Tier 2 Analyst (Identity Management)_1158
Company Profile Lalaith Astor Technical Consulting House (LATCH) provides technical consulting services to the US Federal Government. We provide dependable high-quality solutions as well as innovative architecture, engineering, and functional designs. Our core values enable us to bring unique viewpoints as we approach our work such as understanding and adopting the client’s mission; delivering technical solutions that are aligned to client goals, objectives, and budgets; empowering clients through systems engineering and technical assistance (SETA) services; and producing high quality, value-driven work products. At LATCH, you’ll work with clients and a leadership team that empowers our people to think audaciously, welcomes differences, and encourages pride in our work while exposing and solving emerging challenges to meet impactful commitments. Job Summary The Tier 2 Analyst serves as a technically inclined intermediary between customer-facing Tier 1 support and systems-level Tier 3 engineers within the RPP ICAM Services program. This role provides hands-on troubleshooting, incident analysis, and technical escalation support for authentication, identity lifecycle, and MFA-related issues across Okta, ICAM services, and integrated enterprise systems. The analyst will investigate moderately complex identity and access problems; review authentication logs; validate provisioning and federation issues; and ensure timely and accurate communication to internal teams, stakeholders, and customers. Although previous Okta experience is beneficial, candidates with strong help desk/service desk experience and technical troubleshooting aptitude will be fully trained on the Okta platform and ICAM service model. This role is ideal for someone early in their systems/identity career seeking to gain hands-on experience in authentication, access management, security operations, and enterprise identity platforms. Responsibilities and Duties Job responsibilities and duties will include, but are not limited to, the following: Tier 2 Technical Support & Incident Handling
- Act as the first technical escalation point after Tier 1 for authentication, identity, and MFA incidents involving Okta and other ICAM components.
- Triage, investigate, and resolve user sign-in issues, MFA enrollment/verification problems (Okta Verify, SMS/Voice, YubiKey, etc.), SSO/SAML authentication failures, and identity provisioning anomalies.
- Analyze event data and authentication logs within Okta to determine root causes of failures or misconfigurations.
- Evaluate group membership, provisioning status, and account state across Okta, Active Directory, and connected applications.
Documentation, Knowledge Management & Process Support
- Document incident details, troubleshooting steps, and resolution paths clearly and thoroughly for audit and SLA purposes.
- Create and update runbooks, SOPs, troubleshooting playbooks, and knowledge base articles to support both Tier 1 and Tier 2 teams.
- Provide feedback to improve triage flows, escalation criteria, and customer-facing scripts.
Communication & Customer Engagement
- Communicate incident impact, progress, and resolution clearly to customers and internal stakeholders.
- Translate technical concepts into accessible explanations for non-technical users.
- Help de-escalate user frustration with professionalism, empathy, and well-managed expectations.
Coordination With Tiered Support Model
- Collaborate closely with Tier 1 to ensure tickets are adequately triaged and escalated with complete context.
- Escalate unresolved or platform-level issues to Tier 3 with appropriate reproduction steps, logs, technical findings, and recommended actions.
- Validate fixes and workarounds in production after Tier 3 intervention.
- Contribute to operational readiness as MFA changes and identity security enhancements increase ticket volume.
Required Qualifications and Skills The selected candidate must have the following qualifications and skills:
- 3+ years in a service desk, help desk, desktop support, Tier 1/Tier 2 environment in an IT or technical support setting.
- Strong troubleshooting ability for authentication issues, user access problems, account states, and basic identity lifecycle events.
- Ability to read and interpret system logs (Okta, identity events, authentication traces) with training provided.
- Experience writing internal documentation, technical manuals, knowledge base articles, runbooks, or user guides for both technical and non-technical audiences.
- Familiarity with core identity concepts such as SSO, MFA, accounts, groups, passwords/resets, identity attributes, and federation basics.
- Experience in using enterprise ticketing tools (e.g., ServiceNow, Rally, Jira, Remedy).
Desired Qualifications and Skills It is desirable that the candidate has the following qualifications and skills:
- Exposure to any identity platform (Okta, Azure AD/Entra ID, Ping, Duo, etc.).
- Experience with MFA technologies such as Okta Verify, TOTP apps, or hardware tokens (YubiKey).
- Basic understanding of SAML, OAuth, or other authentication protocols.
- Experience supporting federal environments or organizations with strict compliance requirements.
- Familiarity with Active Directory fundamentals (groups, accounts, OUs, lockouts).
Bonus Points For
- Hands-on experience with Okta tenant administration, identity logs, or group rule troubleshooting.
- Demonstrated ability to identify repeat technical issues and propose improvements to triage flows or documentation.
- Experience supporting identity modernization or MFA rollout projects.
- Prior work in an environment with high daily ticket volume or tight SLAs.
Required Experience
- Minimum of 3 years in a help desk, service desk, or technical customer support role.
- Experience troubleshooting technology issues.
Job Type: Full-time Pay: $65,000.00 - $75,000.00 per year Benefits:
- 401(k)
- 401(k) matching
- Dental insurance
- Health insurance
- Paid time off
- Parental leave
- Professional development assistance
- Referral program
- Vision insurance
Work Location: Remote Apply tot his job Apply To this Job