AD/ICAM Systems Administrator III

Role Summary

We are seeking an experienced AD/ICAM Systems Administrator III to support identity and access management operations . This role is fully on-site in Washington, DC (5 days/week) and focuses on administering, integrating, and securing enterprise identity platforms including Active Directory, Azure AD, and Okta. The position works independently on day-to-day objectives and owns technical processes within the IAM domain, with a direct impact on operational outcomes.

Key Responsibilities

• Administer and manage on-premises Active Directory environments, ensuring security, high availability, and proper configuration.
• Oversee Group Policy Objects (GPOs), Trusts, DNS, AD Sites and Services, and AD replication.
• Perform user provisioning and de-provisioning, applying Active Directory security best practices (least privilege, permissions, password policies).
• Implement and manage Active Directory Federation Services (ADFS) for authentication and federation with cloud and external resources.
• Manage Azure Active Directory (Azure AD) for cloud-based identity management.
• Integrate on-premises AD with Azure AD using Azure AD Connect, including synchronization, troubleshooting, and identity lifecycle management.
• Administer Azure AD Conditional Access policies to ensure secure and compliant access.
• Implement and configure Azure AD B2C for external-facing application authentication.
• Oversee administration and integration of Okta for identity management, including SSO, MFA, Universal Directory, Lifecycle Management, and API Access Management.
• Ensure seamless integration of Okta with internal and third-party applications (e.g., Office 365, Salesforce, Google Workspace).
• Monitor health, performance, and security of AD, Azure AD, and Okta environments and proactively resolve issues.
• Develop and maintain PowerShell scripts to automate IAM-related tasks.
• Create and maintain technical documentation for identity systems and processes.
• Collaborate with security, network, and application teams to resolve IAM challenges.
• Communicate technical issues and solutions clearly to both technical and non-technical stakeholders.

Required Technical Skills

• Hands-on administration of Active Directory, including GPOs, ADFS, trusts, DNS, and AD sites/replication.
• Strong experience with Azure Active Directory, including:
• Azure AD Connect
• Conditional Access
• Azure AD B2C
• Expertise with Okta, including:
• Single Sign-On (SSO)
• Multi-Factor Authentication (MFA)
• Universal Directory
• Lifecycle Management
• API Access Management
• Proficiency in PowerShell for automation and system management.
• Working knowledge of IAM protocols: SAML, OAuth, OpenID Connect, LDAP.
• Strong understanding of identity security best practices, including MFA and RBAC.
• Ability to troubleshoot complex authentication, access, and security issues.

Preferred / Nice-to-Have Skills

• IAM or security certifications, such as:
• Microsoft Certified: Azure Solutions Architect
• Okta Certified Administrator
• Experience with Identity Governance tools such as SailPoint or Saviynt.
• Familiarity with cloud platforms and IAM services in AWS or Google Cloud.
• Exposure to DevOps practices and integrating IAM into CI/CD pipelines.

Qualifications & Experience

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, Engineering, or a related field (or equivalent work experience).
• 5 years of hands-on experience in Identity and Access Management (IAM).
• Strong verbal and written communication skills.
• Ability to work independently and collaborate across technical teams.
• U.S. Citizenship/GC required.
• Willingness to complete personal disclosure and soft credit check.
• Willing to work on-site in Washington, DC, five days per week.