CGI Technologies and Solutions, Inc. IAM (Identity Access Management) Engineer in Washington, District Of Columbia
IAM (Identity Access Management) Engineer
- Log in
Find similar career opportunities
IAM (Identity Access Management) Engineer
City: Washington, District of Columbia, United States
Position ID: J0820-0647
Employment Type: Full Time
CGI Federal is seeking an experienced developer to join the Team for developing quality software product using Attribute Based Access Control (ABAC) as the security framework for data access. Unlike the traditional Role Based Access Control (RBAC), ABAC defines a data access control paradigm whereby access rights are granted to users through the use of policies that combine attributes together. The policies can use any type of attributes (user attributes, resource attributes, object, environment attributes etc.). As the ABAC Engineer, you will work closely with the Solutions Architect and other developers to research available ABAC products to determine the best choice for the project. You will analyze the project requirements and gap analysis to determine and recommend build vs buy option ensuring alignment with the product architecture and overall design guidelines. You will develop a detailed knowledge of the underlying mechanism of ABAC policy framework related to data and data products and become the subject matter expert. The ideal candidate should have solid understanding of the federal data market, customer adoption of digital data, deep expertise with data access technologies and a desire to drive change through data alignment across the enterprise and promote sharing, reuse, ROI to reduce overall cost and improve information flow. The role requires the candidate to be a hands-on full stack developer with experience in all phases of the SDLC.
Your future duties and responsibilities:
As a key member of CGI Federal’s Team, you shall be responsible for the following:
• Develops overall ABAC architecture and design decisions for variety of data sources, data formats, data storage that span across multiple security domains
• Working with other team members and the Technical Lead to convey solution strategy as it pertains to information and ABAC solution (build vs buy, tools, policy management) by conducting collaborative workshops, consulting, reporting, and creating pertinent deliverables.
• Performs a key management and thought leadership role in the areas of advanced data security techniques, including metadata, data access, data integration, data discovery, solution design and implementation.
• Develops and helps institute best practices, methodologies and standards about Data Governance, Policy Management, Data Catalog, and Data Security.
• Works with Solution Architects, domain experts, and other project team members to develop consensual software design to ensure the proposed solution meets both client and end user needs.
• Steward of Enterprise Policy Management including data quality and data security technologies.
• Defines and achieves the overall data access policies for the enterprise; including data modeling, implementation and data management for our enterprise data warehouse and advanced data analytics systems.
Required qualifications to be successful in this role:
• Good understanding of application Authentication and Authorization framework
• In depth knowledge of RBAC (Role Based Access Control) implementation using custom code or Enterprise Identity Access Management (IAM) products
• Hands-on experience implementing ABAC policy frameworks
• Intimate familiarity with existing ABAC frameworks such as Axiomatics, NextLabs, Casbin, etc.
• Hands-on experience with metadata management activities
• Excellent coding skills in any of these programming languages: NodeJS, Java, React, Go
• Hands on experience with data profiling tools and processes
• Well versed in the following data domains: Master Data, Operational Data, Analytical Data, Unstructured Data, and Metadata.
• Familiarity with Data Catalog and/or Data Virtualization tools such Alation, CKAN, Collibra, Immuta, Denodo, etc.
• Familiarity with Single-Sign-On and different type of Authentication mechanisms SAML 2, oAuth, OpenID 2, AD, PKI, SSL Certificate, etc.
• Familiarity with government security standards such as NIST, FIPS-2, HSPD-12 and OMB
• Working knowledge of all phases of the Software Development Life Cycle (SDLC).
• 5+ years of hands-on development experience
• Understanding of cross-domain data access needs in federal and government industry
What you can expect from us:
Build your career with us.
It is an extraordinary time to be in business. As digital transformation continues to accelerate, CGI is at the center of this change—supporting our clients’ digital journeys and offering our professionals exciting career opportunities.
At CGI, our success comes from the talent and commitment of our professionals. As one team, we share the challenges and rewards that come from growing our company, which reinforces our culture of ownership. All of our professionals benefit from the value we collectively create.
Be part of building one of the largest independent technology and business services firms in the world.
Learn more about CGI at www.cgi.com .
No unsolicited agency referrals please.
CGI is an equal opportunity employer.
Qualified applicants will receive consideration for employment without regard to their race, ethnicity, ancestry, color, sex, religion, creed, age, national origin, citizenship status, disability, medical condition, military and veteran status, marital status, sexual orientation or perceived sexual orientation, gender, gender identity, and gender expression, familial status, political affiliation, genetic information, or any other legally protected status or characteristics.
CGI provides reasonable accommodations to qualified individuals with disabilities. If you need an accommodation to apply for a job in the U.S., please email the CGI U.S. Employment Compliance mailbox at USEmploymentCompliance@cgi.com . You will need to reference the requisition number of the position in which you are interested. Your message will be routed to the appropriate recruiter who will assist you. Please note, this email address is only to be used for those individuals who need an accommodation to apply for a job. Emails for any other reason or those that do not include a requisition number will not be returned .
We make it easy to translate military experience and skills! Click here at https://cgi-veterans.jobs/ to be directed to our site that is dedicated to veterans and transitioning service members.
All CGI offers of employment in the U.S. are contingent upon the ability to successfully complete a background investigation. Background investigation components can vary dependent upon specific assignment and/or level of US government security clearance held.
CGI will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with CGI’s legal duty to furnish information.