[Remote] AWS Cloud Infrastructure Engineer (Keycloak Specialty)
Note: The job is a remote job and is open to candidates in USA. GDIT is a global technology and professional services company that delivers consulting and technology services to major U.S. government agencies. They are seeking a Senior AWS Cloud Infrastructure Engineer specializing in Keycloak to support the Case Management Modernization Program by designing and managing secure authentication frameworks in a cloud environment while ensuring compliance with federal standards.ResponsibilitiesDesign and maintain the identity architecture utilizing KeycloakImplement federated identity and single sign-on (SSO) solutions using modern protocols (SAML, OAuth2.0, OIDC)Collaborate with Cloud and Security Architects to enforce Zero Trust Architecture (ZTA) across microservices and APIsConfigure and maintain directory services and identity providers (e.g., AWS Cognito, AWS IAM Identity Center, Azure AD, IBM Verify , KeyCloak)Deep experience integrating KeyCloak as a broker IdP federating upstream enterprise IdPs while issuing downstream OIDC token to applicationDesign identity solutions and support compliance assessments, ensuring adherence to FISMA, NIST 800-63, and FedRAMP security controlsDevelop and document identity lifecycle management processesâprovisioning, deprovisioning, and access reviewsDesign and implement least privileged roles, groups, functionalities based on ZTA for both privileged and non-privileged users for a FedRAMP High systemExperience defining workflow, rules, policies within ICAM tools particularly IBM Verify and KeyCloakConduct access audits, user entitlement reviews, and anomaly detection to ensure least-privilege complianceProvide subject matter expertise in identity federation, PKI, certificate management, and secure API authorizationDesign strategies for logging, monitoring and auditing authentication and authorization related events in combination with other AWS event logsDesign and implement storage level, microservice level Authentication and AuthorizationSupport ATO process by providing solutions to all security controls, document implementation plan, maintain Visio diagramsParticipate in design sessions and work closely with the security leadCollaborate with DevSecOps teams to embed ICAM policies within CI/CD pipelines and Infrastructure-as-Code (IaC) templatesDirect and lead Pen testing, Review architecture diagrams produced by different teamsIndependently lead design and implement of vulnerability managementLead and direct engineering teamSkillsBachelor's Degree in Cybersecurity, Information Systems, or equivalent experience required10+ years of experience in identity and access management, including 8+ years in cloud-based environments requiredHands-on experience with KeyCloak and AWS IAM Identity Center for SSO and MFA implementationsStrong knowledge of identity federation protocols (SAML, OAuth2.0, OIDC, SCIM) and modern authentication flowsExpertise with RBAC/ABAC frameworks, policy-based access control, and least-privilege enforcementFamiliarity with NIST 800-63, FISMA, FedRAMP, and ZTA standards and compliance frameworksExperience implementing ICAM solutions in Agile and DevSecOps environmentsWorking knowledge of PKI, digital certificates, and encryption technologiesStrong analytical and troubleshooting skills with ability to resolve identity integration issuesExpert in designing logging and monitoring system by correlating events from several AWS and ICAM systemExperience supporting digital modernization or judiciary IT programsFamiliarity with Zero Trust Architecture and micro segmentation principlesExperience identifying and applying industry tools, solutions, methods best practices, and emerging technologiesStrong analytical skills and problem-solving skills with the ability to formulate and communicate recommendations for improvementDemonstrated ability to work effectively, independently, and as part of a teamAWS Certified Solutions Architect - Professional | Amazon Web Services (AWS) - Amazon Web Services (AWS)Master's Degree12+ years of experience in information systemsIBM Verify a plusExperience with AWS Container Security and Network SecurityAWS Certified Solutions Architect - Associate or ProfessionalCertified Information Systems Security Professional (CISSP)AWS Certified Security â Specialty or Azure Identity & Access AdministratorCertified Identity and Access Manager (CIAM) or Certified Identity Professional (CIP)SAFe Practitioner (SPC/SSM)BenefitsA variety of medical plan options, some with Health Savings AccountsDental plan optionsA vision planA 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company matchFull flex work weeks where possibleA variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave15 days of paid leave per calendar year to be used for vacations, personal business, and illnessAn additional 10 paid holidays per yearPaid leave and paid holidays are prorated based on the employeeâs date of hireThe GDIT Paid Family Leave program provides a total of up to 160 hours of paid leave in a rolling 12 month period for eligible employeesShort and long-term disability benefitsLife, accidental death and dismemberment, personal accident, critical illness and business travel and accident insuranceCompany Overviewopportunitylouisiana is responsible for strengthening the state's business environment and creating a more vibrant Louisiana economy. It was founded in 1936, and is headquartered in Baton Rouge, Louisiana, USA, with a workforce of 51-200 employees. Its website is https://www.opportunitylouisiana.com/.