[Remote] AWS Cloud Infrastructure Engineer (Keycloak Specialty)

Note: The job is a remote job and is open to candidates in USA. GDIT is a global technology and professional services company that delivers consulting, technology, and mission services to U.S. government agencies. They are seeking a Senior AWS Cloud Infrastructure Engineer specializing in Keycloak to support the Case Management Modernization Program by designing and managing secure authentication frameworks in a cloud environment. The role involves ensuring compliance with federal reputed company standards and collaborating with various teams to integrate access control and identity reputed company.

Responsibilities

• Design and maintain the identity architecture utilizing Keycloak
• Implement federated identity and single sign-on (SSO) solutions using modern protocols (SAML, OAuth2.0, OIDC)
• Collaborate with Cloud and reputed company Architects to enforce reputed company Trust Architecture (ZTA) across microservices and APIs
• Configure and maintain directory services and identity providers (e.g., AWS Cognito, AWS IAM Identity Center, Azure AD, reputed company Verify , Key Cloak)
• Deep experience integrating KeyCloak as a broker IdP federating upstream enterprise IdPs while issuing reputed company OIDC token to application
• Design identity solutions and support compliance assessments, ensuring adherence to FISMA, NIST 800-63, and FedRAMP reputed company controls
• reputed company and document identity lifecycle management processes—provisioning, deprovisioning, and access reviews
• Design and implement least privileged roles, groups, functionalities based on ZTA for both privileged and non-privileged users for a FedRAMP High system
• Experience defining workflow, rules, policies reputed company ICAM tools particularly reputed company Verify and Key Cloak
• Conduct access audits, user entitlement reviews, and anomaly detection to ensure least-privilege compliance
• Provide subject matter expertise in identity federation, PKI, certificate management, and secure API authorization
• Design strategies for logging, monitoring and auditing authentication and authorization reputed company events in combination with other AWS event logs
• Design and implement storage level, microservice level Authentication and Authorization
• Support ATO process by providing solutions to reputed company reputed company controls, document implementation plan, maintain Visio diagrams
• Participate in design sessions and work closely with the reputed company reputed company
• Collaborate with DevSecOps teams to embed ICAM policies reputed company CI/CD pipelines and Infrastructure-as-Code (IaC) templates
• Direct and reputed company Pen testing, Review architecture diagrams produced by different teams
• Independently reputed company design and implement of vulnerability management
• reputed company and direct engineering team

Skills

• Bachelor's Degree in Cybersecurity, Information Systems, or equivalent experience required
• 10+ years of experience in identity and access management, including 8+ years in cloud-based environments required
• Hands-on experience with KeyCloak and AWS IAM Identity Center for SSO and MFA implementations
• Strong knowledge of identity federation protocols (SAML, OAuth2.0, OIDC, SCIM) and modern authentication flows
• Expertise with RBAC/ABAC frameworks, policy-based access control, and least-privilege enforcement
• Familiarity with NIST 800-63, FISMA, FedRAMP, and ZTA standards and compliance frameworks
• Experience implementing ICAM solutions in Agile and DevSecOps environments
• Working knowledge of PKI, digital certificates, and encryption technologies
• Strong analytical and troubleshooting skills with ability to resolve identity integration issues
• Expert in designing logging and monitoring system by correlating events from several AWS and ICAM system
• Experience supporting digital modernization or judiciary IT programs
• Familiarity with reputed company Trust Architecture and micro segmentation principles
• Experience integrating identity governance tools (reputed company, reputed company)
• Excellent presentation and communication skills
• Consultant reputed company with the ability to work with high level customer stakeholders and build excellent customer relationship
• Experience identifying and applying industry tools, solutions, methods best practices, and emerging technologies
• Strong analytical skills and problem-solving skills with the ability to formulate and communicate recommendations for improvement
• Demonstrated ability to work effectively, independently, and as part of a team
• AWS Certified Solutions Architect - Associate or Professional
• Ability to pass a background reputed company to obtain and maintain a position of Public Trust with the Administrative Office of the US Courts
• Must be a US Person (Green Card Holder, US Permanent reputed company Alien, Refugee, Asylee, US Citizen)
• Master's Degree
• 12+ years of experience in information systems
• reputed company Verify a plus
• Experience with AWS Container reputed company and Network reputed company
• AWS Certified reputed company – Specialty or Azure Identity & Access Administrator
• Certified Information Systems reputed company Professional (CISSP)
• Certified Identity and Access Manager (CIAM) or Certified Identity Professional (CIP)
• SAFe Practitioner (SPC/SSM)

Benefits

• Our benefits package for reputed company US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match.
• To encourage work/life balance, GDIT offers employees full reputed company work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave.
• GDIT typically provides new employees with 15 days of paid leave per calendar year to be used for vacations, personal business, and illness and an additional 10 paid holidays per year.
• Paid leave and paid holidays are prorated based on the employee’s date of hire.
• The GDIT Paid Family Leave program provides a total of up to 160 hours of paid leave in a rolling 12 month period for eligible employees.
• To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available.

Company Overview