[Remote] AWS Cloud Infrastructure Engineer (Keycloak Specialty)

Note: The job is a remote job and is open to candidates in USA. GDIT is a global technology and professional services company that delivers consulting and technology services to major U.S. government agencies. They are seeking a Senior AWS Cloud Infrastructure Engineer specializing in Keycloak to support the Case Management Modernization Program by designing and managing secure authentication frameworks in a cloud environment while ensuring compliance with federal standards.

Responsibilities

• Design and maintain the identity architecture utilizing Keycloak
• Implement federated identity and single sign-on (SSO) solutions using modern protocols (SAML, OAuth2.0, OIDC)
• Collaborate with Cloud and Security Architects to enforce Zero Trust Architecture (ZTA) across microservices and APIs
• Configure and maintain directory services and identity providers (e.g., AWS Cognito, AWS IAM Identity Center, Azure AD, IBM Verify , KeyCloak)
• Deep experience integrating KeyCloak as a broker IdP federating upstream enterprise IdPs while issuing downstream OIDC token to application
• Design identity solutions and support compliance assessments, ensuring adherence to FISMA, NIST 800-63, and FedRAMP security controls
• Develop and document identity lifecycle management processes—provisioning, deprovisioning, and access reviews
• Design and implement least privileged roles, groups, functionalities based on ZTA for both privileged and non-privileged users for a FedRAMP High system
• Experience defining workflow, rules, policies within ICAM tools particularly IBM Verify and KeyCloak
• Conduct access audits, user entitlement reviews, and anomaly detection to ensure least-privilege compliance
• Provide subject matter expertise in identity federation, PKI, certificate management, and secure API authorization
• Design strategies for logging, monitoring and auditing authentication and authorization related events in combination with other AWS event logs
• Design and implement storage level, microservice level Authentication and Authorization
• Support ATO process by providing solutions to all security controls, document implementation plan, maintain Visio diagrams
• Participate in design sessions and work closely with the security lead
• Collaborate with DevSecOps teams to embed ICAM policies within CI/CD pipelines and Infrastructure-as-Code (IaC) templates
• Direct and lead Pen testing, Review architecture diagrams produced by different teams
• Independently lead design and implement of vulnerability management
• Lead and direct engineering team

Skills

• Bachelor's Degree in Cybersecurity, Information Systems, or equivalent experience required
• 10+ years of experience in identity and access management, including 8+ years in cloud-based environments required
• Hands-on experience with KeyCloak and AWS IAM Identity Center for SSO and MFA implementations
• Strong knowledge of identity federation protocols (SAML, OAuth2.0, OIDC, SCIM) and modern authentication flows
• Expertise with RBAC/ABAC frameworks, policy-based access control, and least-privilege enforcement
• Familiarity with NIST 800-63, FISMA, FedRAMP, and ZTA standards and compliance frameworks
• Experience implementing ICAM solutions in Agile and DevSecOps environments
• Working knowledge of PKI, digital certificates, and encryption technologies
• Strong analytical and troubleshooting skills with ability to resolve identity integration issues
• Expert in designing logging and monitoring system by correlating events from several AWS and ICAM system
• Experience supporting digital modernization or judiciary IT programs
• Familiarity with Zero Trust Architecture and micro segmentation principles
• Experience identifying and applying industry tools, solutions, methods best practices, and emerging technologies
• Strong analytical skills and problem-solving skills with the ability to formulate and communicate recommendations for improvement
• Demonstrated ability to work effectively, independently, and as part of a team
• AWS Certified Solutions Architect - Professional | Amazon Web Services (AWS) - Amazon Web Services (AWS)
• Master's Degree
• 12+ years of experience in information systems
• IBM Verify a plus
• Experience with AWS Container Security and Network Security
• AWS Certified Solutions Architect - Associate or Professional
• Certified Information Systems Security Professional (CISSP)
• AWS Certified Security – Specialty or Azure Identity & Access Administrator
• Certified Identity and Access Manager (CIAM) or Certified Identity Professional (CIP)
• SAFe Practitioner (SPC/SSM)

Benefits

• A variety of medical plan options, some with Health Savings Accounts
• Dental plan options
• A vision plan
• A 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match
• Full flex work weeks where possible
• A variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave
• 15 days of paid leave per calendar year to be used for vacations, personal business, and illness
• An additional 10 paid holidays per year
• Paid leave and paid holidays are prorated based on the employee’s date of hire
• The GDIT Paid Family Leave program provides a total of up to 160 hours of paid leave in a rolling 12 month period for eligible employees
• Short and long-term disability benefits
• Life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance

Company Overview