Identity Developer

Privia Health

10h•$112,000 - $125,000

About The Position

Overview of the Role: Reporting to the Director of Identity Management and Assurance, the IAM Engineer plays a critical role in the design, implementation, and continuous development of Privia’s identity platforms, with primary emphasis on our customer identity and access management (CIAM) ecosystem built on Ping One Advanced Identity Cloud (ForgeRock) and secondary emphasis on SailPoint IdentityNow for workforce identity governance. This role ensures the CIAM and IGA platforms meet Privia’s identity, security, and compliance needs. The IAM Engineer develops and maintains processes for authentication, authorization, governance, maintenance, and termination of user access for both workforce and non-workforce identities. This position collaborates across departments to identify security gaps, optimize user lifecycle workflows, and strengthen overall identity posture. The IAM Engineer integrates the identity stack with systems such as Google Workspace, Workday, and other mission- and business-critical applications. They work with technical teams and business stakeholders to ensure identity workflows comply with security policies, industry standards, and best practices.

Requirements

5+ years of experience designing and building complex IAM/IGA/CIAM implementations.
5+ years of hands-on experience with Ping Identity/ForgeRock in a CIAM engineering or architecture capacity.
3+ years of hands-on experience with SailPoint IdentityNow, including configuration and management.
5+ years of experience in user provisioning and lifecycle management, with a strong engineering perspective on designing and automating identity solutions.
Experience integrating Workday with IAM, CIAM, or IGA systems, including lifecycle event automation derived from Workday data.
Strong security skills across CIAM, IAM, and IGA domains.
Must adhere to all HIPAA rules and regulations.
Experience with user provisioning in cloud environments such as Google Workspace and Google Identity; familiarity with Google Cloud Platform is preferred.
Strong understanding of access controls, authentication, and authorization models in cloud-based platforms.
Experience working with Workday as a source of truth, including ingesting identity attributes, supporting hire/term data flows, and integrating Workday with an IGA platform for automated lifecycle management.
Understanding of securing a three-tier application architecture in the context of identity and access management.
Knowledge of cloud-based security architecture, including multi-cloud environments and the differences between cloud-native applications and virtualized environments such as Citrix or VDI.
Must have advanced experience with Ping Identity (ForgeRock) as a CIAM platform, including design, configuration, implementation, and integration.
Experience with SailPoint IdentityNow strongly preferred as a supporting IGA platform for workforce lifecycle governance.
Familiarity with Workday business processes, organizational structure, and worker data models to enable accurate identity creation, attribute mapping, and downstream provisioning.
Experience with automation and scripting tools such as GAM (Google Apps Manager), Google Apps Script, Python, PowerShell, JavaScript, and other relevant languages to support identity lifecycle management.
Proficiency in REST and SCIM APIs for automating user provisioning, deprovisioning, and access management across IAM, IGA, and CIAM solutions.
Strong focus on automation, streamlining IAM processes, and identifying integration opportunities to enhance security and efficiency.
Must have expertise in designing and implementing Ping Identity (ForgeRock), including authentication flows, customer identity lifecycle management, consent, and federation.
Extensive experience with Identity Governance and Administration platforms, particularly SailPoint IdentityNow, including RBAC, ABAC, access certifications, and automated provisioning workflows.
Proven ability to integrate CIAM/IAM/IGA solutions with SSO protocols such as SAML, OAuth, and OpenID Connect to enhance security while improving user experience.
Strong background in defining and enforcing IAM policies, implementing fine-grained access controls, and managing identity lifecycle events (Joiner, Mover, Leaver) in enterprise environments.
Skilled in leading IAM architecture discussions, providing strategic technical guidance, and driving best practices across complex SaaS and cloud ecosystems.

Nice To Haves

Bachelor's Degree in Computer Science or a related field preferred.
Experience with application support for an EHR/EMR - athenaOne preferred.
Knowledge in the creation, modification, and termination of user profiles within an EHR/EMR application.

Responsibilities

Manage and perform onboarding integrations within SailPoint IdentityNow, ensuring provisioning and governance across multi-tiered enterprise applications.
Serve as the technical project manager for IGA and CIAM implementation and expansion, overseeing deployment, upgrades, and continuous improvements.
Develop and implement identity lifecycle management automations using scripting languages and APIs to streamline access provisioning and deprovisioning.
Provide technical leadership and mentor Junior IAM engineers and other colleagues to maintain and enhance the IGA platform, ensuring scalability and security.
Lead the design, development, and implementation of CIAM solution, namely Ping/Forgerock, collaborating with other engineers to enhance authentication and access management for external identities.
Create and maintain multi-tiered technical documentation for IGA/CIAM processes and integrations to ensure clarity and compliance.
Work cross-functionally with Cybersecurity, Compliance, IT, and Enterprise Application teams to align IAM/IGA initiatives with organizational security and business goals.