COMPANY OVERVIEW

XCEL Engineering, Inc. is an award-winning small business that provides trusted information technology, engineering, consulting and project management solutions and services to federal agencies and organizations. Originally founded in 1971 by professional engineers at the University of Tennessee, XCEL was acquired in 2003 by U.S. Army and Navy veterans and in 2023 became a MartinFed company.

XCEL Engineering is a part of IT Lab Partners (ITLP) which was created to support a leading research facility in the East Tennessee region in recruiting the best and the brightest technical talent. Considering joining our impressive team today!

Please Note: This position can be worked on-site in Oak Ridge, TN or remotely.

JOB OVERVIEW

XCEL Engineering has an opening for an Identity, Credential, and Access Management (ICAM) Systems Engineer to join our team of talented and diverse individuals. The successful candidate will have a strong understanding of federated identity, authentication and authorization technologies, ideally including SAML, Kerberos, Active Directory, Lightweight Directory Access Protocol (LDAP), OAuth, and OpenID-Connect.

ESSENTIAL FUNCTIONS

• Primary duties will include:

  • Serve as a Subject Matter Expert (SME) for the enterprise access and authentication infrastructure.
    • Collaborate with other SMEs to ensure the reliable, effective, and secure operation of the organization's IT systems.
    • Provide consulting to developers and customers as it relates to integrating with our authentication infrastructure in a secure and scalable manner.
    • Participate in the ongoing work of continuous improvement of the architecture and security of the organization's authentication infrastructure.
    • Serve as one of organization's Federation Site Administrator.
  • Manage the operation of ORNL's Federated Identity, Authentication, and Authorization infrastructure.
    • Provide design and operational support for SAML, OAuth, OpenID-Connect, and other Modern Authentication protocols, including integration of these systems to back-end directory services.
    • Perform monitoring and troubleshooting tasks.
    • Configure and manage identity provider and service provider connections.
    • Develop tools for automation for routine administrative and monitoring tasks.
  • Manage the operation of LDAP infrastructure systems.
  • Serve as a SME for the organization's Public Key Infrastructure (PKI), particularly as it relates to X.509 certificates for client authentication.

BASIC QUALIFICATIONS

• United States citizen with the ability to obtain a security clearance.
• Bachelor's degree in an Information Technology-related field plus 5 years of relevant work experience or 10 years of relevant work experience.
• Experience with authentication technologies (i.e. Active Directory) and concepts. Must possess a strong desire to learn federated identity management technologies (i.e. SAML).
• Minimum 5 years experience with Linux System Administration.
• Experience scripting in both Linux and Windows environments.
• Experience using data analysis (such as from logs), monitoring, and automation to improve operational excellence, reduce operational labor, and improve the overall security posture.
• Excellent interpersonal skills suitable for user support and ability to work well with peers.
• Experience in an environment requiring change control processes.
• Demonstrated ability to perform job tasks while considering cyber security risk of those tasks, and consulting with security professionals when necessary.
• Demonstrated capabilities to work in a dynamic environment and translate user needs into actionable project plans and see those plans through execution while balancing needs for short-term, high-priority tasks.
• Good written and verbal communication skills
• Ability to work in a group and alone on various projects.
• Ability to time manage and prioritize projects.
• Good documentation skills.
• Demonstrated analytical and problem solving skills.
• Strong commitment to ethical and professional values.

DESIRED QUALIFICATIONS

• A minimum of 2 years of experience with authentication and authorization technologies in an environment with a scale comparable to ORNL, specifically including experience with the use of Kerberos, SAML, and OAuth for authentication. Experience with Ping Federate is particularly desired.
• Experience working with federated identity management infrastructure, including the configuration and management of SAML- and OAuth-based. identity provider and service provider connections.
• Experience working with openLDAP.
• Experience in deploying and managing Public Key Infrastructure technologies, particularly including Microsoft PKI tools.
• Strong knowledge of multiple operating systems.
• Experience with DevOps and with configuration management tools.
• Advanced understanding of Microsoft server technologies specific to domain controllers, and all AD associated services such as ADFS, DNS, DHCP, DFS and GP.
• Previous experience working in a government, scientific, or other highly technical environment.

PHYSICAL REQUIREMENTS & ENVIRONMENTAL CONDITIONS

• Inside office environment.
• Working on a computer for long periods of time.
• May involve long period of sitting at a desk.
• The work environment is fast-paced and sometimes involves extreme deadline pressures.

OTHER DUTIES

This job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.

Xcel Engineering is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regards to race, color, religion, religious creed, gender, sexual orientation, gender identity, gender expression, transgender, pregnancy, marital status, national origin, ancestry, citizenship status, age, disability, protected Veteran Status, genetics or any other characteristics protected by applicable federal, state or local law.

If you are a qualified individual with a disability or disabled veteran, you have the right to request a reasonable accommodation if you are unable or limited in your ability to use or access Xcel Engineering's current openings as a result of your disability. You can request reasonable accommodations by calling 855.212.1810. Thank you for your interest in Xcel Engineering.