Demo

Senior IAM Engineer Identity Broker Architect

T and T Consulting Services Inc
Silver, MD Full Time
POSTED ON 12/10/2025 CLOSED ON 2/17/2026

What are the responsibilities and job description for the Senior IAM Engineer Identity Broker Architect position at T and T Consulting Services Inc?

Project Overview:

We are seeking a Senior Identity & Access Management (IAM) Engineer / Identity Broker Architect to lead the design and implementation of the Logbook Identity Management Broker for OpenID (LIMBO) for NOAA. LIMBO will serve as a mission-critical identity broker enabling secure authentication for NOAA employees (via ICAM) and public users (via Login.gov), while preserving authorization and permit data stored in multiple legacy systems.

This role is ideal for an engineer who has deep hands-on experience with both OIDC and SAML 2.0, has built authentication platforms at scale, and can successfully operate in a federal environment with CAC/PIV, MFA, and NIST-aligned requirements.

You will drive architecture, system build, integrations, security compliance, automated testing, and support for multiple mobile applications used across the U.S. fishing industry.

Key Responsibilities

Identity Broker Development

  • Design and build the LIMBO identity broker that supports:
    • OIDC Authorization Code Flow with PKCE (S256)
    • JWT access tokens signed with RS256
    • Standard OIDC endpoints: /authorize, /token, /userinfo, /jwks, /.well-known/openid-configuration
  • Implement SAML 2.0 Service Provider capabilities including:
    • Signed assertions and responses
    • HTTP Redirect & POST bindings
    • Metadata import/export
    • Configurable SAML attribute → OIDC claim mapping

Federal Identity Provider Integrations

  • Integrate with NOAA ICAM to enable CAC/PIV authentication for NOAA staff.
  • Integrate with NOAA’s Login.gov federation broker for public user authentication.

Legacy System Integrations

  • Build secure APIs and UI flows to link Login.gov identities with existing legacy systems:
    • PIMS (Appian) via validation-code workflow
    • GARFO Certify (REST API)
  • Store and maintain user-to-permit associations in a relational data model.
  • Implement permit-access revocation workflows for ownership changes.

Architecture, Testing & Deployment

  • Design relational database schema to preserve identity & authorization data.
  • Implement automated unit, integration, and load tests for all login flows.
  • Deliver containerized application builds that meet NMFS OCIO standards.
  • Provide documentation, technical training, and post-deployment support.
  • Collaborate closely with ECL development teams and NOAA operations staff.

Required Qualifications

Identity & Authentication

  • 5–8 years backend engineering experience, including 3 years in IAM.
  • Expert-level knowledge of:
    • OpenID Connect (OIDC)
    • OAuth 2.0 / 2.1
    • SAML 2.0 federation
    • PKCE, JWT/JWS/JWKS, RS256 signing
  • Experience building or customizing:
    • Identity brokers
    • Authorization servers
    • SAML SP integrations

Backend Engineering

Experience with at least one modern backend stack:

  • Java (Spring Boot)
     or
  • Node.js (NestJS or Express)

Additional backend requirements:

  • REST API design and secure credential handling.
  • Relational databases (PostgreSQL/MySQL)—schema design, migrations.
  • Docker containerization and CI/CD pipelines.
  • Automated testing frameworks (JUnit, Jest, Mocha, Postman/Newman, etc.).

Security & Compliance

  • Experience in federal or regulated environments.
  • Understanding of CAC/PIV, MFA, FedRAMP/NIST 800-63 guidelines.

Preferred Qualifications

  • Prior integration experience with ICAM, Login.gov, Azure AD, or similar.
  • Experience supporting mobile/PWA apps using OIDC login.
  • Familiarity with Appian-based systems (e.g., PIMS).
  • Experience with large-scale identity consolidation or migration projects.

Soft Skills

  • Strong ability to document technical work for federal stakeholders.
  • Excellent communication and collaboration skills.
  • Ability to lead architecture discussions and mentor junior engineers.
  • Comfortable working independently with distributed teams.

What We Provide

  • Opportunity to build a mission-critical authentication platform that supports NOAA’s regulatory programs and the U.S. fishing industry.
  • Work on modern identity standards and federal-grade security architecture.
  • Collaborative environment with NOAA, NMFS, and ECL development teams.
  • Long-term engagement potential on future modernization efforts.

 

Benefits: Competitive benefits package including health, dental, vision, life insurance coverage, 401(k) plan, training programs, accrued paid time off (PTO), performance based monthly & quarterly awards, paid holidays and customer kudo rewards.

Equal Opportunity Employer/Veterans/Disabled

Salary : $122,000 - $160,000

If your compensation planning software is too rigid to deploy winning incentive strategies, it’s time to find an adaptable solution. Compensation Planning
Enhance your organization's compensation strategy with salary data sets that HR and team managers can use to pay your staff right. Surveys & Data Sets

What is the career path for a Senior IAM Engineer Identity Broker Architect?

Sign up to receive alerts about other jobs on the Senior IAM Engineer Identity Broker Architect career path by checking the boxes next to the positions that interest you.
Income Estimation: 
$129,363 - $167,316
Income Estimation: 
$145,845 - $177,256
Income Estimation: 
$147,836 - $182,130
Income Estimation: 
$154,597 - $194,610
Income Estimation: 
$86,891 - $130,303
Income Estimation: 
$120,936 - $155,014
Income Estimation: 
$131,745 - $167,716
Income Estimation: 
$144,503 - $184,592
Income Estimation: 
$102,541 - $137,871
Income Estimation: 
$153,752 - $200,235
This job has expired.
Employees: Get a Salary Increase
View Core, Job Family, and Industry Job Skills and Competency Data for more than 15,000 Job Titles Skills Library

Not the job you're looking for? Here are some other Senior IAM Engineer Identity Broker Architect jobs in the Silver, MD area that may be a better fit.

Lead Identity Access Management (IAM) Engineer/Architect
Apply
  • FINRA Rockville, MD
  • The Lead IAM Engineer/Architect leads enterprise IAM initiatives from planning through implementation, develops custom Java-based solutions within SailPoin... more
  • 19 Days Ago
Senior Principal Cybersecurity Architect | Identity & Access Management (IAM)
Apply
  • JPMorganChase Mc Lean, VA
  • Job Description As a Sr Principal Cybersecurity Architect at JPMorgan Chase within the Cybersecurity and Technology Controls organization, you lead a speci... more
  • 27 Days Ago
View More Jobs

AI Assistant is available now!

Feel free to start your new journey!