Senior Identity and Access Management Engineer

About The Position

Requirements

• Minimum of seven (7) years of experience in Customer Identity and Access Management (CIAM) implementation and support, with a minimum of three (3) years within that experience focused on implementing and supporting CIAM solutions using PingOne Identity Cloud.
• Hands-on experience with Okta including SSO, MFA, federation, application integrations, and identity lifecycle management.
• Experience with IAM migration projects.
• Hands-on experience implementing authentication and authorization protocols including OAuth, OIDC, and SAML.
• Experience integrating web, mobile, and API applications with IAM platforms using token-based authentication mechanisms.
• Experience in implementing SSO, MFA, federation, and identity lifecycle management.
• Familiarity with customer registration, authentication journeys, and identity flows in CIAM platforms.
• Hands-on software development or scripting experience using languages such as Java, JavaScript, Python, or similar.
• Demonstrated knowledge of IAM best practices, including risk-based authentication and consumer data protection strategies.
• Experience supporting IRS/CMS or other relevant audits in the context of IAM.
• Experience working in Agile/Scrum environments, collaborating with product owners, scrum masters, and development teams during sprint cycles.
• Familiarity with DevOps processes, change management, and release coordination to support secure and stable deployments.
• Understanding of secure authentication patterns, token lifecycle management, and identity integration best practices.
• Experience working with enterprise security policies, identity governance practices, and compliance requirements.
• Demonstrated communication and collaboration skills with the ability to provide technical guidance to IT, delivery teams, and developers on secure IAM integration.
• Minimum of seven (7) years of experience in IAM, including work with Customer Identity and Access Management (CIAM) platforms.
• Experience working with REST API integrations for IAM services.
• Knowledge in integrating IAM systems with API gateways and backend services to ensure secure access control.
• Experience managing IAM platform configuration changes and automated deployments across development, staging, and production environments.
• Experience integrating IAM platforms with SIEM or security monitoring tools for authentication and identity event monitoring.

Nice To Haves

• Experienced in creating comprehensive reports and dashboards to communicate findings, track remediation progress, and provide visibility to management and relevant teams.
• Experience participating in sprint planning, backlog refinement, and technical design discussions to integrate identity and authentication requirements into application development.
• Motivated self-starter with initiative to take independent action and accept responsibility for your actions.
• Excellent understanding of emerging threats in the IAM landscape.
• Hands-on experience with CI/CD pipelines for IAM configuration deployments, including tools such as Jenkins.
• Experience using source control and deployment workflows with GitHub for managing IAM configuration scripts or integration code.
• Familiarity with DevOps practices and infrastructure automation supporting IAM or CIAM platform changes.
• Experience troubleshooting authentication failures, federation issues, token validation issues, and identity integrations.
• Demonstrates strong interpersonal and collaboration skills, effectively partnering with internal management, staff, and cross-functional teams as well as external partners and vendors.
• Ability to prioritize identified gaps and collaborate with cross-functional teams to ensure timely remediation and effective risk mitigation.
• Demonstrates a proactive approach by consistently identifying potential blockers and communicating them early, while maintaining a solutions-focused mindset to facilitate continued progress.
• Creative and proactive problem solver; must possess the ability to make independent decisions, set work priorities, and address issues promptly.
• Experience in developing, reviewing, and updating security standards, procedures, awareness, and training.
• Demonstrated knowledge of secure software development lifecycle (SDLC) and secure architecture design principles.

Responsibilities

• Design, develop, implement, and support customer IAM solutions utilizing PingOne IdentityCloud, and support transition to Okta where applicable.
• Build and maintain automated processes for user lifecycle management, including provisioning, deprovisioning, and role- or attribute-based access controls.
• Develop and maintain custom connectors, workflows, APIs, and scripts to integrate IAM systems with enterprise applications.
• Integrate web, mobile, and API-based cloud applications with IAM platforms using protocols such as SAML, OAuth, and OIDC.
• Implement SSO, adaptive authentication, MFA, and risk-based policies to enhance security and user experience.
• Configure and troubleshoot federation and OAuth/OIDC flows, and ensure secure session handling across systems.
• Implement and manage workflows for customer registration, login, account recovery, and profile management.
• Support migration of CIAM capabilities from PingOne Identity Cloud to Okta, including configuration, testing, validation, troubleshooting, deployment.
• Assist with migration planning, architecture design, and implementation of access and identity flows in Okta.
• Ensure IAM architecture and solutions adhere to security, privacy, regulatory, and consumer data protection requirements.
• Work closely with IT, Security, and Delivery teams to ensure secure IAM solutions across all cloud systems.
• Collaborate with delivery teams, product owners, and scrum masters to integrate IAM features into application releases.
• Participate in sprint planning, backlog refinement, and technical design discussions to ensure identity requirements are considered early in development.
• Support IAM changes during sprint release cycles, ensuring thorough testing and validation.
• Coordinate IAM-related changes with DevOps and change management teams to minimize disruptions during deployments.
• Provide guidance to IT and Delivery teams on secure authentication patterns, token usage, and best practices for IAM.
• Ensure IAM solutions align with enterprise security policies, identify gaps, and provide progress updates.
• Monitor IAM environments for authentication issues, anomalies, and performance bottlenecks.
• Document IAM architectures, integrations, and operational procedures.
• Execute and manage access recertification campaigns, ensuring timely completion and accurate audit reporting.
• Implement and maintain least-privilege and segregation-of-duties controls across IAM systems.
• Leverage microservices and API architectures to design, build, and manage IAM functionalities, enabling secure and scalable authentication, authorization, and service access controls.
• Serve as the primary technical contact with the Ping Identity support team to address environment-related issues, tenant performance concerns, incidents, and troubleshooting.
• Track vendor releases, platform updates, and new capabilities for adoption within the organization.
• Coordinate maintenance windows, patch updates, and feature releases with the Change Advisory Board, Delivery Team, and Ping Identity vendor.
• Validate vendor fixes in lower environments before production rollout.
• Monitor authentication health, login trends, and token issuance metrics.
• Perform root cause analysis for authentication and authorization incidents.
• Assist in investigations of security incidents involving identity compromise.
• Maintain detailed logging and audit trails aligned with regulatory requirements.
• Monitor IAM logs and integrate events with SIEM platforms to support security monitoring and incident response.
• Support audit activities by providing technical guidance and documentation, and act as a liaison for internal and external audit reviews as needed.
• Develop automation scripts (e.g., Python, Java, or similar) to streamline IAM processes.
• Leverage PingOne REST APIs for configuration management tasks.
• Support CI/CD deployment of IAM configurations.
• Support infrastructure-as-code initiatives where applicable.
• Assist the IAM Lead and Information Security Manager (ISM) in reviewing IAM capabilities and defining a roadmap for IAM enhancements.
• Support the development and implementation of information security awareness and training initiatives.
• Stay current on industry trends, emerging threats, and relevant technologies, and communicate key insights to the IAM Lead and ISM.
• Provide regular briefings to the IAM Lead and ISM, escalating issues and blockers as necessary.
• Perform other duties as assigned within the scope of IAM.

Benefits

• Full Salary Range: $98,842.00 to $148,263.00 annually, with midpoint at $123,552.00.
• Hiring Range: $ 113,668.00 and $123,552.00 annually.
• The actual salary offer will consider candidate experience, skills, qualifications, internal equity, and the market.
• Our compensation policy reserves the salary range above the midpoint for employees who are meeting and exceeding expectations and for growth and development, up to the maximum.