IGA Engineer; SailPoint), Zero Trust Program; USSOCOM TS​/SCI

IGA Engineer (SailPoint), Zero Trust Program (USSOCOM TS/SCI)

Join Kentro as a highly skilled Identity Governance and Administration (IGA) Engineer on the Zero‑Trust execution team at U.S. Special Operations Command (USSOCOM). In this role you will build and maintain the “source of truth” that governs access to the Command’s most critical data.

Location: Onsite in Tampa, FL

• Lead the design, deployment, and ongoing management of SailPoint Identity Now (or IIQ) to automate the full identity lifecycle (Joiner, Mover, Leaver) across hybrid and on‑premises environments.
• Define and manage the schema for “Trust Attributes” (e.g., Clearance, COI, Project Codes) within SailPoint, ensuring alignment with the NIST 8112 metadata standard for consumption by policy decision points.
• Manage the offline instance of SailPoint on the Top‑Secret network, developing workflows to import “Attribute Manifests” and synchronise identity data with the low‑side source of truth.
• Configure and execute automated access certification campaigns for critical data repositories and privileged roles, ensuring compliance with DoD audit requirements.
• Work with mission owners to define Technical Roles and Business Roles within SailPoint, replacing broad, static Active Directory groups with granular, policy‑driven access roles.

• Master’s degree (MA/MS) in Computer Science, Information Security / Cybersecurity, Information Systems, Data Science, or a closely related technical field.
• 10+ years of relevant experience.
• Extensive (5+ years) hands‑on experience designing, implementing, and administering SailPoint (Identity Now or Identity
  
  IQ) in a large enterprise environment.
• Deep understanding of the Joiner‑Mover‑Leaver (JML) process and experience automating provisioning/deprovisioning workflows connected to HR systems and Active Directory.
• Strong knowledge of Active Directory, LDAP, and Azure Active Directory (Entra ) structures and management.
• Proven experience with Role‑Based Access Control (RBAC) modelling, Separation of Duties (SoD) policy creation, and access certification campaigns.

• Experience implementing Attribute‑Based Access Control (ABAC) strategies.
• Familiarity with DoD Identity, Credential, and Access Management (ICAM) reference designs.
• Knowledge of integration protocols such as REST, SCIM, and SOAP.
• Experience supporting USSOCOM or other DoD agencies.

• Required: CompTIA Security+ CE (or higher) to meet DoD 8570 IAT Level II requirements.
• Preferred: SailPoint Certified Identity Now Engineer or SailPoint Certified Identity
  
  IQ Engineer.
• Preferred: Certified Identity and Access Manager (CIAM) or CISA.

• Active Top‑Secret clearance with SCI eligibility.

We believe in generating success collaboratively, enabling long‑term mission success, and building trust for the next challenge. As a valued member of our team, you have the unique opportunity to work in a diverse range of technology and business career paths, all while supporting our nation and delivering innovative technology solutions.

• Competitive benefits package including paid time off, healthcare benefits, supplemental benefits, 401(k) with employer match.
• Education reimbursement for certifications, degrees, or professional development.
• Discount perks, rewards, and more.
• Events and activities, including happy hours, holiday events, fitness & wellness events, and annual celebrations.
• Charity galas/events to support community involvement.

Kentro is an equal‑opportunity employer. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local law.

To apply, click the “Apply for this Job” button at the bottom of this description or the button at the top titled “Application.” Upload your resume and complete all application steps. If you need alternative application methods, email careers.

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. Reasonable accommodations may be made to enable qualified individuals with disabilities to perform essential functions. If you need to discuss reasonable accommodations, please email careers.