ForgeRock Identity Gateway (IG)/PingGateway, Engineer

About The Position

Requirements

• Bachelor’s degree and 5 years of experience or 9 years with a HS diploma/equivalent
• 5+ years in Identity and Access Management (IAM)
• Hands-on experience with ForgeRock IG / PingGateway or similar API gateway/IAM reverse proxy solutions
• Experience in enterprise or federal environments
• Experience working in Agile/Scrum teams
• ForgeRock IG / PingGateway (route configuration, scripting, policy design) experience
• Familiarity in OAuth 2.0, OpenID Connect, SAML 2.0, JWT, LDAP
• Groovy and JavaScript scripting experience
• Experience in REST APIs and microservices security
• Familiarity in Kubernetes, Docker, and CI/CD pipelines
• LDAP/Active Directory integration experience
• Understanding of Zero Trust architecture (NIST SP 800-207)
• Familiarity with cloud platforms (AWS, Azure, or GCP)
• U.S. Citizenship required
• Must be able to obtain and maintain the required agency clearance

Nice To Haves

• ForgeRock or Ping Identity certifications
• CISSP, Security+, or similar cybersecurity certifications
• Experience with PingAuthorize or externalized authorization models
• Experience with federal IAM programs (FSA, DHS, DoD, etc.)
• Knowledge of observability tools (Prometheus, OpenTelemetry)
• Experience with SailPoint, Okta, or CyberArk
• Familiarity with advanced security topics (mTLS, FAPI, PKI, or post-quantum crypto)
• Agile/SAFe certifications

Responsibilities

• Design, configure, and maintain PingGateway (ForgeRock IG) as an identity-aware reverse proxy
• Manage HTTP/S traffic routing, TLS termination, and load balancer integrations
• Enforce identity and access policies at the network edge
• Develop and maintain JSON-based route configurations and gateway policies
• Implement filters, handlers, and scripts for request/response transformation
• Support credential replay, token injections, and header manipulation for legacy apps
• Secure APIs using PingGateway microgateway capabilities
• Implement OAuth 2.0 resource server patterns and token validation
• Integrate with external authorization systems (e.g., PingAuthorize)
• Implement SSO, MFA, and federated identity flows
• Configure OAuth 2.0, OpenID Connect (OIDC), and SAML integrations
• Support migration of legacy identity protocols to PingOne Advanced Identity Cloud
• Implement gateway-based Policy Enforcement Points (PEP) within a Zero Trust architecture
• Enforce adaptive authentication and risk-based access controls
• Develop Groovy and JavaScript scripts for custom gateway behavior
• Build custom authentication, token handling, and audit logging logic
• Configure logging, metrics, and audit trails for gateway traffic
• Integrate with enterprise SIEM and monitoring tools (e.g., Prometheus, OpenTelemetry)
• Deploy PingGateway in Docker and Kubernetes environments
• Support CI/CD pipelines and infrastructure-as-code practices
• Work with hardened container environments for federal systems
• Integrate PingGateway with ForgeRock components (AM, IDM, DS)
• Support identity flows across hybrid and cloud environments
• Provide L3 support for production incidents
• Perform root cause analysis and resolve complex identity and routing issues
• Ensure high availability and performance of gateway services
• Ensure compliance with FISMA, FedRAMP, NIST, and federal IAM standards
• Support audits, security assessments, and continuous monitoring requirements
• Participate in design reviews and agile ceremonies

Benefits

• overtime
• shift differential
• discretionary bonus