Information Technology Expert (Identity and Access Management Expert), Grade N32

Job Description

Company: Montgomery County (MD)

Please note: The salary range above represents this position’s earning potential. The anticipated hiring range for this position will be $111948.00 to $178,116.00, based on the candidate’s qualifications and experience.

WHO WE ARE
The Department of Technology and Enterprise Business Solutions (TEBS) delivers responsive, collaborative, and innovative technology solutions that enable efficient services across all branches of government. TEBS provides high-quality, cost-effective technology and consulting services that reduce service times, lower costs, enhance information security, and improve the overall quality of County services through automation and process optimization. In addition, TEBS leads business process reengineering efforts to modernize legacy workflows and streamline services for our customers. By leveraging industry-leading platforms and emerging AI-driven tools, TEBS ensures a secure, modern, and collaborative digital environment that supports the County’s strategic goals.

WHO WE ARE LOOKING FOR
TEBS is seeking an Information Technology Expert (Identity and Access Management- IAM), Grade N32, to architect and manage secure identity platforms that support employees, contractors, partners, and external users across enterprise applications and cloud services.
This role will drive enterprise authentication modernization initiatives, including SSO integrations, identity governance, lifecycle automation, MFA, access certifications, and zero-trust security architecture. Duties include:
• Design and implement the enterprise Identity and Access Management (IAM) architecture, standards, and strategic roadmap, including modernization of legacy authentication platforms to cloud-native identity solutions
• Develop scalable identity strategies for both internal and external identity use cases, covering authentication, authorization, federation, and identity lifecycle management
• Provide ongoing operational support, maintenance, incident resolution, and lifecycle management for enterprise applications integrated with the IAM ecosystem across production and non-production environments
• Troubleshoot and resolve authentication, authorization, provisioning, federation, token, session, and access-related issues, including root-cause analysis, upgrades, certificate renewals, and platform migrations
• Implement, administer, and support enterprise IAM platforms, including Microsoft Entra ID, Azure AD B2C, Oracle Cloud Infrastructure Identity and Access Management, SailPoint, IdentityNow, Active Directory, ApereoCAS, and OpenDJ
• Configure and manage authentication policies, Conditional Access, MFA, passwordless authentication, RBAC, and hybrid identity integrations across on-premises and cloud platforms using tools such as Apache Airflow, Azure Functions, and Logic Apps
• Design, implement, and support enterprise Single Sign-On (SSO) and federation solutions using SAML 2.0, OAuth 2.0, OpenID Connect, WS-Federation, and LDAP / LDAPS
• Integrate and support enterprise applications, including SaaS platforms, Oracle applications, and custom-developed applications, while resolving federation, claims mapping, redirect, and end-user session issues
• Implement and manage Identity Governance and Administration (IGA) workflows using SailPoint, IdentityNow, including joiner/mover/leaver processes, access approvals, role models, certification campaigns, remediation workflows, and Segregation of Duties (SoD) controls
• Support Zero Trust identity initiatives, regulatory compliance, audit controls, access reviews, privileged access management, audit logging, and least-privilege security models

Telework: This position may be eligible for limited hybrid telework, up to two days per week, after the initial training period.
A criminal background (and credit history) check will be conducted on the selected candidate prior to appointment and will be a significant factor in the hiring decision.
Education:Master’s degree in computer science, Information Systems, Cybersecurity, Information Technology, or a related field from accredited college or university.Experience:
Identity and Access Management Experience
• Six (6) years of experience in Identity and Access Management (IAM), cybersecurity, identity engineering, and application integration

• Proven success integrating SaaS, Oracle, custom-developed, and legacy applications with enterprise IAM platforms

• Hands-on support of production IAM-integrated enterprise applications

• Experience working across cloud, hybrid, and on-premises identity environments

IAM and Technical Expertise
• Extensive experience designing, implementing, integrating, and supporting enterprise IAM solutions. Strong technical proficiency with:
• Microsoft Entra ID

• Azure AD B2C

• Oracle Cloud IAM

• SailPoint IdentityNow

• Active Directory

• Familiarity with open-source identity tools, including Apereo CAS and OpenDJ

Integration and Security
• Strong background integrating enterprise applications using SSO, federation, and identity governance frameworks

• Working knowledge of key authentication and federation protocols:
• SAML 2.0

• OAuth 2.0

• OpenID Connect (OIDC)

• LDAP / LDAPS

Communication: Strong written and verbal communication skills

Equivalency: An equivalent combination of education and experience may be substituted.

PROBATIONARY PERIOD: Individuals appointed to a position in this class will be required to serve a probationary period of twelve (12) months and, if promoted to a position in this class, will be required to serve a probationary period of six (6) months. Performance will be carefully evaluated during the probationary period. Continuation in this class will be contingent upon successful completion of the probationary period.

Medical Protocol: This position requires successful completion of a pre-employment medical evaluation, which includes a physical examination and drug screening.

All Applicants will be reviewed by the Office of Human Resources (OHR) for minimum qualifications. Those applicants who meet minimum qualifications will be rated “Qualified,” placed on the Referred List, and may be considered for an interview. Preference for interviews will be given to applicants with experience in the following:
• Experience in designing and implementing enterprise IAM architecture, standards, and strategic roadmaps.
• Experience in modernizing legacy authentication platforms into cloud-native identity solutions.
• Strong working knowledge of Microsoft Entra ID, Azure AD B2C, Oracle Cloud Infrastructure Identity and Access Management, SailPointIdentityNow, Active Directory,ApereoCAS, andOpenDJ.
• Strong knowledge of SAML 2.0, OAuth 2.0, OpenID Connect, WS-Federation, LDAP / LDAPS, including troubleshooting token and claims issues.
• Experience implementing joiner, mover, leaver workflows, access approvals, certification campaigns, role-based access models, andSoDcontrols.
• Strong understanding of Zero Trust, least-privilege access, privileged access controls, audit logging, and regulatory compliance requirements.
• Experience providing production support, incident resolution, root-cause analysis, upgrades, certificate renewals, and platform migrations.
• Experience integrating on-premises and cloud identity systems, including directory synchronization and hybrid access models.
• Strong ability to diagnose and resolve complex authentication, federation, provisioning, and access-related issues.
• Ability to work effectively with business teams, application owners, infrastructure teams, vendors, and leadership

Source: GovernmentJobs.com