We are GDIT. A global technology and professional services company that delivers consulting, technology and mission services to every major agency across the U.S. government, defense and intelligence community. Our 30,000 experts extract the power of technology to create immediate value and deliver solutions at the edge of innovation. We operate across 50 countries worldwide, offering leading capabilities in digital modernization, AI/ML, Cloud, Cyber and application development. Together with our clients, we strive to create a safer, smarter world by harnessing the power of deep expertise and advanced technology.
AWS Cloud Security and ICAM Specialist
Location
United States
Posted
14 days ago
Salary
$153K - $207K / year
Seniority
Mid Level
Job Description
AWS Cloud Security and ICAM Specialist
LED FastStart
Role Description The AWS Cloud Security and ICAM Specialist supports the Case Management Modernization (CMM) Program for the Administrative Office of the U.S. Courts (AO) by designing, implementing, and managing secure authentication and authorization frameworks across modernized cloud-based applications. This role ensures compliance with federal identity governance, FedRAMP, and Zero Trust Architecture (ZTA) principles within an AWS environment. The ICAM Specialist collaborates with architecture, security, and DevSecOps teams to ensure access control, identity federation, and credential management are integrated seamlessly across all layers of the CMM application ecosystem. - Design and maintain the ICAM architecture for identity, access, and authentication management across AWS-hosted CMM applications and other legacy ICAM. - Implement federated identity and single sign-on (SSO) solutions using modern protocols (SAML, OAuth2.0, OIDC). - Collaborate with Cloud and Security Architects to enforce Zero Trust Architecture (ZTA) across microservices and APIs. - Configure and maintain directory services and identity providers (e.g., AWS Cognito, AWS IAM Identity Center, Azure AD, IBM Verify, Key Cloak). - Deep experience integrating KeyCloak as a broker IdP federating upstream enterprise IdPs while issuing downstream OIDC token to application. - Design ICAM brokerage solutions and support compliance assessments, ensuring adherence to FISMA, NIST 800-63, and FedRAMP security controls. - Develop and document identity lifecycle management processes — provisioning, deprovisioning, and access reviews. - Design and implement least privileged roles, groups, functionalities based on ZTA for both privileged and non-privileged users for a FedRAMP High system. - Experience defining workflow, rules, policies within ICAM tools particularly IBM Verify and Key Cloak. - Conduct access audits, user entitlement reviews, and anomaly detection to ensure least-privilege compliance. - Provide subject matter expertise in identity federation, PKI, certificate management, and secure API authorization. - Design strategies for logging, monitoring and auditing authentication and authorization related events in combination with other AWS event logs. - Design and implement storage level, microservice level Authentication and Authorization. - Support ATO process by providing solutions to all security controls, document implementation plan, maintain Visio diagrams. - Participate in design sessions and work closely with the security lead. - Collaborate with DevSecOps teams to embed ICAM policies within CI/CD pipelines and Infrastructure-as-Code (IaC) templates. - Direct and lead Pen testing, Review architecture diagrams produced by different teams. - Independently lead design and implement of vulnerability management. - Heavily participate in ATO activity. - Lead and direct engineering team. Deliverable Alignment & Performance Outcomes - Architecture Diagrams: Depicting identity flow, federation, and integration points with AWS and CMM systems. - Access Control Documentation: Policies, RBAC models, and credential management workflows. - Compliance Verification Reports: Audit results aligned to NIST 800-63, FedRAMP, and FISMA standards. - Zero Trust Implementation Artifacts: Documentation and verification of ZTA enforcement within system components. - Performance Outcomes: - 100% of CMM applications integrated with SSO and MFA. - Zero unauthorized access incidents attributable to configuration error. - 100% compliance with NIST and FedRAMP ICAM control requirements. - Reduced account provisioning time by ≥30% through automation. Tools & Technologies - IAM & Federation: Key Cloak, Okta. - Access & Compliance: SailPoint, CyberArk, HashiCorp Vault. - Cloud: AWS IAM, KMS, CloudTrail, Lambda. - Protocols: SAML, OAuth2.0, OIDC, SCIM. - Monitoring & Audit: Splunk. - Collaboration: Jira, Confluence, SharePoint, MS Teams. Qualifications - Bachelor’s Degree in Cybersecurity, Information Systems, or related discipline required; Master's Degree preferred. - 10+ years of experience in identity and access management, including 