Full-Time Senior IAM Engineer (Identity Services / SSO)

Summary: Responsible for operating and maintaining the Information Security team’s portfolio of Identity products. Involves application integration, access control systems implementation, data analytics, incident remediation, server administration, and architectural planning.

• Design, implement, and support enterprise SSO solutions (PingFederate, Azure AD, Okta).
• Maintain and enhance access management platforms and federation infrastructure.
• Lead application integrations into existing SSO frameworks using SAML, OAuth2, OIDC.
• Implement and support Role-Based Access Control (RBAC) and modern authentication methods.
• Support and improve authentication strategies across the organization.
• Collaborate with security, application owners, and infrastructure teams to deliver secure identity solutions.
• Troubleshoot complex authentication/federation issues across multiple environments.
• Participate in IAM roadmap planning and architectural decision-making.
• Provide mentorship and guidance to IAM engineers.
• Support governance for authentication, authorization, and access control standards.

Required Qualifications:

• 5+ years of IAM experience focused on SSO and federation.
• Expertise in PingFederate, Azure AD, Okta, ADFS.
• Strong knowledge of SAML, OIDC, OAuth2.
• Experience with LDAP, Active Directory, SCIM.
• Proficiency in PowerShell, Python, Java scripting/development.
• Experience working with REST APIs and tools like Postman.
• Knowledge of OGNL expression language for PingFederate policy customization.
• Front-end customization skills (HTML, CSS, JavaScript).
• Basic Linux administration for IAM infrastructure.
• Understanding of certificates & PKI (X.509, signing, encryption).
• Strong troubleshooting skills across application, identity, and network layers.
• Understanding of Zero Trust, adaptive authentication, and conditional access concepts.

Preferred Qualifications:

• Hands-on experience with Ping Identity platform: PingFederate, PingOne, PingID, PingDirectory.
• MFA and Passwordless/FIDO2/WebAuthn authentication strategies.
• Experience configuring enterprise SSO apps in Azure AD / Entra ID.
• Exposure to IAM orchestration (PingOne DaVinci or similar).
• Experience with cloud identity integrations (Azure, AWS, GCP).
• Experience in hybrid (on-prem + cloud) SSO environments.
• Strong documentation, communication, and cross-team collaboration skills.
• Ability to lead projects and mentor junior engineers.

What is the last date for applying to the job?

Which countries are accepted for this remote job?