AWS Cloud Security and ICAM Specialist

Type of Requisition:RegularClearance Level Must Currently Possess:NoneClearance Level Must Be Able to Obtain:NonePublic Trust/Other Required:BI Full 6C (T4)Job Family:IT Infrastructure and OperationsJob Qualifications:Skills:Access Management, Identity Governance, Secure AuthenticationCertifications:NoneExperience:10 + years of related experienceUS Citizenship Required:NoJob Description:The AWS Cloud Security and ICAM Specialist supports the Case Management Modernization (CMM) Program for the Administrative Office of the U.S. Courts (AO) by designing, implementing, and managing secure authentication and authorization frameworks across modernized cloud-based applications. This role ensures compliance with federal identity governance, FedRAMP, and Zero Trust Architecture (ZTA) principles within an AWS environment. The ICAM Specialist collaborates with architecture, security, and DevSecOps teams to ensure access control, identity federation, and credential management are integrated seamlessly across all layers of the CMM application ecosystem.Key Responsibilities:Design and maintain the ICAM architecture for identity, access, and authentication management across AWS-hosted CMM applications and other legacy ICAMImplement federated identity and single sign-on (SSO) solutions using modern protocols (SAML, OAuth2.0, OIDC)Collaborate with Cloud and Security Architects to enforce Zero Trust Architecture (ZTA) across microservices and APIsConfigure and maintain directory services and identity providers (e.g., AWS Cognito, AWS IAM Identity Center, Azure AD, IBM Verify , Key Cloak)Deep experience integrating KeyCloak as a broker IdP federating upstream enterprise IdPs while issuing downstream OIDC token to applicationDesign ICAM brokerage solutions and support compliance assessments, ensuring adherence to FISMA, NIST 800-63, and FedRAMP security controlsDevelop and document identity lifecycle management processes—provisioning, deprovisioning, and access reviewsDesign and implement least privileged roles, groups, functionalities based on ZTA for both privileged and non-privileged users for a FedRAMP High systemExperience defining workflow, rules, policies within ICAM tools particularly IBM Verify and Key CloakConduct access audits, user entitlement reviews, and anomaly detection to ensure least-privilege complianceProvide subject matter expertise in identity federation, PKI, certificate management, and secure API authorizationDesign strategies for logging, monitoring and auditing authentication and authorization related events in combination with other AWS event logsDesign and implement storage level, microservice level Authentication and AuthorizationSupport ATO process by providing solutions to all security controls, document implementation plan, maintain Visio diagramsParticipate in design sessions and work closely with the security leadCollaborate with DevSecOps teams to embed ICAM policies within CI/CD pipelines and Infrastructure-as-Code (IaC) templatesDirect and lead Pen testing, Review architecture diagrams produced by different teamsIndependently lead design and implement of vulnerability managementHeavily participate in ATO activityLead and direct engineering teamDeliverable Alignment & Performance Outcomes:Architecture Diagrams: Depicting identity flow, federation, and integration points with AWS and CMM systemsAccess Control Documentation: Policies, RBAC models, and credential management workflowsCompliance Verification Reports: Audit results aligned to NIST 800-63, FedRAMP, and FISMA standardsZero Trust Implementation Artifacts: Documentation and verification of ZTA enforcement within system componentsPerformance Outcomes:100% of CMM applications integrated with SSO and MFA.Zero unauthorized access incidents attributable to configuration error100% compliance with NIST and FedRAMP ICAM control requirementsReduced account provisioning time by ≥30% through automationTools & Technologies:IAM & Federation: Key Cloak, OktaAccess & Compliance: SailPoint, CyberArk, HashiCorp VaultCloud: AWS IAM, KMS, CloudTrail, LambdaProtocols: SAML, OAuth2.0, OIDC, SCIMMonitoring & Audit: SplunkCollaboration: Jira, Confluence, SharePoint, MS TeamsRequired Skills & Experience:Education: Bachelor’s Degree in Cybersecurity, Information Systems, or related discipline required; Master's Degree preferredExperience: 10+ years of experience in identity and access management, including 8+ years in cloud-based federal environmentsrequired; 12+ years of experience in information systems preferredHands-on experience with Key Cloak and AWS IAM Identity Center for SSO and MFA implementations. (IBM Verify a plus)Strong knowledge of identity federation protocols (SAML, OAuth2.0, OIDC, SCIM) and modern authentication flowsExpertise with RBAC/ABAC frameworks, policy-based access control, and least-privilege enforcementFamiliarity with NIST 800-63, FISMA, FedRAMP, and ZTA standards and compliance frameworksExperience implementing ICAM solutions i