ForgeRock Identity Engineer - Fort Mill, SC

Job Title: Senior ForgeRock Identity Engineer
Contract-to-Hire
Preferred Location: Fort Mill, SC, LPL Financial, 1055 LPL Wy, Fort Mill, SC 29715
In office Requirement: 5 days per week in office, (some flexibility available as they build trust)

Position Summary
The Senior Identity Engineer will join LPL Financial s Information Security department, focusing on developing, integrating, and deploying Identity & Access Management (IAM) solutions for a geographically dispersed enterprise. This role manages and enhances the suite of IAM products, supporting both ongoing initiatives and new application onboarding. The engineer will work closely with application developers, vendors, and business units to configure, test, and implement IAM solutions that align with enterprise IT strategies.
This is a hands-on engineering role - the ideal candidate will be able to build journeys, write scripts, and execute complex integrations without heavy oversight.

Key Responsibilities

• Engineer, implement, and support IAM solutions using ForgeRock Identity Cloud (preferred) or other ForgeRock IAM technologies.
• Design and develop provisioning and de-provisioning processes and workflows for accounts across internal and external systems.
• Configure and develop adapters/connectors with various systems and databases.
• Set up and troubleshoot SAML (IDP and SP) and OAuth 2.0 SSO connections.
• Develop and configure access control roles for compliance (SOX).
• Build and maintain custom scripts, particularly in JavaScript (including SAML attribute mappings).
• Work closely with Information Security and Compliance teams to provide auditing, reporting, and access governance.
• Integrate ForgeRock solutions with in-house and third-party applications for provisioning, approvals, and workflows.
• Support ongoing migration from on-prem ForgeRock and PingFed to ForgeRock Identity Cloud.
• Perform Level 2/3 IAM technical support, troubleshooting, and maintenance.
• Collaborate with enterprise and business teams to enhance IAM capabilities and onboard new applications.
• Participate in after-hours work for critical deployments or escalations as needed.

Qualifications

• Bachelor s degree in IT, Computer Science, or related field.
• 4+ years experience with ForgeRock IAM (Identity Cloud or on-prem).
• 1+ years experience with PingFederate.
• Strong scripting skills: JavaScript, shell/Perl, LDAP APIs, SAML attribute mappings.
• Proven experience with SAML and OAuth 2.0 integrations.
• Familiarity with AM/IBM AM or PingFed is acceptable; migration experience a plus.
• Experience with Oracle, SQL Server, and relational databases.
• Unix/Linux administration skills.
• Experience in SOX-controlled environments.
• Strong problem-solving and troubleshooting skills.
• Ability to work with geographically distributed teams.