Identity Access Management Specialist Senior

The Identity Access Management Specialist Senior supports SEC OIT under the ISS contract by designing, implementing, and operating enterprise identity and access capabilities across cloud and enterprise environments. This role leads hands-on engineering and sustainment of Microsoft Entra (Azure AD) and Microsoft ICAM-aligned solutions to ensure secure authentication, authorization, and lifecycle identity management. The position is responsible for enforcing Zero Trust access controls, including MFA, conditional access, RBAC, and privileged access governance, while integrating IAM services with business and technical systems. The role also supports continuous compliance and audit readiness through SOP-driven operations, control evidence, and remediation of security findings. Success in this role is measured by sustained access control compliance, timely audit finding closure, and reliable IAM service performance.

Primary Responsibilities

Identity Platform Engineering

- Design, implement, and manage enterprise IAM architecture supporting secure authentication and authorization across SEC systems.

- Administer Microsoft Entra services, including Entra ID and Entra Identity Governance, and related identity components.

- Implement and maintain identity lifecycle processes (joiner/mover/leaver), directory services, and secure account provisioning/deprovisioning.

- Lead IAM integration with enterprise applications and cloud services to deliver scalable, policy-driven access.

Access Governance and Privileged Access Management

- Implement and manage role-based access control (RBAC) to enforce least-privilege access.

- Configure and maintain MFA, conditional access policies, and privileged access management controls.

- Support governance workflows to sustain access appropriateness and policy compliance.

- Oversee policy enforcement for group management, account changes, and access expiration activities.

Zero Trust Security and Operations

- Apply Zero Trust identity controls in alignment with SEC ISS requirements and federal guidance, including OMB M-22-09 principles.

- Support secure authentication modernization, including removal of legacy methods and enforcement of strong access controls.

- Coordinate with infrastructure, endpoint, and security teams to validate device/user compliance and enforce access decisions.

- Provide advanced troubleshooting for complex authentication, authorization, and federation/integration issues.

Compliance, Audit, and Service Delivery

- Maintain IAM SOPs, runbooks, and technical documentation to support ATO sustainment and consistent operations.

- Support audit activities by producing control artifacts, resolving findings, and tracking corrective actions.

- Monitor IAM platform health, service performance, and security events; drive timely incident response and remediation.

- Deliver status reporting, risk updates, and continuous improvement recommendations to stakeholders.

Required Qualifications

Citizenship/Work Authorization: Must meet contract requirements. 

Clearance: Ability to obtain and maintain SEC Public Trust (or higher if required).

Education: Bachelors in a relevant field (e.g., Information Technology, Computer Science, Engineering).

Experience:

- Minimum 8 years of experience in IAM or cybersecurity roles (typically within a 7-10 year IAM/cybersecurity background).

- Mandatory hands-on experience with Microsoft Entra (Azure AD) and Microsoft ICAM (Identity Credential and Access Management) solutions.

- Demonstrated experience implementing identity governance, MFA, conditional access, privileged access management, and integration with enterprise applications.

Technical Skills:

- Microsoft Entra (Azure AD) and Microsoft ICAM solution implementation and operations.

- Entra Identity Governance, MFA, Conditional Access, RBAC, and privileged access management.

- Secure authentication and authorization design across enterprise systems.

- IAM policy administration, platform operation and maintenance, and advanced IAM troubleshooting.

- Knowledge of compliance frameworks: NIST, CISA SCuBA, and ISO 27001.

Preferred Qualifications

- Experience supporting a federal civilian agency IT environment, preferably SEC or similarly regulated mission environments.

- Experience implementing and operationalizing CISA SCuBA-aligned controls in Microsoft 365 GCC.

- Experience integrating IAM controls with enterprise ticketing/workflow platforms (e.g., ServiceNow) and change management processes.

- Proven ability to lead IAM modernization initiatives aligned to Zero Trust architecture and cloud adoption.

- Experience mentoring junior IAM engineers and leading cross-functional technical efforts during incidents and audit remediation.

- Microsoft Certified: Identity and Access Administrator Associate (SC-300)

- Microsoft Certified: Cybersecurity Architect Expert (SC-100)

- CISSP

WORK ENVIRONMENT / OTHER

Operational Support: May require participation in on-call or surge support activities depending on operational needs. 

Location: Telework 

Travel: As required per contract direction.

If you're looking for comfort, keep scrolling. At Leidos, we outthink, outbuild, and outpace the status quo — because the mission demands it. We're not hiring followers. We're recruiting the ones who disrupt, provoke, and refuse to fail. Step 10 is ancient history. We're already at step 30 — and moving faster than anyone else dares.

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.