Information Technology Specialist (InfoSec)

Full Job Description

This position is in the Department of the Chief Information Officer (DCIO), Infrastructure & Platform Services Office (IPSO), Platform Engineering Division (PED), Identity and Access Branch (IAB).

IAB ensures the right people have access to the right resources at the right time by managing digital identities, single sign-on, and multi-factor authentication.

Applicants must have demonstrated experience as listed below.

This requirement is according to the AO Classification, Compensation, and Recruitment Systems which include interpretive guidance and reference to the OPM Operating Manual for Qualification Standards for General Schedule Positions.

Applicants must have at least one full year (52 weeks) of specialized experience, which is in or directly related to the line of work of this position.

Specialized experience is demonstrated experience in ALL of the following: Administering enterprise-level identity providers.

Configuring and troubleshooting federated protocols (SAML, OIDC, OAuth) for single sign-on across diverse environments.

Designing zero trust frameworks and implementing conditional access policies based on device health and user behavior.

Managing enterprise directory services (Active Directory/LDAP), including lifecycle management of digital identities and privileged groups Desired, but Not Required: Familiarity with the Federal Judiciary and Administrative Office (AO) policies.

Possession of industry-recognized professional certification such as Certified Information Systems Security Professional (CISSP), Certified Identity and Access Manager (CIAM), or specialized cloud identity certification (e.g., Microsoft SC-300).

Experience with cloud-native identity services (IDaaS) in multi-cloud environments (AWS, Azure, and GCP). Major Duties:

The Platform Engineering Division (PED) is seeking an Information Technology Specialist (InfoSec) to join its Identity and Access Branch (IAB).

The Information Technology Specialist (InfoSec) serves as a technical authority for the engineering, implementation, and tier 3 support of the organization's identity, credential, and access management (ICAM) ecosystem and zero trust architecture (ZTA).

The Information Technology Specialist (InfoSec) manages digital identities, single sign-on (SSO), and multi-factor authentication (MFA) and plays a key role in the organization's transition to a zero trust model by developing dynamic access control policies that continuously verify identity and device health across hybrid on-premises and cloud environments.

Duties include, but are not limited to: Engineering and maintaining enterprise directory services in accordance with NIST SP 800-63 standards to ensure secure ICAM operations.

Governing the identity lifecycle through automated onboarding and offboarding workflows and enforcing least privilege principles.

Designing and deploying SSO and MFA solutions aligned with authenticator assurance levels to reduce unauthorized access.

Integrating federal and commercial applications using SAML 2.0, OIDC, and OAuth 2.0 to ensure secure federation and token exchange.

Leading Zero Trust policy engineering by managing policy decision points and policy enforcement points in a "never trust, always verify" framework.

Configuring conditional access policies to evaluate real-time signals, including device posture, user risk, and geolocation.

Managing public key infrastructure, including certificate issuance and revocation, to maintain enterprise trust.

Implementing hardware-based authenticators to meet federal phishing-resistant authentication requirements.

Performing Tier 3 troubleshooting for directory replication, hybrid synchronization, and federation metadata issues.

Assessing identity and access risks and developing contingency plans for outages or credential compromise.

Mentoring technical staff on federal ICAM mandates and developing job aids to enhance service delivery and security posture.