8+ years in cloud-based federal environments required; 12+ years of experience in information systems preferred. - Hands-on experience with Key Cloak and AWS IAM Identity Center for SSO and MFA implementations. (IBM Verify a plus). - Strong knowledge of identity federation protocols (SAML, OAuth2.0, OIDC, SCIM) and modern authentication flows. - Expertise with RBAC/ABAC frameworks, policy-based access control, and least-privilege enforcement. - Familiarity with NIST 800-63, FISMA, FedRAMP, and ZTA standards and compliance frameworks. - Experience implementing ICAM solutions in Agile and DevSecOps environments. - Working knowledge of PKI, digital certificates, and encryption technologies. - Strong analytical and troubleshooting skills with ability to resolve identity integration issues. - Experience with AWS Container Security and Network Security (preferred, not required). - Expert in designing logging and monitoring system by correlating events from several AWS and ICAM system. - Experience supporting federal digital modernization or judiciary IT programs. - Familiarity with Zero Trust Architecture and micro segmentation principles. - Exposure to API gateway authentication (Kong, Apigee, AWS API Gateway). - Experience integrating identity governance tools (SailPoint, Saviynt). - Excellent presentation and communication skills. - Consultant mindset with the ability to work with high level customer stakeholders and build excellent customer relationship. - Experience identifying and applying industry tools, solutions, methods best practices, and emerging technologies. - Strong analytical skills and problem-solving skills with the ability to formulate and communicate recommendations for improvement. - Demonstrated ability to work effectively, independently, and as part of a team. Certification(s) - Certified Information Systems Security Professional (CISSP) - preferred. - AWS Certified Security – Specialty or Azure Identity & Access Administrator – preferred. - Certified Identity and Access Manager (CIAM) or Certified Identity Professional (CIP) – beneficial. - SAFe Practitioner (SPC/SSM) – a plus. Location - Remote. Salary Information The likely salary range for this position is $153,000 - $207,000. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range. Benefits - Medical plan options, some with Health Savings Accounts. - Dental plan options. - Vision plan. - 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match. - Full flex work weeks where possible. - Variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave. - 15 days of paid leave per calendar year to be used for vacations, personal business, and illness. - 10 paid holidays per year. - GDIT Paid Family Leave program provides a total of up to 160 hours of paid leave in a rolling 12 month period for eligible employees. - Short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance.
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
IT Senior Manager - Information Security Office
Enterprise HoldingsEnterprise Mobility is North America’s largest rental car company, offering locations within 15 miles of 90% of the U.S. population. As an employer, Enterprise is proud to offer
Title: IT Senior Manager - Information Security Office Location: Saint Louis MO United States Category Technology - All Other Positions Job ID 2026-549327 Job Description: Overview Enterprise Mobility is a leading provider of mobility solutions, owning and operating the Enterprise Rent-A-Car, National Car Rental and Alamo Rent A Car brands through its integrated global network of independent regional subsidiaries. Enterprise Mobility and its affiliates offer extensive car rental, carsharing, truck rental, fleet management, retail car sales, as well as travel management and other transportation services, to make travel easier and more convenient for customers. Privately held by the Taylor family of St. Louis, Enterprise Mobility together with its affiliate Enterprise Fleet Management manages a diverse fleet of 2.4 million vehicles and accounted for nearly $39 billion in revenue through a network of more than 9,500 fully-staffed neighborhood and airport rental locations in more than 90 countries and territories. At the center of it all, our dedicated IT teams innovate, design and develop the technology that is redefining how customers rent, buy and share vehicles from our family of brands. Here, you will be part of a diverse and talented team that creates and delivers powerful technology solutions for our customers and employees across the world with the resources and support to develop in a variety of career paths. As an Enterprise Mobility team member, we offer an excellent package with market-competitive pay, comprehensive healthcare packages, 401k matching & profit sharing, schedule flexibility, work from home opportunities, paid time off, and organizational growth potential. This position offers the opportunity to work fully