IAM Architect
Job Title: Tech Lead - IAM/RAS Architecture | Hybrid | DC
Key Responsibilities:
Lead overall IAM/RAS architecture, operations, and roadmap at NIH.
Manage and enhance Broadcom Layer7 API Gateway RBE implementation as the OAuth/OIDC Secure Token Service (STS).
Maintain and integrate AAA/Federation services using CA SiteMinder, Shibboleth, and SPS.
Oversee directory and identity data services across VDS, AD, LDS, and MySQL environments.
Lead the design and development of AKS (Azure Kubernetes Services) clusters to support scalability and resiliency.
Devise secure networking solutions including Private Link, on-prem DNS resolution, and VPN tunnels with redundancy and high availability.
Architect and implement Secure OAuth/OIDC solutions adhering to RFC 8705, leveraging mTLS and certificate-bound tokens.
Use Google Cloud Platform CAS (Certificate Authority Service) to issue and manage client certificates securely for mTLS-based authentication.
Build real-time observability pipelines by streaming logs from Google Cloud Platform CAS, Azure DevOps, Layer7, etc., to Azure Event Hubs and ingesting them into on-prem Splunk.
Design and implement 6 new RAS environments in alignment with CISA TIC 3.0 and Zero Trust Architecture principles using:
Azure ExpressRoute
Cloud-native security stack
Terraform (Infrastructure as Code)
Azure CNI Overlay Networking for optimal IP management.
Conduct PoC and performance evaluations for Azure-native Load Balancers to replace legacy F5 BigIP:
Selected Azure App Gateway (with WAF & mTLS support) paired with Traffic Manager for multi-region load balancing and DDoS protection.
Qualifications:
8+ years of progressive experience in Identity & Access Management, Cloud Architecture, and Network Security.
Proven expertise in OAuth2.0, OIDC, SAML, mTLS, certificate-based auth, and Zero Trust frameworks.
Strong background in infrastructure automation (Terraform), container orchestration (AKS/Kubernetes), and hybrid networking (VPNs, ExpressRoute).
Experience with public cloud platforms: Azure, Google Cloud Platform.
Proficiency in log ingestion, event-driven architecture (Pub/Sub, Event Hubs), and SIEM integration.
Hands-on experience with enterprise identity solutions: SiteMinder, Shibboleth, SPS, Layer7, AD, VDS.
Ability to work across cross-functional teams, provide leadership, and mentor junior engineers.
Employers have access to artificial intelligence language tools (AI) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.
Report this job
Dice Id:
91120139
Position Id:
8687630
Job Title: Tech Lead - IAM/RAS Architecture | Hybrid | DC
Key Responsibilities:
Lead overall IAM/RAS architecture, operations, and roadmap at NIH.
Manage and enhance Broadcom Layer7 API Gateway RBE implementation as the OAuth/OIDC Secure Token Service (STS).
Maintain and integrate AAA/Federation services using CA SiteMinder, Shibboleth, and SPS.
Oversee directory and identity data services across VDS, AD, LDS, and MySQL environments.
Lead the design and development of AKS (Azure Kubernetes Services) clusters to support scalability and resiliency.
Devise secure networking solutions including Private Link, on-prem DNS resolution, and VPN tunnels with redundancy and high availability.
Architect and implement Secure OAuth/OIDC solutions adhering to RFC 8705, leveraging mTLS and certificate-bound tokens.
Use Google Cloud Platform CAS (Certificate Authority Service) to issue and manage client certificates securely for mTLS-based authentication.
Build real-time observability pipelines by streaming logs from Google Cloud Platform CAS, Azure DevOps, Layer7, etc., to Azure Event Hubs and ingesting them into on-prem Splunk.
Design and implement 6 new RAS environments in alignment with CISA TIC 3.0 and Zero Trust Architecture principles using:
Azure ExpressRoute
Cloud-native security stack
Terraform (Infrastructure as Code)
Azure CNI Overlay Networking for optimal IP management.
Conduct PoC and performance evaluations for Azure-native Load Balancers to replace legacy F5 BigIP:
Selected Azure App Gateway (with WAF & mTLS support) paired with Traffic Manager for multi-region load balancing and DDoS protection.
Qualifications:
8+ years of progressive experience in Identity & Access Management, Cloud Architecture, and Network Security.
Proven expertise in OAuth2.0, OIDC, SAML, mTLS, certificate-based auth, and Zero Trust frameworks.
Strong background in infrastructure automation (Terraform), container orchestration (AKS/Kubernetes), and hybrid networking (VPNs, ExpressRoute).
Experience with public cloud platforms: Azure, Google Cloud Platform.
Proficiency in log ingestion, event-driven architecture (Pub/Sub, Event Hubs), and SIEM integration.
Hands-on experience with enterprise identity solutions: SiteMinder, Shibboleth, SPS, Layer7, AD, VDS.
Ability to work across cross-functional teams, provide leadership, and mentor junior engineers.
Employers have access to artificial intelligence language tools (AI) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.
Report this job
Dice Id:
91120139
Position Id:
8687630
Job ID: 483821692
Originally Posted on: 7/3/2025
Want to find more Construction opportunities?
Check out the 177,795 verified Construction jobs on iHireConstruction
Similar Jobs
Sign Up for Job Alerts
