Senior Identity Services Engineer

Senior Identity Services Engineer

Position Summary

Operates and maintains the Information Security team s portfolio of Identity products. Responsible for application integration implementation of access control systems data analytics report generation incident investigation/remediation server administration and team leadership. Performs extensive operational and strategic level duties with the ability to serves in an architectural capacity providing the appropriate information and planning required for new technology and policy deployments.

Essential Job Duties

• Essential Job Duties

• Design implement and support enterprise SSO solutions (e.g. PingFederate Azure AD Okta)

• Maintain and enhance access management platforms and federation infrastructure

• Lead application integrations into existing SSO frameworks using SAML OAuth2 and OIDC

• Implement and support Role-Based Access Control (RBAC) and modern authentication methods

• Support and improve authentication strategies across the organization

• Collaborate with information security app owners and infrastructure teams to deliver secure identity solutions

• Troubleshoot complex authentication and federation issues across multiple environments

• Participate in IAM roadmap planning and contribute to architectural decisions

• Provide mentorship and technical guidance to IAM engineers

• Support governance efforts related to authentication authorization and access control standards

May require occasional on-site presence; therefore should live within a commutable distance. No relocation assistance available.

Preferred Qualifications

• Hands-on experience with the Ping Identity platform particularly:

• PingFederate PingOne PingID PingDirectory

• Experience with MFA and Passwordless/FIDO2/WebAuthn authentication strategies

• Experience building and configuring enterprise SSO applications in Azure AD / Entra ID

• Exposure to IAM orchestration platforms such as PingOne DaVinci or similar tools

• Experience supporting cloud identity integrations (Azure AWS GCP)

• Familiarity with enterprise SSO in hybrid environments (on-prem and cloud-based apps)

• Strong documentation and communication skills

• Comfortable collaborating across technical and non-technical teams

• Ability to lead projects and mentor junior engineers

Required Qualifications

• 5 years of Identity & Access Management experience with a strong focus on SSO and federation

• Deep technical knowledge of:

• PingFederate Azure AD Okta ADFS

• Federation protocols including SAML OIDC and OAuth2

• LDAP Active Directory SCIM

• Proficiency in scripting and development with PowerShell Python and Java

• Experience working with REST APIs for IAM services; familiarity with Postman or similar tools

• Familiarity with OGNL expression language for customizing PingFederate policies

• Front-end UX design and customization using HTML CSS and JavaScript

• Basic Linux administration skills for maintaining and managing IAM infrastructure

• Working knowledge of certificates and PKI (X.509 certificate chains signing encryption keystore management)

• Strong troubleshooting and debugging skills across application identity and network layersx

• Understanding of modern identity concepts such as Zero Trust adaptive authentication (risk-based device/user signals) and conditional access