Identity and Access Management (IAM) Administrator

Location: Washington, DC, United States
Date Posted: 09-28-2018
Identity and Access Management (IAM) Administrator    (Short-Term Contract)
Term: 6-10 weeks
FBI Headquarters, Washington, DC
Top Secret w/ SCI Security Clearance (must already have at time of application)
ATSG Corporation prides itself on our proven dedication to providing expert assistance to our government partners—without any surprises. We work hard to honor our commitment to our clients while ensuring our employees feel secure and empowered in their work. We take excellent care of our team so they may have the freedom and confidence to focus on their missions and provide nothing but the best output on the work site and at home.
The company provides a variety of services within the Intelligence Community. Our products may be diverse but the results are one and the same—on schedule, on budget, and completed with superior quality. We are experienced in areas such as Mobility, Enterprise Architecture, Data Processing, Law Enforcement Mission Support, and Acquisition Support. As an organization, we are consistently expanding our footprint in the contracting community.
We are presently seeking an Identity and Access Management Administrator with an active Top-Secret Clearance w/ SCI to join the Information and Technology Branch (ITB) Information Technology Infrastructure Division (ITID) at the Federal Bureau of Investigation in Washington, DC. The FBI ITB ITID mission includes the provision of comprehensive information technology services to all FBI personnel assigned to the FBI Headquarters, J. Edgar Hoover Building (FBIHQ) in Washington, D.C., Field Offices (FOs), Resident Agencies (RAs), and Legal Attaché (LEGAT) located overseas.
In support of this mission, ITID is responsible for the management and support of the FBI’s IT infrastructure. Part of this infrastructure includes systems operating on four (4) enclaves (BlackNet, Unclassified, Secret, and Top Secret/Sensitive Compartmented Information), as well as the underlying facilities and transports to support them.   
The present length of need for this position will be 6-10 weeks of guaranteed work.        

  • Knowledge and experience supporting authentication services, firewalls, high availability systems, and web services. The main focus for authentication services would include certificate authentication using Kerberos constrained delegation, and single sign-on.
  • Possess a broad understanding of web services, including publishing and troubleshooting material published by internal and external sources. This experience must include an understanding of protocols used for web traffic and troubleshooting tools to diagnose connectivity issues.
  • Experience with Microsoft Windows Server operating system 2016, or earlier.
  • Experience using Microsoft Active Directory Services.
  • Knowledge and experience using the following:
    • Forefront Identity Manager (FIM)
    • Microsoft Identity Manager (MIM)
    • Microsoft Forefront Unified Access Gateway (UAG)
    • Microsoft Forefront Threat Management Gateway (TMG) within a single enclave
    • Web Application Proxy (WAP)
  • For firewalls, the contractor shall have a basic understanding of endpoints, access and publishing policies, including the ability to troubleshoot connectivity issues in complex scenarios, with consideration of the outward lying network technologies.
  • Exposure to High Availability Systems, the contractor shall understand and have experience with general concepts of arrays, load balancing, and replication.
  • Experience with Lightweight Active Directory Protocol (LDAP) and Secure Lightweight Active Directory Protocol (LDAPS).
  • General understanding of Structured Query Language (SQL).

  • General understanding of Public Key Infrastructure (PKI) and certificate services.
  • General understanding of RSA management and support.
  • Self-starter, able to manage multiple tasks efficiently for on-time delivery.
  • Strong oral and written communication skills, including presentation skills and experience communicating with technical and non-technical audiences.

  • Provide guidance regarding changes to the AD schema.
  • Manage and maintain standardized Organizational Units (OU) in AD.
  • Manage and maintain AD custom attributes and security groups.
  • Manage AD sites and subnets, including site replication.
  • Manage and maintain group policy, and scripts associated with group policy, to secure the IT infrastructure and grant necessary resources to staff, consistent with job requirements (i.e. workstation, server, common Microsoft products such as Exchange, SharePoint and other group policies as requested).
  • Create and maintain a Group Policy Map to indicate what each group policy does, what resource(s) is (are) affected, and understand the effect of any change to group policy.
  • Manage the AD database, System Volume (SYSVOL).
  • Monitor Domain Controllers to prevent outages and/or restore service in a timely manner, analyze the policies currently monitored, and make recommendations as needed to provide meaningful alerts for action.
  • Audit changes to accounts, group policy, and other changes to AD with enterprise auditing tools (i.e. Dell Active Administrator, Change Auditor, and Recovery Manager).
  • Follow FBI Change Management Policy when changing the FBI IT infrastructure.
  • Share knowledge with other members of the full AD team, regardless of whether other members are FBI employees or contractors of this or another contractor.
  • Maintain a listing of all service accounts, the applications and servers which use them, and the unit responsible for the accounts.
  • Provision, modify, and deprovision user and administrator accounts on the four (4) enclaves upon receipt of approved access or deprovisioning request, based upon location, role, or both. Accounts shall be provisioned/modified/deprovisioned within five (5) days of receipt or date specified in the request, whichever is later. MDSU is currently receiving an average of 165 requests daily. As part of this process, the Exchange mailboxes are also created.
  • Make necessary adjustments to security controls to grant only that access to IT resources required for job performance.
  • Manage user profiles, including access to share drives, OU assignment, password reset, and general directory cleanup at regular intervals.
  • Support personnel moves by migrating user profiles and data to data stores associated with new location.
  • Manage and maintain delegation of permissions.
  • Follow FBI policy and procedures for account management to create, modify, or delete accounts and account permissions.
*Candidates are encouraged to submit a .doc or .docx resume that explicitly addresses each of the requirements listed above. 
As an Equal Opportunity Employer, our applicants and employees are protected from discrimination. Visit for more information.
Equal access to programs, services and employment is available to all persons. Those applicants requiring reasonable accommodation to the application and/or interview process should notify a representative of the Recruiting Team.
This contractor and subcontractor shall abide by the requirements of 41 CFR 60-300.5(a) and 60-741.5(a). These regulations prohibit discrimination against qualified individuals on the basis of protected veteran status or disability, and require affirmative action by covered prime contractors and subcontractors to employ and advance in employment qualified protected veterans and individuals with disabilities.
To comply with Federal law, ATSG Corporation participates in E-Verify.  Successful candidates must pass the E-Verify process after hire. 
We respectfully request not to be contacted by recruiters and/or staffing agencies.

this job portal is powered by CATS