth, MFA, and API developmentExcellent interpersonal/communication skills, and the ability to work as part of a team.Proven track record leading and driving the delivery of large, complex IAM projectsStrong experience with the Ping suite of IAM products, bonus points for Ping Government Identity Cloud experienceExtensive experience with web authentication implementation such as SAML, OAuth, API-token, REST, etc....Experience in directory services and directory structure, specifically using LDAP and/or PingDirectoryExperience implementing RBAC and ABAC in complex enterprise environmentsStrong experience in identity federation design and implementation using standards like OIDC and SAML to manage user identities across disparate systemsExperience with Automation and scripting (Python, etc...) for IAM tasksWorking knowledge of cloud application architecture patterns and a thorough grasp o common products and managed services for at least one Cloud Service Provider (e.g. AWS)Working knowledge of Unix system fundamentals and common network protocols.Solid understanding of cloud computing networking concepts.Ability to proactively identify performance issues, problems, and areas for improvement.Ability to identify requirements and to define, plan, and implement requisite solutions.An understanding of code review and familiarity with tools like GitHub and GitLabExperience using tools such as Nagios, Grafana and Prometheus to monitor systems, metrics, and create dashbo