SME Systems Engineer (ICAM)

GovCIO is currently hiring a highly experienced SME Systems Engineer to support critical Identity, Credential, and Access Management (ICAM) modernization activities for the U.S. Coast Guard (USCG). This technical role focuses on designing, engineering, and executing secure, identity-centric access control frameworks across legacy and modern enterprise architectures. This position will be located in Alexandria, VA, and will be a hybrid position.

The SME Systems Engineer /  ICAM Engineer will serve as a primary technical authority for the enterprise identity management and access control framework. Core responsibilities include:

• Lead the comprehensive engineering, technical planning, and execution of modernizing legacy access controls into robust ICAM solutions.
• Analyze and address all federation, authentication, authorization, and single sign-on (SSO) implications across enterprise networks.
• Configure, optimize, and manage enterprise-grade identity directories, authentication protocols, and Public Key Infrastructure (PKI) systems.
• Architect and implement secure identity lifecycle workflows, privilege management controls, and automated user provisioning frameworks.
• Design and deploy strict Zero Trust identity principles across all primary network hubs to eliminate unauthorized access paths.
• Develop custom technical interfaces and integration patterns required for identity compliance tracking across data tools.
• Conduct technical root cause analysis, privilege audits, and system performance tuning on active identity management nodes.
• Proactively identify security risks during identity platform migrations and design targeted engineering workarounds.
• Develop and maintain comprehensive technical documentation, architecture definitions, and detailed ICAM data flows.

High School with 10+ years (or commensurate experience)

Required Skills & Experience

• Certifications: DoD 8570 IAT Level II or higher (e.g., Security+ CE, CySA+, or vendor-specific identity certifications).
• Deep technical understanding of federated identity concepts, including SAML, OAuth, OIDC, and Active Directory / LDAP architecture.
• Hands-on engineering experience managing Smart Card / Common Access Card (CAC) authentication and PKI certificate validation.
• Proven experience designing and applying federal Zero Trust identity guidelines (NIST SP 800-207) within enterprise networks.

Clearance Level: Must have an active Secret clearance  

Preferred Skills & Experience

• Prior experience supporting U.S. Coast Guard (USCG) or Department of Homeland Security (DHS) identity management programs.
• Familiarity with integrating data governance frameworks with ICAM solutions to enforce data-level access controls.
• Direct experience with enterprise identity tools such as SailPoint, Okta, Microsoft Entra ID, or Ping Identity.
• Advanced knowledge of RESTful API authorization protocols, secure gateways, and data schema security standards.