AWS Cloud Infrastructure Engineer (Keycloak Specialty)

Responsibilities

• Design and maintain the identity architecture utilizing Keycloak
• Implement federated identity and single sign-on (SSO) solutions using modern protocols (SAML, OAuth2.0, OIDC)
• Collaborate with Cloud and Security Architects to enforce Zero Trust Architecture (ZTA) across microservices and APIs
• Configure and maintain directory services and identity providers (e.g., AWS Cognito, AWS IAM Identity Center, Azure AD, IBM Verify , KeyCloak)
• Deep experience integrating KeyCloak as a broker IdP federating upstream enterprise IdPs while issuing downstream OIDC token to application
• Design identity solutions and support compliance assessments , ensuring adherence to FISMA, NIST 800-63, and FedRAMP security controls
• Develop and document identity lifecycle management processes -provisioning, deprovisioning, and access reviews
• Design and implement least privileged roles, groups, functionalities based on ZTA for both privileged and non-privileged users for a FedRAMP High system
• Experience defining workflow, rules, policies within ICAM tools particularly IBM Verify and KeyCloak
• Conduct access audits, user entitlement reviews, and anomaly detection to ensure least-privilege compliance
• Provide subject matter expertise in identity federation, PKI, certificate management , and secure API authorization
• Design strategies for logging, monitoring and auditing authentication and authorization related events in combination with other AWS event logs
• Design and implement storage level, microservice level Authentication and Authorization
• Support ATO process by providing solutions to all security controls, document implementation plan, maintain Visio diagrams
• Participate in design sessions and work closely with the security lead
• Collaborate with DevSecOps teams to embed ICAM policies within CI/CD pipelines and Infrastructure-as-Code (IaC) templates
• Direct and lead Pen testing, Review architecture diagrams produced by different teams
• Independently lead design and implement of vulnerability management
• Lead and direct engineering team
• Deliverable Alignment & Performance Outcomes:
• Architecture Diagrams: Depicting identity flow, federation, and integration points with AWS and CMM systems
• Access Control Documentation: Policies, RBAC models, and credential management workflows
• Compliance Verification Reports: Audit results aligned to NIST 800-63, FedRAMP, and FISMA standards
• Zero Trust Implementation Artifacts: Documentation and verification of ZTA enforcement within system components
• Performance Outcomes: 100% of CMM applications integrated with SSO and MFA.
• Zero unauthorized access incidents attributable to configuration error
• 100% compliance with NIST and FedRAMP ICAM control requirements
• Reduced account provisioning time by ≥30% through automation
• Tools & Technologies:
• IAM & Federation: KeyCloak , Okta
• Access & Compliance: SailPoint, CyberArk, HashiCorp Vault
• Cloud: AWS IAM, KMS, CloudTrail, Lambda
• Protocols: SAML, OAuth2.0, OIDC, SCIM
• Monitoring & Audit: Splunk
• Collaboration: Jira, Confluence, SharePoint, MS Teams
• Required Skills & Experience:
• Education: Bachelor's Degree in Cybersecurity, Information Systems, or equivalent experience required; Master's Degree preferred
• Experience: 10+ years of experience in identity and access management, including 8+ years in cloud-based environments required ; 12+ years of experience in information systems preferred
• Hands-on experience with KeyCloak and AWS IAM Identity Center for SSO and MFA implementations. (IBM Verify a plus)
• Strong knowledge of identity federation protocols (SAML, OAuth2.0, OIDC, SCIM) and modern authentication flows
• Expertise with RBAC/ABAC frameworks, policy-based access control, and least-privilege enforcement
• Familiarity with NIST 800-63, FISMA, FedRAMP, and ZTA standards and compliance frameworks
• Experience implementing ICAM solutions in Agile and DevSecOps environments
• Working knowledge of

Requirements

• Authentication, Cloud Computing, Identity Access Management (IAM) Certifications:
• None Experience:
• 10 + years of related experience US Citizenship Required:
• No
• Job Description:

Benefits

Additional Information

Type of Requisition: Regular Clearance Level Must Currently Possess: None Clearance Level Must Be Able to Obtain: None Public Trust/Other Required: BI Full 6C (T4) Job Family: Software Engineering Job Qualifications:

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at General Dynamics IT? Share your experience