remote within the United States (except for Alaska and/or Hawaii). Team members who choose virtual / remote work should have an adequate space to serve as their home office, and must be able to work a schedule within U.S. Central Standard Time core business hours. This position will require employees to come on site to one of our St. Louis campus locations a few times per year for meetings/events or as needed. #LI-REMOTE Responsibilities The Information Security Office is seeking an experienced IT Senior Manager to lead our organization's internal Penetration Testing team, responsible for proactively identifying security vulnerabilities, emulating real-world threats, and strengthening the organization's cybersecurity posture. As an IT Senior Manager, you will have the opportunity to lead and grow high-performing technical professionals, oversee enterprise testing initiatives, communicate insights that inform strategic security decisions, and partner with technology and business teams to drive measurable security improvements. Candidates must have a strong cybersecurity background and understand offensive security methodologies. Success in this role is defined by the leader's ability to continuously develop the penetration testing team, drive ongoing improvement across offensive security processes, and deliver clear, actionable communication to internal and external stakeholders. The ideal candidate is detail‑oriented with strong communication, critical‑thinking, and collaboration skills; has a solid grasp of security frameworks and enterprise IT; and can interpret adversarial techniques, vulnerabilities, and threats. The successful candidate will be an influential leader who is comfortable guiding teams through change, supporting senior leadership with credible technical and security expertise, has a proven ability to achieve strategic goals, and can effectively articulate risk in ways that drive informed decisions. Additional Responsibilities: - Develop and maintain an ongoing comprehensive penetration testing strategy and roadmap aligned with departmental priorities, enterprise IT initiatives, business objectives, and the evolving threat landscape. - Define and track KPIs, identify optimization opportunities, and continuously improve team processes and methodologies. - Produce executive‑level reporting that clearly communicates trends, key risks, and overall program maturity. - Oversee penetration testing activities across EM, including project planning, execution oversight, reporting, and stakeholder communication to ensure high‑quality results and timely delivery. - Drive automation, process optimization, and tooling enhancements to continually strengthen the penetration testing program. - Stay current on security trends and provide expert guidance on emerging threats, attacker techniques, and mitigation strategies. - Lead and mentor a team of security engineers, providing technical guidance, career development, and performance management - Foster a culture of continuous learning, technical excellence, and responsible testing practices - Build strong relationships across our Global IT teams to ensure consistency, transparency, and best practices Knowledge, Skills, & Abilities: - Demonstrate exceptional communication and presentation skills, with the ability to translate technical findings into clear, actionable recommendations for diverse audiences. - Exhibit strong time‑management, organizational skills, and keen attention to detail in a fast‑paced environment. - Demonstrated ability to manage operations while driving and implementing strategic change simultaneously - Working knowledge of MITRE ATT&CK, NIST CSF, and other security frameworks - Strong understanding of network security, application security, cloud security, and authentication mechanisms. - Strong understanding of adversarial techniques, vulnerability exploitation, and modern attack vectors - Must have a demonstrated track record of successfully collaborating across the IT organization to achieve business objectives. - Superb relationship management skills, specifically related to leading change, with the ability to create a non-adversarial atmosphere and be viewed as a partner Equal Opportunity Employer/Disability/Veterans Qualifications Required: - Must be presently authorized to work in the U.S. without a requirement for work authorization sponsorship by our company for this position now or in the future - Must reside in the United States (does not include Alaska or Hawaii) - Must be committed to incorporating security into all decisions and daily job responsibilities - 8+ years of related experience (can include a combination of experience in Information Technology, Information Security, and/or leadership) - 4+ years of experience leading cybersecurity functions within large organizations, with responsibility for team performance, strategic direction, and stakeholder engagement - 3+ years of experience of offensive security or penetration testing Preferred: - Bachelor's degree in Computer Science, Computer Information Systems, Management Information Systems, or related field preferred - Experience with common penetration test tools (e.g., Burp Suite, Metasploit, Cobalt Strike, Kali Linux, BloodHound, etc.) is preferred - Experience building or maturing an internal penetration testing or red team program - Certified Information Systems Security Professional (CISSP) or other related security certifications preferred
