Senior Specialist, Lead Zero Trust Identity Security Engineering

About The Position

Requirements

• Undergraduate degree in a related field or the equivalent combination of training and experience.
• 12+ years of experience in Identity & Access Management engineering.
• Skilled in using DevOps tools and experience in Policy as code.
• Deep hands‑on expertise with Okta (Workforce Identity, MFA, SSO, policies, lifecycle).
• Strong working knowledge of Ping Identity products (PingFederate, PingOne, Ping Directory) or equivalent platforms.
• Expert understanding of identity standards: OAuth 2.0, OIDC, SAML Federation and token‑based security.
• Proven experience with directory services & LDAP (AD, cloud directories).
• Experience building identity platforms in AWS/GCP, including containerized/Kubernetes deployments.
• Strong troubleshooting skills for complex authentication and federation failures.
• Ability to operate in high‑visibility, high‑impact environments.

Responsibilities

• Serve as technical lead for workforce identity platforms, with Okta as the primary IdP and integrations to complementary platforms (e.g., Ping/Entra Identity).
• Own end‑to‑end identity architecture, including authentication flows, federation, directory integrations, and token issuance.
• Lead design reviews and decisions for IdP resiliency, failover, and supplier‑risk mitigation strategies.
• Document existing and new architecture and act as a hands‑on engineer while also setting technical direction, patterns, and standards.
• Design and troubleshoot identity flows using OAuth 2.0 / OIDC SAML 2.0 SCIM JWT / token‑based auth.
• Ensure token parity, claim consistency, and issuer abstraction across identity providers to minimize application impact.
• Partner with application teams to enable modern authentication without app re‑architecture.
• Engineer and maintain directory integrations across Active Directory, Okta UD, and cloud directories (e.g., Ping Directory).
• Design attribute models, lifecycle management, and group strategies at enterprise scale (thousands of groups, large population sizes).
• Support directory deployments in cloud‑native environments (AWS/GCP, containers, Kubernetes).
• Build and operate identity infrastructure in AWS/GCP/Azure, using Infrastructure & Policy as Code (Terraform / CloudFormation) and Kubernetes & containerized identity services.
• Automate provisioning, deployment, monitoring, and drift detection for identity platforms.
• Support SRE‑style operational maturity: SLIs/SLOs, alerting, incident response, and runbooks for identity services.
• Design identity controls aligned to Zero Trust principles and enterprise security policies.
• Partner with CSOC, audit, and risk teams on control validation, incident response, and regulatory and audit requirements (SOX, SOC, internal controls).
• Contribute to risk assessments related to supplier dependency, SPOFs, and identity outages.
• Work closely with security architecture, infrastructure, application engineering, IAM operations, and vendors.
• Influence roadmap decisions through clear technical reasoning and executive‑ready communication.
• Mentor senior and mid‑level engineers and raise overall identity engineering maturity.