remote

AWS Cloud Security and ICAM Specialist

AWS Cloud Security and ICAM Specialist designs, implements, and manages secure authentication and authorization frameworks across cloud-based applications for the Administrative Office of the U.S. Courts.

About the role

Type of Requisition:

Clearance Level Must Currently Possess:

Clearance Level Must Be Able to Obtain:

Public Trust/Other Required:

Job Family:

Job Qualifications:

Skills:

Certifications:

Experience:

US Citizenship Required:

Job Description:

The AWS Cloud Security and ICAM Specialist supports the Case Management Modernization (CMM) Program for the Administrative Office of the U.S. Courts (AO) by designing, implementing, and managing secure authentication and authorization frameworks across modernized cloud-based applications. This role ensures compliance with federal identity governance, FedRAMP, and Zero Trust Architecture (ZTA) principles within an AWS environment. The ICAM Specialist collaborates with architecture, security, and DevSecOps teams to ensure access control, identity federation, and credential management are integrated seamlessly across all layers of the CMM application ecosystem.

Key Responsibilities:

Design and maintain the ICAM architecture for identity, access, and authentication management across AWS-hosted CMM applications and other legacy ICAM
Implement federated identity and single sign-on (SSO) solutions using modern protocols (SAML, OAuth2.0, OIDC)
Collaborate with Cloud and Security Architects to enforce Zero Trust Architecture (ZTA) across microservices and APIs
Configure and maintain directory services and identity providers (e.g., AWS Cognito, AWS IAM Identity Center, Azure AD, IBM Verify , Key Cloak)
Deep experience integrating KeyCloak as a broker IdP federating upstream enterprise IdPs while issuing downstream OIDC token to application
Design ICAM brokerage solutions and support compliance assessments , ensuring adherence to FISMA, NIST 800-63, and FedRAMP security controls
Develop and document identity lifecycle management processes —provisioning, deprovisioning, and access reviews
Design and implement least privileged roles, groups, functionalities based on ZTA for both privileged and non-privileged users for a FedRAMP High system
Experience defining workflow, rules, policies within ICAM tools particularly IBM Verify and Key Cloak
Conduct access audits, user entitlement reviews, and anomaly detection to ensure least-privilege compliance
Provide subject matter expertise in identity federation, PKI, certificate management , and secure API authorization
Design strategies for logging, monitoring and auditing authentication and authorization related events in combination with other AWS event logs
Design and implement storage level, microservice level Authentication and Authorization
Support ATO process by providing solutions to all security controls, document implementation plan, maintain Visio diagr