IAM / Zero Trust Cybersecurity Engineer

Job Description

Job DescriptionDescription:

About the role

XSI is seeking an IAM / Zero Trust Cybersecurity Engineer to design, implement, and maintain identity and access controls for the cybersecurity engineering team supporting the Congressional Budget Office (CBO). This is a sustained part-time role that surges during IAM discovery, control implementation, validation, and documentation.

What you'll do

• Design, implement, and maintain least-privilege access controls, RBAC, PAM, MFA, and authentication/authorization integrations across cloud, network, endpoint, and application environments.
• Configure and manage Entra ID / Azure AD, conditional access policies, identity provider integrations, and cloud IAM.
• Implement and govern privileged access using tools such as CyberArk, Delinea, Azure PIM, Okta, or SailPoint.
• Conduct access reviews; remediate excessive or standing permissions; govern service accounts.
• Drive MFA / passwordless rollout, group/role cleanup, identity logging, and audit evidence collection.
• Enforce Zero Trust principles across cloud, network, and endpoint environments.

Requirements:

• 6–10+ years of IAM, Zero Trust, and enterprise access control experience.
• Hands-on experience with Entra ID / Azure AD, conditional access, RBAC, MFA, privileged access, identity provider integration, cloud IAM, and access reviews.
• PAM experience with CyberArk, Delinea, Azure PIM, Okta, SailPoint, or equivalent (preferred).
• Demonstrated implementation of access controls — not policy authorship alone.

Certifications

Preferred: Microsoft SC-300, AZ-500, SC-100; Okta; SailPoint; Security+, CISSP, CISM, or equivalent IAM/cloud security credentials.