Key skills
Okta implementationOkta administrationIdentityAccess Management (IAM)Application onboardingAuthentication policy designIdentity lifecycle automationTechnical troubleshootingCentralized identity provider architectureApplication federation patternsMigration of legacy identity systemsFederal/regulatory IAM environmentNIST 800-53 complianceNIST 800-63B complianceSAML 2.0OIDCOAuth 2.0Okta Access GatewayActive Directory integrationLDAP integrationHRIS integrationOkta WorkflowsOkta Lifecycle ManagementOkta AD AgentsIWA AgentsPostmanPowerShellPythonSIEM integrationTerraformIAMOracleOAuthOktaSAMLLDAPActive DirectoryCommunication
About this role
ECCO Select is a talent acquisition and advisory consulting company specializing in providing technology solutions. They are seeking a highly experienced Senior Okta Implementation Engineer to support a high-priority identity modernization initiative involving the migration and integration of legacy applications into a centralized identity platform within a federal environment.
Responsibilities:
- Configure and administer Okta to support centralized identity and access management for multiple legacy and modern applications
- Execute the technical migration and cutover of legacy applications into Okta, including onboarding, federation, user assignments, groups, claims, and role mapping
- Configure, test, and troubleshoot SAML 2.0, OIDC, OAuth 2.0, and header-based authentication patterns for approved application integrations
- Support legacy application modernization, including migration away from AD FS, CA SiteMinder, Oracle IAM, or other on-premises identity providers
- Deploy and support MFA implementation, sign-on policies, enrollment policies, password policies, and access controls within the Okta ecosystem
- Build and maintain Okta configurations aligned to approved target-state IAM patterns and federal security mandates, including NIST 800-63B and applicable NIST 800-53 controls
- Manage the day-to-day health of Okta Lifecycle Management (LCM), including attribute mapping from Active Directory, LDAP, and HRIS sources and validation of automated provisioning/deprovisioning logic
- Develop and maintain Okta Workflows to support complex joiner/mover/leaver scenarios and other automation needs not addressed through standard lifecycle configuration
- Support user, group, role, claims, and entitlement alignment across applications and enterprise IAM requirements
- Manage and troubleshoot Okta AD Agents and IWA Agents, ensuring synchronization health and high availability across multiple domains and forests
- Support and troubleshoot Okta Access Gateway (OAG) for legacy applications that cannot natively support SAML or OIDC
- Perform deep technical troubleshooting across authentication flows, claims transformation, session handling, API integrations, access policies, and federation issues
- Serve as a Tier 3 escalation point for identity-related incidents, including Syslog review, audit analysis, and API-based troubleshooting using tools such as Postman
- Implement, manage, and troubleshoot integration of Okta events into the enterprise SIEM platform
- Partner with application, IAM, security, and architecture teams to resolve onboarding, authentication, and authorization issues in a compressed delivery timeline
- Contribute to implementation documentation, configuration standards, technical runbooks, and knowledge transfer to client teams
- Help maintain tenant hygiene, including remediation of orphaned accounts, stale groups, and expired API tokens
Requirements:
- 5–7+ years of experience in IAM, identity engineering, or access management roles
- At least 3 years of hands-on Okta implementation and administration experience
- Proven experience onboarding applications into enterprise identity platforms and supporting identity modernization or migration programs
- Strong understanding of centralized identity provider architecture, application federation patterns, and access policy design
- Demonstrated success supporting migration of identity-related data, access structures, and authentication patterns from siloed or legacy application models into a centralized IdP
- Experience working directly with technical teams in fast-paced client delivery environments
- Excellent verbal and written communication skills
- Experience supporting federal, regulated, or enterprise IAM environments
- Familiarity with IL4 / IL5 or similarly controlled environments strongly preferred
- U.S. Citizen only
- Active Public Trust, Secret, or Top Secret clearance, or the ability to obtain one, preferred
- Experience within federal agencies or supporting federal contractors
- Familiarity with NIST 800-53 and NIST 800-63B compliance requirements
- Experience with role mapping, entitlement alignment, user lifecycle design, and identity governance concepts
- Exposure to identity governance tools such as SailPoint
- Okta certifications such as Okta Certified Professional, Administrator, Consultant, or Architect
- Security+ or CISSP is a plus
- Familiarity with Terraform or other Infrastructure as Code approaches for Okta configuration management is a plus