Overview
On Site
Depends on Experience
Full Time
Skills
ADFS
SSO
SAML
RBAC
OIDC
OAuth
Active Directory
LDAP
Job Details
Job Title: Senior Identity Services Engineer - FullTime
Location: NYC
Position Summary:
Responsible for operating and maintaining the Information Security team s portfolio of Identity products. Involves application integration, access control systems implementation, data analytics, incident remediation, server administration, and architectural planning for new technologies and policies.
Responsible for operating and maintaining the Information Security team s portfolio of Identity products. Involves application integration, access control systems implementation, data analytics, incident remediation, server administration, and architectural planning for new technologies and policies.
Essential Job Duties
- Design, implement, and support enterprise SSO solutions (PingFederate, Azure AD, Okta).
- Maintain and enhance access management platforms and federation infrastructure.
- Lead application integrations into existing SSO frameworks using SAML, OAuth2, OIDC.
- Implement and support Role-Based Access Control (RBAC) and modern authentication methods.
- Support and improve authentication strategies across the organization.
- Collaborate with security, application owners, and infrastructure teams to deliver secure identity solutions.
- Troubleshoot complex authentication/federation issues across multiple environments.
- Participate in IAM roadmap planning and architectural decision-making.
- Provide mentorship and guidance to IAM engineers.
- Support governance for authentication, authorization, and access control standards.
Required Qualifications
- 5+ years of IAM experience focused on SSO and federation.
- Expertise in PingFederate, Azure AD, Okta, ADFS.
- Strong knowledge of SAML, OIDC, OAuth2.
- Experience with LDAP, Active Directory, SCIM.
- Proficiency in PowerShell, Python, Java scripting/development.
- Experience working with REST APIs and tools like Postman.
- Knowledge of OGNL expression language for PingFederate policy customization.
- Front-end customization skills (HTML, CSS, JavaScript).
- Basic Linux administration for IAM infrastructure.
- Understanding of certificates & PKI (X.509, signing, encryption).
- Strong troubleshooting skills across application, identity, and network layers.
- Understanding of Zero Trust, adaptive authentication, and conditional access concepts.
Preferred Qualifications
- Hands-on experience with Ping Identity platform: PingFederate, PingOne, PingID, PingDirectory.
- MFA and Passwordless/FIDO2/WebAuthn authentication strategies.
- Experience configuring enterprise SSO apps in Azure AD / Entra ID.
- Exposure to IAM orchestration (PingOne DaVinci or similar).
- Experience with cloud identity integrations (Azure, AWS, Google Cloud Platform).
- Experience in hybrid (on-prem + cloud) SSO environments.
- Strong documentation, communication, and cross-team collaboration skills.
- Ability to lead projects and mentor junior engineers.
Other Details
- Location: Occasional on-site presence required; must be within commutable distance.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.