Job ID: CO-97146 (913591014)
CO Local/Remote IAM Architect with FIM, Cloud/SaaS, SSO, SAML, OAuth, OIDC, SSO-as-a-service, 508-compliant, NoSQL, and directory migration experience
Location: 601 East 18th Avenue Suite 250 Denver, CO
Duration: 9 months
Qualifications, Skills & Leadership
Minimum of 8 years of experience in IAM/FIM, including designing and providing solutions based on customer and governance requirements
Minimum of 5 years of experience with configuration and implementation of SaaS/Cloud or custom IAM solutions, including:
Requirements development
User account provisioning automation and self-service
Request-based application and resource provisioning
RBAC authorization implemented at the application layer
Federated Single Sign-on – SAML, OAuth, OIDC
Minimum of 3 years of technical experience in the following IAM Functional Skills
SSO-as-a-service road mapping and implementation
Very large directory migrations
Multi-factor authentication implementation
Section 508-compliant secure authentication
Understand and articulate the risks/tradeoffs of SSO from a security perspective
Understand and provide mitigation strategies for SSO attack vectors
Understand and provide fallback strategies for SSO reliability and fault tolerance
Prior experience in deployment and implementation of custom applications using OIDC for authentication
Relational database experience including:
Schema development
Complex queries on denormalized schemas
Developing stored procedures, triggers
Query optimizations – indexes, temp tables, etc.
Experience with NoSQL and key/value stores
Information risk, privacy, and strategy (i.e. security and privacy policies, or risk assessments, or security and privacy compliance);
Application security testing and security integrations within the Software Development Lifecycle (SDLC)
Professional and hands on experience in leading and building globally distributed, remote, Mainframe, Distributed and Cloud technology teams and tech stacks with high availability and reliability
Strong technology affinity and experience, as well as attention to detail and the ability to design, execute against strategic goals
Bachelor’s degree or equivalent experience
Nice to have – experience with PING and login.gov
Leadership
Ability to define and communicate strategy and vision and influence across state agencies and then execute at scale in a dynamic environment is essential
Ability to build strong, trusted and candid relationships and promote collaboration at the leadership level is essential
Ability to effectively inspire and influence teams and partners in delivering technology enabled solutions that meet agency operational needs
Ability to coach, mentor, and provide direct, timely performance feedback; experience setting direction, tracking progress, and ensuring accountability
Ability to thrive in a flexible and fast-paced environment across
Strong interpersonal, analytical, problem solving and organizational skills
Responsible for the overall system design. Documents development requirements for database, applications, and operation system environment. Consults with end users to test and debug applications to meet client needs. Serves as expertise in all aspects of designing and application development. May conduct training to IT Staff. Requires a bachelor’s degree and may be expected to have an advanced degree in area of specialty and 8 or more years of experience in the field or in a related area. Demonstrates expertise in a variety of the field’s concepts, practices, and procedures. Relies on extensive experience and judgment to plan and accomplish goals. Performs a variety of complicated tasks. May provide consultation on complex projects and is considered to be the top level contributor or specialist.
Scope of Work
The State of Colorado is seeking an innovative and passionate Technical Architect/Technical Owner to decommission a mainframe identity system as well as solution and implement a new Constituent State Identification System.
The Technical Architect is responsible for the overall design of the new State Identification System that supports multiple stakeholders for the Child Welfare, Early Childhood Services (including Universal Preschool, Child Care, and Provider Services), Child Support, Colorado Benefits Management System, Public Health engagement for vaccines and and disease control management, and Program Eligibility & Application Kit. The current identification system creates new identifiers and tracks the unique State ID’s and demographic information for clients applying and receiving benefits, or other state health services.