cFocus Software seeks an ICAM SME to join our program supporting the United States Citizenship and Immigration Services (USCIS). This position is 100% remote. This position requires a Public Trust clearance.
Qualifications:
- 5+ years of ICAM experience
- The ICAM Subject Matter Expert must have in-depth knowledge of federal ICAM standards and the Federal ICAM Roadmap and Implementation Guidance.
- The ICAM SME will need knowledge of the capabilities, strengths, and weaknesses of current commercial and open-source ICAM products.
- Experience with AWS, Azure, GCP identity services, PKI, certificate lifecycle management, identity governance, privileged access architectures, AD/LDAP, OAuth2, OIDC, SAML, DevSecOps.
- SME must be certified in one of the following recognized identity, access, and security certifications: Certified Identity and Access Manager (CIAM), Certified Information Systems Security Professional (CISSP), GIAC Defensible Identity and Access Management (GDA), Certified Access Management Specialist (CAMS), Comp TIA+ Security, or FICAM related training
Duties:
- Provide in-depth expertise on federal ICAM standards and the Federal ICAM Roadmap and Implementation Guidance.
- Advise government leadership on ICAM strategy, policy, implementation, best practices, and technology enhancements.
- Evaluate commercial and open-source ICAM products to recommend solutions that meet agency requirements.
- Support program governance, compliance, and integration across ICAM service areas (SSO, PAM, PKI, ePACS, OAuth/OIDC).
- Support development and operational sustainment of PIV-based authentication services and SSO integration.
- Implement ABAC and RBAC models for enterprise access control.
- Assist in deploying scalable authentication and authorization microservices.
- Provide guidance on CyberArk-based PAM solutions, credential vaulting, rotation, privileged session management, and multi-cloud privileged access governance.
- Support privileged access monitoring, auditing, and compliance with federal security standards.
- Lead technical PKI efforts including device certificate lifecycle management, Person-Centric PKI, and NPE PKI.
- Ensure compliance with DHS PKI Interface Specifications and COPG guidelines.
- Support Active Directory architecture, tiering, permissions, and cybersecurity best practices.
- Oversee account provisioning, de-provisioning, and identity lifecycle automation.
- Recommend and design new technology solutions aligned with ICAM modernization initiatives, cloud migrations, Zero Trust, and enterprise architecture.
- Support DevSecOps teams to implement secure ICAM features and integrations.
- Provide Tier 2+ SME support during system outages, degradation, and critical incidents involving SSO, PKI, PAM, AD, OAuth/OIDC, and physical access systems.
- Assist Duty Officers with severity determination, triage, root-cause analysis, and mitigation.
- Develop SOPs, training materials, system documentation, and technical guidance.
- Ensure compliance with DHS 4300A, OMB directives, Section 508, and audit requirements.
