Keycloak Jobs in Virginia (NOW HIRING)

About Us:
VT-ARC, a technical services and applied research company, has built an organizational culture marked by four primary values: Teamwork, Integrity, Excellence, and Service. Integral to our success is our staff's enthusiasm for solving tough problems by working together in teams to get the job done. We foster a culture where every employee's contribution is valued and performed with integrity while maintaining a fun work environment. VT-ARC strives for excellence in all that is done for our clients, and such achievement is recognized through service/merit awards. Moreover, we promote a sense of community larger than VT-ARC alone, where staff and institutional resources can be applied in service to our country.
We are proud to be the recipient of the Best Workplace in Defense Award by Emergent Magazine, an honor that recognizes companies with positive cultures that not only impact their people but also make a meaningful difference in the community.
About You:
You are an identity engineer with deep experience implementing and integrating identity, access, certificate, PKI, federation, SSO, and/or secrets management capabilities in secure enterprise environments.
You bring hands-on depth with identity providers, certificate lifecycle management, OIDC, OAuth 2.0, SAML, PKI, certificate authorities, cert-manager, Entra ID, Keycloak, secrets platforms, service identities, and secure access patterns. You understand how identity, certificates, and secrets support Zero Trust-aligned architecture across both connected and air-gapped environments.
You are adaptable and comfortable working across cybersecurity, application, platform, cloud, network, UC, crypto, and operations teams to ensure identity capabilities are secure, interoperable, validated, documented, and operationally supportable. You have a mission focus and take pride in building systems the right way and supporting them end-to-end.
Position Overview:
VT-ARC is seeking a Senior to Staff level Identity, PKI and Access Engineer to support identity engineering, Zero Trust-aligned access, PKI, certificate lifecycle management, SSO, OIDC, secrets management, and secure service integration for mission-critical programs within TS/SCI environments.
This role is focused on identity engineering across the full implementation lifecycle, from requirements interpretation and architecture input through detailed design, implementation planning, integration, validation, documentation, and transition to operations. The role supports identity and access capabilities across enterprise, application, platform, network, container, and mission environments, including internet-connected, classified, multi-enclave, and air-gapped settings.
The Identity, PKI and Access Engineer will coordinate closely across technical teams and individual contributors to ensure secure identity management and access delivery. You have a mission focus and take pride in building systems the right way and supporting them end-to-end.
Active Top Secret/SCI clearance is required.
Duties/Responsibilities:

• Support end-to-end identity engineering activities, including architecture input, detailed design, implementation planning, integration, validation, and operational transition.
• Design, implement, integrate, and modernize identity, SSO, PKI, certificate lifecycle, federation, access control, and secrets management capabilities in classified and high-assurance environments.
• Engineer secure authentication and authorization patterns using OIDC, OAuth 2.0, SAML, LDAP/LDAPS, Kerberos, mTLS, RBAC, ABAC, and related identity technologies.
• Implement and support identity platforms and integrations involving Entra ID, Keycloak, Active Directory, certificate authorities, cert-manager, secrets managers, container security platforms such as Aqua Security, and related tools.
• Support certificate issuance, renewal, rotation, revocation, trust store management, mTLS enablement, service identity, and application certificate dependencies.
• Coordinate identity and secrets management dependencies across application, platform, cloud, network, UC, crypto, cybersecurity, and operations teams.
• Develop identity implementation plans, integration diagrams, certificate inventories, secrets management procedures, test procedures, and operational support documentation.
• Support Zero Trust-aligned access controls, least privilege, privileged access dependencies, auditability, and secure service-to-service communication.
• Support RMF, ATO, STIG, vulnerability remediation, control inheritance, and cybersecurity compliance activities for identity and access services.

Required Education, Certification, Skills, Capabilities:

• Demonstrated senior-level experience implementing and supporting enterprise identity, PKI, certificate management, SSO, federation, or secrets management capabilities.
• Hands-on experience with technologies such as Entra ID, Keycloak, Active Directory, LDAP/LDAPS, OIDC, OAuth 2.0, SAML, PKI, certificate authorities, cert-manager, or equivalent identity platforms.
• Strong practical knowledge of certificate lifecycle management, trust chains, mTLS, service identities, access control, token-based authentication, secrets rotation, and identity troubleshooting.
• Experience supporting classified, TS/SCI, multi-enclave, internet-connected, or air-gapped environments.
• Ability to coordinate technical dependencies across cybersecurity, application, platform, network, UC, crypto, cloud, and operations teams.
• Experience supporting RMF processes, ATO documentation, STIG compliance, security controls, or equivalent cybersecurity compliance activities for identity or platform services.
• Ability to produce clear technical documentation, diagrams, implementation guides, test procedures, certificate inventories, and operational support materials.

Desired Education, Certification, Skills, Capabilities:

• Experience with secrets platforms such as HashiCorp Vault, Azure Key Vault, CyberArk, Kubernetes secrets, or equivalent secure secrets management technologies.
• Experience with Aqua Security or equivalent container/cloud-native security tooling, including certificate, secrets, and workload identity integrations.
• Experience with HSMs, private CAs, offline roots, cross-certification, certificate policy, or high-assurance PKI operations.
• Professional certifications such as Security+, CISSP, Microsoft identity credentials, Kubernetes credentials, cloud security credentials, or equivalent technical credentials.
• Experience with Zero Trust architecture, privileged access management, conditional access, device posture, workload identity, and service mesh identity patterns.
• Familiarity with DoD identity, credential, and access management requirements, STIGs, FIPS dependencies, and secure enclave integration.

Primary Work Location: Work is expected to be fully onsite in Arlington, VA.
Special Work Conditions: Occasional travel may be required; up to 10%
Security:

• Must be a U.S. Citizen
• Active Top Secret/SCI clearance is required

Competitive Salary: VT-ARC offers a competitive salary and benefits package designed to attract and retain senior technical talent supporting mission-critical programs.
Salary: $185,000-$220,000/yr., based on skills, experience, clearance, technical depth, and mission alignment.
Virginia Tech Applied Research Corporation: VT-ARC is a 501(c)(3), non-profit R&D organization affiliated with Virginia Polytechnic Institute and State University (Virginia Tech or VT). Our mission is to provide superior analytic and technology solutions across multiple domains by leveraging Virginia Tech's multidisciplinary research and innovation ecosystem. With unique access to the broad and rich research enterprise found at Virginia Tech, VT-ARC forms multi-disciplinary teams to apply innovative solutions to the real-world problems that strain our social, political, industrial, and economic foundations.
To learn more about VT-ARC's Benefits, Perks, Culture & more visit our Careers page: https://vt-arc.org/careers/
Virginia Tech Applied Research Corporation is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, veteran status, or any other status protected by law. As a federal contractor, we are committed to providing equal employment opportunity and affirmative action for qualified individuals with disabilities under Section?503 of the Rehabilitation Act of 1973. If you need a reasonable accommodation to complete the application or interview process, please contact Human Resources at hr@vt-arc.org
Virginia Tech Applied Research Corporation uses E-Verify to confirm the employment eligibility of all newly hired employees. To learn more about E-Verify, including your rights and responsibilities, please visit www.E-Verify.gov.