We are currently seeking a motivated, career and customer oriented Identity, Credential, and Access Management (ICAM) Lead to join our team in Rockville, MD to begin an exciting and challenging career with Unisys Federal Systems.
In this role you will provide hands on practical experience to design, implement, and support both the technical and managerial aspects of cloud enterprise computing environments. Specialties to include: storage architectures, database application development, knowledge management and search, wireless and mobile devices; and secured VoIP, e-mail, and instant messaging services.
Duties/Tasks and Responsibilities:
Provide ongoing technical expertise for the agency’s identity, credential, and access management mechanisms that identify, authenticate, and authorize individuals and technical services to enable appropriate access to resources in a standardized and interoperable manner.
The ICAM Program provides a comprehensive approach that represents the intersection of the three major pillars of ICAM.
From an Identity Management perspective, the NRC employs a combination of technology, rules and procedures for assigning attributes to a digital identity, associating the digital identity to an individual (staff and contractors), and managing the digital identity throughout its life cycle. The NRC recently implemented SailPoint IdentityIQ as a key component of its Identity Management solution stack. Currently within the Agency, identity attributes are transitioning from legacy silo repositories within each technology system or application maintaining its own records. The Agency recognizes that this legacy approach perpetuates complexity and redundancy in user life cycle management, securing PII, and data exchange.
From a Credential Management perspective the Agency also manages the lifecycle of a credential (authoritatively binds an identity to a token possessed and controlled by a person), including identity proofing, credential selection, issuance, monitoring, updating, revocation, and termination of the credential. To support this, the NRC operates a multi-level Managed Public Key Infrastructure (MPKI) facility from Symantec that includes PIV and SSL credentials. This facility supports Public Key Infrastructure (PKI) certificate issuance and validation. Through a hierarchical Certificate Authority (CA) structure, this facility is capable of creating and managing PKI certificates designed for different purposes (e.g. authentication, digital signature, and encryption).
The NRC also currently supports external partner ICAM requirements by providing PKI credentials compliant with the Federal Bridge Certificate Policy at the Rudimentary assurance level. These credentials are used by partners to access NRC public-facing applications and to digitally-sign electronic submissions. The Agency has also implemented non-PKI credentials in the form of One-Time Password (OTP) tokens from Symantec VIP to extend its remote authentication capabilities to a diverse set of platforms including personally owned devices such as smart phones and tablets.
From an Access Management perspective, the NRC manages how individuals are granted logical access to its networks and systems as well as access to physical locations such as a building, parking lot, garage, or office. Access to both support and mission-focused systems at the NRC is typically granted at the application level. Logical Access Control Systems (LACS) are built-in with individual application access mechanisms. The current LACS implementations at the NRC are not centrally managed or provisioned. In some cases, application owners across the NRC enterprise continue to maintain user IDs and passwords, whereas others have fully adopted the use of Active Directory credentials. Access to the NRC enterprise network is controlled through a Windows logon that has been integrated with the PIV Card, enabling users to authenticate using the traditional username and password or by using their PIV Card and PIN.
The NRC also maintains a centralized Physical Access Management system, and has started integrating it with the PCI system. This integration allows the NRC to automatically provision users with general access at PIV Card issuance time. The NRC is also following NIST SP 800-116 and applying its guidance to NRC controlled facilities. As previously stated, the NRC uses the PIV card for physical access. Currently, a partial Card Holder Unique Identifier (CHUID), as defined in the NIST standards, is used as the authentication factor on PIV cards to grant physical access to NRC staff and contractors. Some locations throughout the NRC require that the PACS PIN be provided as well, as an additional authentication factor.
Responsible for working directly with the NRC to maintain and incrementally improve their respective support areas.
Participate in direct operational delivery of services as well as act as Lead resource.
U.S. CITIZENSHIP REQUIRED
Education/Experience: Master’s Degree and 15+ years of relevant experience in new and related older technology that directly relates to the required area of expertise.
Possess requisite knowledge and expertise so recognized in the professional community that the Government is able to quality the individual as an expert in the field for an actual task order.
Experience with Sailpoint IdentityIQ
Experience with multi-level Managed Public Key Infrastructure (MPKI) facility from Symantec that includes PIV and SSL credentials is desired.
Experience with SailPoint and Symantec.
Experience successfully interpreting and applying FIPS 201, HSPD-12, OMB memorandums, NIST publications, and CIO Council papers to active ICAM services covering more than 5,000 users spread throughout the United States
A high level of experience and skill in ICAM.
Experience with multiple ddevelopment methods and practices, specifically Agile and DevOps.
Java, Python, C/C++, Windows, Unix (Linux, Solaris)
Prefer: Nuclear Regulatory Commission experience, Rational Jazz, AIX, HPUX experience
Do you have what it takes to be mission critical?
Your skills and experience could be mission critical for our Unisys team supporting the Federal Government in their mission to protect and defend our nation, and transform the way government agencies manage information and improve responsiveness to their customers. As a member of our diverse team, you’ll gain valuable career-enhancing experience as we support the design, development, testing, implementation, training, and maintenance of our federal government’s critical systems.
Apply today to become mission critical and help our nation meet the growing need for IT security, improved infrastructure, big data, and advanced analytics.
Unisys is a global information technology company that solves complex IT challenges at the intersection of modern and mission critical. We work with many of the world's largest companies and government organizations to secure and keep their mission-critical operations running at peak performance; streamline and transform their data centers; enhance support to their end users and constituents; and modernize their enterprise applications. We do this while protecting and building on their legacy IT investments. Our offerings include outsourcing and managed services, systems integration and consulting services, high-end server technology, cybersecurity and cloud management software, and maintenance and support services. Unisys has more than 23,000 employees serving clients around the world.
Unisys offers a very competitive benefits package including health insurance coverage from first day of employment, a 401k with an immediately vested company match, vacation and educational benefits. To learn more about Unisys visit us at www.Unisys.com.
Unisys is an Equal Opportunity Employer (EOE) - Minorities, Females, Disabled Persons, and Veterans.