[Remote] AWS Cloud Infrastructure Engineer (Keycloak Specialty)
Note: The job is a remote job and is open to candidates in USA. General Dynamics Information Technology is a global technology and professional services company that delivers consulting, technology, and mission services to every major agency across the U.S. government. They are seeking an AWS Cloud Infrastructure Engineer (Keycloak Specialty) to support the Case Management Modernization Program by designing and managing secure authentication frameworks in a cloud environment, ensuring compliance with federal security principles.ResponsibilitiesDesign and maintain the identity architecture utilizing KeycloakImplement federated identity and single sign-on (SSO) solutions using modern protocols (SAML, OAuth2.0, OIDC)Collaborate with Cloud and Security Architects to enforce Zero Trust Architecture (ZTA) across microservices and APIsConfigure and maintain directory services and identity providers (e.g., AWS Cognito, AWS IAM Identity Center, Azure AD, IBM Verify, Key Cloak)Deep experience integrating KeyCloak as a broker IdP federating upstream enterprise IdPs while issuing downstream OIDC token to applicationDesign identity solutions and support compliance assessments, ensuring adherence to FISMA, NIST 800-63, and FedRAMP security controlsDevelop and document identity lifecycle management processesâprovisioning, deprovisioning, and access reviewsDesign and implement least privileged roles, groups, functionalities based on ZTA for both privileged and non-privileged users for a FedRAMP High systemExperience defining workflow, rules, policies within ICAM tools particularly IBM Verify and Key CloakConduct access audits, user entitlement reviews, and anomaly detection to ensure least-privilege complianceProvide subject matter expertise in identity federation, PKI, certificate management, and secure API authorizationDesign strategies for logging, monitoring and auditing authentication and authorization related events in combination with other AWS event logsDesign and implement storage level, microservice level Authentication and AuthorizationSupport ATO process by providing solutions to all security controls, document implementation plan, maintain Visio diagramsParticipate in design sessions and work closely with the security leadCollaborate with DevSecOps teams to embed ICAM policies within CI/CD pipelines and Infrastructure-as-Code (IaC) templatesDirect and lead Pen testing, Review architecture diagrams produced by different teamsIndependently lead design and implement of vulnerability managementLead and direct engineering teamSkills10 + years of related experienceBachelor's Degree in Cybersecurity, Information Systems, or equivalent experience requiredHands-on experience with KeyCloak and AWS IAM Identity Center for SSO and MFA implementationsStrong knowledge of identity federation protocols (SAML, OAuth2.0, OIDC, SCIM) and modern authentication flowsExpertise with RBAC/ABAC frameworks, policy-based access control, and least-privilege enforcementFamiliarity with NIST 800-63, FISMA, FedRAMP, and ZTA standards and compliance frameworksExperience implementing ICAM solutions in Agile and DevSecOps environmentsWorking knowledge of PKI, digital certificates, and encryption technologiesStrong analytical and troubleshooting skills with ability to resolve identity integration issuesExcellent presentation and communication skillsConsultant mindset with the ability to work with high level customer stakeholders and build excellent customer relationshipStrong analytical skills and problem-solving skills with the ability to formulate and communicate recommendations for improvementDemonstrated ability to work effectively, independently, and as part of a teamMaster's Degree12+ years of experience in information systemsExperience with AWS Container Security and Network SecurityExpert in designing logging and monitoring system by correlating events from several AWS and ICAM systemExperience supporting digital modernization or judiciary IT programsFamiliarity with Zero Trust Architecture and micro segmentation principlesExposure to API gateway authentication (Kong, Apigee, AWS API Gateway)Experience integrating identity governance tools (SailPoint, Saviynt)AWS Certified Solutions Architect - Associate or ProfessionalCertified Information Systems Security Professional (CISSP)AWS Certified Security â Specialty or Azure Identity & Access AdministratorCertified Identity and Access Manager (CIAM) or Certified Identity Professional (CIP)SAFe Practitioner (SPC/SSM)BenefitsA variety of medical plan options, some with Health Savings AccountsDental plan optionsA vision planA 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company matchFull flex work weeks where possibleA variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave15 days of paid leave per calendar year to be used for vacations, personal business, and illnessAn additional 10 paid holidays per yearPaid leave and paid holidays are prorated based on the employeeâs date of hireThe GDIT Paid Family Leave program provides a total of up to 160 hours of paid leave in a rolling 12 month period for eligible employeesShort and long-term disability benefitsLife, accidental death and dismemberment, personal accident, critical illness and business travel and accident insuranceCompany OverviewGeneral Dynamics Information Technology is an IT consulting company that specializes in cyber security, AI, and quantum computing. It is a sub-organization of General Dynamics. It was founded in 1999, and is headquartered in Falls Church, Virginia, USA, with a workforce of 10001+ employees. Its website is https://www.gdit.com/.