• Lead, coach, and develop the Infrastructure Security team, ensuring clear ownership, accountability, and strong execution • Define and drive the Infrastructure Security strategy, roadmap, standards, and operating model. • Prioritize team initiatives based on security risk, business impact, engineering capacity, and regulatory requirements • Guide security across infrastructure environments, including cloud platforms, Kubernetes, endpoints, privileged access management, remote access, and vulnerability management • Build scalable processes for risk prioritization, remediation tracking, and cross-functional collaboration • Partner with Engineering, Product, Infrastructure, and Security teams to integrate security early and improve execution • Communicate infrastructure security risks, priorities, trade-offs, and progress clearly to technical teams and leadership
Field CISO
HeroDevsAt HeroDevs, we believe in the power of diversity, equity, and inclusion to drive innovation, creativity, and success. We are committed to creating a workplace that embraces and celebrates individual differences. We encourage people of all backgrounds and experiences to apply.
Role Description We are hiring a Field CISO to be the public voice of HeroDevs in the AppSec and security-leadership community. - Lead the category conversation externally - Speak at major events such as RSA, Black Hat, BSides, OWASP Global, and regional CISO summits. - Publish original thought leadership: essays, research-backed reports, points of view. - Convene a CISO and AppSec advisory council and host an in-person dinner program in top metros. - Sell from the front by partnering with AEs and CRO on strategic accounts. - Translate value for prospects connecting EOL OSS exposure to metrics their boards track. - Pressure-test our positioning and product with insights from the buyer's perspective. - Coach the field by training AEs, SEs, and CSMs on engaging with security leaders. Qualifications - An AppSec or security leader with experience in application security, product security, or a significant portion of a security program. - Active voice in the community with an audience of practitioners. - Operator credibility from having done the work. - Commercially fluent, able to hold executive conversations. - Builder’s temperament, energized by ambiguity and willing to define a category. Requirements - Recent experience in a respected company, likely as CISO, Deputy CISO, VP or Head of AppSec, or VP or Head of Product Security. - Comfortable being the named, attributable face of a point of view. - Authority comes from practical experience. - Ability to partner cleanly with a sales team. Benefits - Executive-level base plus meaningful equity. - No quota; measures include category leadership, influenced pipeline, and internal leverage. Logistics - Reports to: CEO - Location: Remote, US-based with 30 to 40 percent travel for events, customer meetings, and team offsites. How to apply Send a short note. Skip the cover letter. Tell us why this problem is worth your attention right now. Include a link or two to something you have published or a talk you have given that you are proud of. We read everything. We move fast on the right people. At HeroDevs, we believe in the power of diversity, equity, and inclusion to drive innovation, creativity, and success. We are committed to creating a workplace that embraces and celebrates individual differences. We encourage people of all backgrounds and experiences to apply.
Security Account Executive – Perimeter Guard Sales
Interface SystemsManaged Business Security, Business Intelligence, and Purpose-Built Managed Network and Voice Solutions
• Drive new business development by prospecting and selling Virtual Perimeter Guard to commercial businesses. • Execute a high-volume, high-activity sales process including outbound calls, field visits, and product demonstrations. • Build rapport and win new customer opportunities quickly. • Deliver persuasive presentations and articulate clear business cases for adopting Interface’s Virtual Perimeter Guard solution. • Collaborate with Marketing, Product, and Revenue Operations teams to align sales efforts with product launches and campaigns. • Track and analyze key metrics including pipeline health, activity levels, win/loss rates, and quota attainment. • Consistently achieve or exceed monthly, quarterly, and annual sales targets.
