Senior Identity DevOps Engineer (IAM / Ping Suite)

We are seeking a highly skilled Senior Identity DevOps Engineer to join our Identity and Access Management (IAM) team. In this role, you will operate as a true "Identity DevOps" specialist, balancing the engineering of complex single sign-on (SSO) architectures with the automated orchestration of our deployment pipelines.

Your core mission will be to own the onboarding of new application intakes, manage complex hybrid/cloud identity environments, and aggressively automate infrastructure using Infrastructure as Code (IaaC). This role requires a technical "Swiss Army Knife" who can deep-dive into legacy Java-based custom adapters on-premise, while simultaneously accelerating our cloud-native modernization and migration to PingOne.

Key Responsibilities

IAM Engineering & Platform Integration

• Own New Application Intakes: Partner with business units and external vendors to design, document, and execute end-to-end SSO integrations from initial intake to production deployment.

• Architect Ping Suite Solutions: Design and maintain advanced configurations within PingFederate and PingOne, including complex Policy Contract Vectorings (PCVs), custom selectors, and multi-factor authentication (MFA) logic.

• Orchestrate Orchestration Workflows: Leverage PingOne DaVinci to build user journeys, custom API connectors, and self-service registration/recovery flows.

• Bridge Hybrid Environments: Manage and support identity flows seamlessly stretching across on-premise infrastructure, Microsoft 365 (M365) SSO, and Microsoft Entra ID.

• Legacy Refactoring: Troubleshoot, maintain, and extend legacy Java-based custom adapters constructed on Java/J2EE architectures.

DevOps, Automation & Infrastructure

• Identity as Code (IaaC): Maintain, extend, and deploy Ping infrastructure templates utilizing Terraform, Helm charts, and containerized workloads in Google Kubernetes Engine (GKE).

• CI/CD Pipeline Management: Manage and optimize automated build and deployment pipelines within Jenkins and Git to drive high-velocity implementation with zero downtime.

• Scripting & Automation: Proactively eliminate manual support tasks by creating robust automation scripts using Python and PowerShell for automated testing, log parsing, and data validation.

Operations, Migration & Support

• Cloud Migration Execution: Act as a core technical driver in the strategic migration of legacy on-premise PingFederate architectures over to cloud-native PingOne ecosystems.

• Production Support Ownership: Independently investigate, troubleshoot, and resolve high-severity, cross-system identity incidents.

• Rotational Support: Provide dependable production support coverage on a rotational basis to safeguard system availability, uptime, and strict security standards.

Required Qualifications & Competencies

Technical Competencies

• Ping Suite Expertise: * Advanced, deep-dive proficiency in PingFederate (Custom PCVs, token translations, complex data stores, custom authentication policies).

  • Strong hands-on proficiency in PingOne (PingOne SSO, PingOne MFA, and PingOne DaVinci journey mapping).

• Identity Protocol Mastery: Comprehensive understanding of modern federation standards, including SAML 2.0, OIDC, OAuth 2.0, and WS-Federation.

• Cloud-Native Toolstack: Demonstrated experience managing identity nodes in Google Cloud Platform (Google Cloud Platform) environments utilizing GKE, Kubernetes, Docker containerization, Terraform, and Helm.

• Development & Scripting: Strong programming baseline in Java/J2EE (specifically for maintaining custom adapter code), alongside automation languages like Python and PowerShell.

• Enterprise Directory Ecosystems: Deep familiarity with Microsoft Entra ID, Azure enterprise applications, and hybrid Active Directory patterns.

Behavioral & Operational Competencies

• Autonomy & Velocity: A self-starter capable of taking an ambiguous application intake requirement, engineering the solution framework, and driving it to completion independently.

• Analytical Problem Solving: Skilled at breaking down complex user lifecycle workflows into independent, secure token transformation steps.

• Cross-Functional Collaboration: Exceptional communication skills with the ability to translate complex identity rules and architectural patterns into practical solutions for non-identity business stakeholders.

Education & Experience Guide

• Education: Bachelor’s degree in Computer Science, Information Technology, Cyber Security, or a closely related engineering field.

• Experience: 6+ years of specialized experience in Identity and Access Management (IAM) engineering, with at least 3+ years operating natively inside an Agile DevOps / Infrastructure-as-Code environment.

• Preferred Certifications: Ping Identity Certified Professional/Expert (PingFederate or PingOne), HashiCorp Certified: Terraform Associate, or Certified Kubernetes Administrator (CKA).