T and T Consulting Services, Inc. · 1 month ago
Senior IAM Engineer Identity Broker Architect
DOC NOAA OCIO IMS , Silver Spring, MD, US
Full-time
Onsite
Senior Level
$122K/yr - $160K/yr
5+ years expT and T Consulting Services, Inc. is seeking a Senior Identity & Access Management (IAM) Engineer / Identity Broker Architect to lead the design and implementation of the Logbook Identity Management Broker for OpenID (LIMBO) for NOAA. This role involves creating a mission-critical identity broker for secure authentication, integrating with existing systems, and ensuring compliance with federal security standards.
ConsultingInformation TechnologySoftware
Responsibilities
Design and build the LIMBO identity broker that supports:
OIDC Authorization Code Flow with PKCE (S256)
JWT access tokens signed with RS256
Standard OIDC endpoints: /authorize, /token, /userinfo, /jwks, /.well-known/openid-configuration
Implement SAML 2.0 Service Provider capabilities including:
Signed assertions and responses
HTTP Redirect & POST bindings
Metadata import/export
Configurable SAML attribute → OIDC claim mapping
Integrate with NOAA ICAM to enable CAC/PIV authentication for NOAA staff
Integrate with NOAA’s Login.gov federation broker for public user authentication
Build secure APIs and UI flows to link Login.gov identities with existing legacy systems:
PIMS (Appian) via validation-code workflow
GARFO Certify (REST API)
Store and maintain user-to-permit associations in a relational data model
Implement permit-access revocation workflows for ownership changes
Design relational database schema to preserve identity & authorization data
Implement automated unit, integration, and load tests for all login flows
Deliver containerized application builds that meet NMFS OCIO standards
Provide documentation, technical training, and post-deployment support
Collaborate closely with ECL development teams and NOAA operations staff
Qualification
Required
5–8+ years backend engineering experience, including 3+ years in IAM
Expert-level knowledge of OpenID Connect (OIDC)
Expert-level knowledge of OAuth 2.0 / 2.1
Expert-level knowledge of SAML 2.0 federation
Expert-level knowledge of PKCE, JWT/JWS/JWKS, RS256 signing
Experience building or customizing identity brokers
Experience building or customizing authorization servers
Experience building or customizing SAML SP integrations
Experience with at least one modern backend stack: Java (Spring Boot) or Node.js (NestJS or Express)
REST API design and secure credential handling
Relational databases (PostgreSQL/MySQL)—schema design, migrations
Docker containerization and CI/CD pipelines
Automated testing frameworks (JUnit, Jest, Mocha, Postman/Newman, etc.)
Experience in federal or regulated environments
Understanding of CAC/PIV, MFA, FedRAMP/NIST 800-63 guidelines
Preferred
Prior integration experience with ICAM, Login.gov, Azure AD, or similar
Experience supporting mobile/PWA apps using OIDC login
Familiarity with Appian-based systems (e.g., PIMS)
Experience with large-scale identity consolidation or migration projects
Benefits
Health
Dental
Vision
Life insurance coverage
401(k) plan
Training programs
Accrued paid time off (PTO)
Performance based monthly & quarterly awards
Paid holidays
Customer kudo rewards
Company
T and T Consulting Services, Inc.
T and T Consulting Services, Inc.
51-200 employees
H1B Sponsorship
T and T Consulting Services, Inc. has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (4)
2024 (1)
2023 (2)
2022 (6)
2021 (3)
2020 (6)
Funding
Current Stage
Growth StageLeadership Team
Sophia Tong
CEO
Gene H.
Chief Information Officer
Recent News
Washington Business Journal
2025-01-10
2024-11-27
Company data provided by crunchbase