Job was saved successfully.
Job was removed from Saved Jobs.

Job Details


Senior SecureAuth Engineer ( R-00085808 )





Reston, Virginia, United States


Job Description:

Leidos currently has an opening on the Digital Innovation for General Services Administration (GSA) Infrastructure Technologies (DIGIT) program for a Senior SecureAuth Engineer supporting a surge effort to assist the agency in modernizing Identity and Access Management (IAM), Single Sign-On (SSO) and Multi-Factor Authentication (MFA) solutions across the enterprise in a zero trust environment. This position is a 100% telework opportunity and we are seeking candidates from across the contiguous United States.

Primary Responsibilities:

  • Implement technical capabilities including IAM solutions and application integrations, to enhance enterprise security risk posture.
  • Intimately familiar with IAM related protocols such as SAML, SPML, XACML, SCIM, OAuth, OIDC, OpenID and REST APIs, and other security interfaces
  • Strong experience with Directories, SSO, Federation, Delegated administration, API gateways, SOA services.
  • Strong understanding of cloud computing architecture, technical design, and implementations, including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) delivery models.
  • Provide Proof of Concepts and Pilots for Advancing Zero Trust and final implementation to transfer Zero Trust integration to infrastructure engineering support.
  • Solid understanding of Privileged Access Management (PAM) and security concepts.
  • Unix/Linux server administration experience and demonstrated understanding of LDAP bridging technology.
  • Advanced knowledge of MS Active Directory authentication, Group Policy Objects, LDAP, including design, configuration, and deployment.
  • Provide advanced support for IAM/SSO/MFA by troubleshooting a variety of difficult software problems, implementing bug fixes, and performing root cause analysis using agile methodologies
  • Removing the Integrated Windows Authentication (IWA)/Kerberos/SPNEGO configurations currently in use for applications in the enterprise Single Sign On platform and possibly replaced with a shared realm concept.
  • Enabling and testing PIV (x509 client auth) and WebAuthN Platform authentication options.
  • Enabling and testing one or more risk based configurations in the adaptive analytics / threat intel module in the enterprise Single Sign On platform.
  • Supporting government customers having a multi-site, distributed enterprise Network architecture.
  • Utilize automation and role-based management to ensure availability of access and continuity of services.
  • Identifying process improvement opportunities for review and subsequent implementation.
  • Performing solution upgrades including installation, configuration, hardening and integration.
  • Contributes to deliverables and performance metrics where applicable.

Basic Qualifications:

  • Bachelor’s degree (or equivalent) and a minimum 7-12 years of related experience.
  • Ability to obtain Public Trust Clearance.
  • ITILv4 Foundation Training and certification.
  • Possesses and applies fundamental concepts, processes, practices, and procedures on multiple complex work assignments.
  • Have extensive knowledge of SecureAuth version 9.X or higher.
  • Have working knowledge of Multi-Factor Authentication (MFA).
  • Have working knowledge of RADIUS.
  • Must be willing to work a variety of shifts, including holidays as scheduled.
  • Possess the ability to communicate in both oral and written forms, demonstrating an ability to communicate effectively with all levels of staff as well as clients.
  • Demonstrated ability to apply comprehensive knowledge across key tasks and high impact assignments.
  • Effectively performing duties and collaboration in a remote telework environment.

Preferred Qualifications:

  • Strong knowledge of the different identity and access management (IAM) concepts, technologies and authentication protocols.
  • Experience with Single Sign On services (SSO) operations including but not limited to: SecureAuth, Active Directory Federation Services.
  • Knowledge of Single Sign On services (SSO) protocols: OpenID Connect (OIDC), Security Assertion Markup Language (SAML 2.0), Fast Identity Online (FIDO2), Web Authentication (WebAuth)
  • Hands on experience with SecureAuth advanced authentication concepts such as: Adaptive Authentication, Behavioral analytics, Risk analysis, Biometric tracking
  • An understanding of Zero Trust concepts.
  • Hands-on experience with OKTA, PING and CISCO Duo.
  • Hands-on experience with cloud computing services (Microsoft Azure/AWS).
  • Security+ certification.

Pay Range:Pay Range $94,250.00 - $145,000.00 - $195,750.00

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.