Job Profile:

Software Engineering T4

JR Type:

Conditional

Job Category:

Engineering

Minimum Clearance Required to Start:

None

Percentage of Travel Required:

Up to 10%

Type of Travel:

Continental US

Program/Opportunity Name:

Program | CNAPS Team 2

Referral Bonus Plan:

$1,000 - Standard* * *

Job Description:

The Opportunity:
Support our DOD/AF customer with cloud native solutions that implement the customer’s Zero Trust objectives. Be part of an agile development team building DevSecOps solutions for the customer’s enterprise development projects. This is an opportunity for a US citizen to work remotely within the USA.

***This is a 3-month position (Sept– Dec 2025) with strong possibility of extension through June 2026.***

Responsibilities:

• Develop and manage Keycloak Identity Management solutions for Platform One.

• Maintain and enhance custom Keycloak realms, themes, and identity flows (OIDC, OAuth2, SAML).

• Design and deploy identity-focused Kubernetes-native solutions.

• Build and maintain CI/CD pipelines, automated test frameworks, and secure production deployments.

• Ensure compliance with DoD and DAF directives (e.g., STIGs, RMF, ATO).

• Provide operational support including incident response and tiered ticket troubleshooting.

• Support RBAC/ABAC implementation and ICAM Federation compliance requirements.

Qualifications:

Required:

• 7+ years Development & DevSecOps experience w/ Bachelors or additional relevant experience

• US Citizenship & Eligibility to obtain a US Secret Clearance

• 2+ years experience with Keycloak, including realm configuration, protocol integrations (OIDC/SAML), and custom theming.

• 3–5 years of Java development experience, ideally from a software engineering background.

• 2–5 years experience with scripting and automation using Python, Bash, or similar.

• 3–5 years experience designing and deploying Kubernetes-based solutions.

• Experience with CI/CD pipelines, containerization, and secure DevSecOps practices.

• Familiarity with DoD compliance requirements, such as ATO, STIGs, FedRAMP.

Desired:

• Experience with CAC authentication, PIV tokens, and client-side PKI certificate handling.

• Experience working in AWS environments (CLI and SDK).

• Okta experience is a strong plus (especially Federation Practice Statement development and migration from Keycloak).

• Experience with ATO/accreditation processes.

• Familiarity with scanning and compliance tools like RMF, ACAS, twistlock, PrismaCloud.

• Proven ability to work across multi-tenant identity services, supporting thousands of users and integrating with microservices.

CACI is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, age, national origin, disability, status as a protected veteran, or any other protected characteristic.

Pay Range: There are a host of factors that can influence final salary including, but not limited to, geographic location, Federal Government contract labor categories and contract wage rates, relevant prior work experience, specific skills and competencies, education, and certifications. Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives. We offer competitive compensation, benefits and learning and development opportunities. Our broad and competitive mix of benefits options is designed to support and protect employees and their families. At CACI, you will receive comprehensive benefits such as; healthcare, wellness, financial, retirement, family support, continuing education, and time off benefits. Learn more here.

Since this position can be worked in more than one location, the range shown is the national average for the position.

The proposed salary range for this position is:

$98,500-$206,800