Identity Access Management SME

The Identity Access Management SME serves as the senior technical authority for enterprise IAM capabilities supporting the SEC ISS contract. This role leads the design and governance of Microsoft Entra- and Microsoft ICAM-based identity services to ensure secure authentication, authorization, and least-privilege access across cloud and on-premises environments. The position drives implementation of conditional access, MFA, PIM/PAM, RBAC, and identity governance workflows aligned to SEC zero-trust objectives and OMB M-22-09 direction. The SME partners with infrastructure, security, and operations teams to sustain audit readiness, support FISMA evidence requirements, and resolve complex identity and access challenges at enterprise scale.

Primary Responsibilities

IAM Strategy, Architecture, and Engineering

- Serve as the enterprise subject matter expert for IAM architecture and provide technical leadership for identity and access services across the SEC ISS environment.

- Design and implement secure authentication and authorization models using Microsoft Entra, Microsoft ICAM, and role-based access controls.

- Lead integration of Entra identity services with Microsoft 365 and enterprise applications to support consistent identity lifecycle and policy enforcement.

- Define IAM standards, patterns, and operating procedures that align with zero-trust principles and federal security requirements.

Identity Governance and Access Control

- Manage joiner/mover/leaver identity lifecycle processes, directory services, and account governance to maintain accurate and timely access provisioning.

- Implement and maintain conditional access policies, multifactor authentication, privileged identity/access management, and identity protection controls.

- Establish and operate access reviews, entitlement management, and governance workflows to enforce least privilege and reduce insider-risk exposure.

- Oversee RBAC design, assignment, and periodic recertification, including automated RBAC processes for consistent policy application.

Compliance, Risk, and Audit Support

- Ensure IAM services support continuing Authorization to Operate objectives through complete, current SOP and control documentation.

- Align IAM controls with NIST, ISO 27001, CISA SCuBA, FISMA, and SEC/OIT security policy requirements.

- Produce technical artifacts and evidence for audit and assessment activities, including FISMA and related internal/external reviews.

- Support remediation planning and corrective actions for IAM-related findings, risks, and control deficiencies.

Operations, Automation, and Stakeholder Engagement

- Lead resolution of complex identity and access incidents, root causes, and recurring control gaps across hybrid enterprise environments.

- Drive automation of identity provisioning, deprovisioning, policy enforcement, and reporting using approved scripting and platform-native capabilities.

- Collaborate with security, cloud, endpoint, and service management teams to implement and sustain identity-dependent controls.

- Provide strategic guidance to government stakeholders on IAM roadmap priorities, modernization sequencing, and operational risk tradeoffs.

Required Qualifications

- Citizenship/Work Authorization: Must meet contract requirements. 

- Clearance: Ability to obtain and maintain SEC Public Trust (or higher if required). 

- Education: Bachelor's degree in Information Technology, Cybersecurity, Computer Science, Engineering, or a related field.

Experience:

- Minimum 8 years of experience in identity and access management and/or cybersecurity roles supporting enterprise environments.

- Mandatory hands-on experience implementing and operating Microsoft Entra (Azure AD) and Microsoft ICAM capabilities.

- Advanced experience with MFA, conditional access, privileged access management, Entra Identity Governance, and integration with Microsoft 365 and enterprise applications.

- Strong understanding of compliance frameworks (NIST, ISO 27001, CISA SCuBA) and zero-trust principles.

Technical Skills:

- Microsoft Entra (Azure AD) and Microsoft ICAM

- Multifactor authentication (MFA), conditional access, RBAC, and privileged access/identity management (PIM/PAM)

- Entra Identity Governance and identity lifecycle management

- Microsoft 365 and enterprise application identity integration patterns

- Compliance and control frameworks: NIST, ISO 27001, CISA SCuBA

- Zero-trust architecture implementation and policy enforcement

Preferred Qualifications

- Experience leading IAM modernization initiatives in large federal or highly regulated enterprise environments.

- Prior delivery experience supporting SEC, financial regulatory, or similar mission-critical public sector organizations.

- Experience implementing phishing-resistant authentication (e.g., FIDO-aligned methods) and legacy authentication deprecation.

- Hands-on experience automating IAM operations with scripting/automation tooling and integrating identity controls into DevSecOps workflows.

- Proven track record supporting audit remediation, corrective action plans, and executive-level IAM risk reporting.

- Microsoft Certified: Identity and Access Administrator Associate (SC-300), CISSP, CISM.

WORK ENVIRONMENT / OTHER

Operational Support: May require participation in on-call or surge support activities depending on operational needs. 

Location: Telework 

Travel: As required per contract direction.

If you're looking for comfort, keep scrolling. At Leidos, we outthink, outbuild, and outpace the status quo — because the mission demands it. We're not hiring followers. We're recruiting the ones who disrupt, provoke, and refuse to fail. Step 10 is ancient history. We're already at step 30 — and moving faster than anyone else dares.

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.