Ping Identity SSO Solutions Engineer - Cloud Migration

Role Overview

Join the IAM organization of a major global financial institution to lead a large-scale migration from on-prem PingFederate/PingAccess to a cloud-first architecture across AWS, Azure (Entra ID), and Google Cloud Platform. You'll be hands-on with policy design, application onboarding, federation, MFA/step-up, and zero-downtime cutovers, partnering closely with the Lead SSO Architect to turn patterns into reliable, repeatable deployments. This is a Ping-first environment with a clear roadmap and high impact at enterprise scale.

Impact & Value

• Enable secure, low-friction authentication for millions of users during a marquee cloud transformation.
• Build deep experience in multi-cloud federation and identity orchestration with Ping.
• Ship changes safely and on schedule in a high-visibility, production-grade environment.

Key Responsibilities

Identity & Federation

• Configure and onboard apps to PingFederate/PingAccess, implementing SAML/OIDC/OAuth connections, attribute/claim mapping, and certificate/key rotation.
• Design and maintain SSO policies, including MFA/step-up (PingID/PingOne MFA) and risk-based authentication that preserve user experience during hybrid cloud phases.
• Stand up and support federation to AWS, Azure (Entra ID), and Google Cloud Platform-manage metadata, audiences/issuers, and role/permission mappings.

Provisioning & Directory

• Implement SCIM/PingIDM provisioning/deprovisioning workflows for Cloud IAM targets; troubleshoot sync issues and reconcile entitlements.
• Integrate with Active Directory/LDAP and contribute to PingDirectory usage patterns.

Migration Execution & Reliability

• Execute migration runbooks: pre-prod validation, canary/blue-green cutovers, rollback plans, and post-cutover hardening.
• Operate and improve Git-based CI/CD pipelines for Ping configurations and secrets; contribute integration/regression/performance tests for auth flows.
• Monitor and triage production via headers/logs/telemetry (latency, token issuance errors, auth success rates); reduce MTTR with clean fixes.

Engineering & Delivery

• Contribute to story refinement and acceptance criteria; work across teams (app owners, security, infra, compliance) to deliver system requirements.
• Define and improve deployment pipelines, environment standards, and quality controls; identify and close gaps in environment management.
• Document and communicate deployment, maintenance, support, and business functionality; maintain operational runbooks and audit/control evidence.

Required Qualifications

Experience:

• 5+ years focused in IAM/SSO engineering within large enterprises.
• Ping Expertise: PingFederate, PingAccess & PingDirectory
• Protocols & Standards: OAuth 2.0, OpenID Connect, SAML, SCIM, LDAP; familiarity with FIDO, risk-based auth, and MFA (PingID/PingOne).
• Cloud Federation: Direct experience federating AWS, Azure/Entra ID, Google Cloud Platform and supporting production.
• Provisioning: PingIDM/SCIM identity sync to Cloud IAM targets.
• Development & Scripting: Proficiency in Shell, Python, PowerShell; Java/J2EE experience for custom adapters/integration.
• Platforms & Web: Comfortable with Linux/Windows, Tomcat, WebLogic, IBM WebSphere; web techs HTML, XML, XSL/XSLT, XPath, JavaScript.
• APIs: Understanding of RESTful services, API design, and modern app interaction patterns.
• Delivery Tooling: Git-based CI/CD, secrets management, and test automation.
• Troubleshooting: Strong ability to diagnose protocol/header issues, token errors, policy misconfigurations, and directory sync problems.
• Soft Skills: Clear communication, cross-functional collaboration, and leadership-influence without direct reports.

Preferred / Nice-to-Have

• PingIDM workflow customization and custom adapters (Java preferred; willingness to pair with developers).
• Hands-on with HA/DR, blue/green deploys, and observability stacks for auth services.
• Prior enterprise hybrid cloud migration execution.
• Holistic IAM view across authentication/authorization data, endpoint security, network security, and policy engines.
• Experience deploying large-scale, global programs in regulated environments; familiarity with IT security & risk practices.
• Knowledge of privileged access management.

We reserve the right to pay above or below the posted wage based on factors unrelated to sex, race, or any other protected classification.
Eligibility requirements apply to some benefits and may depend on your job classification and length of employment. Benefits are subject to change and may be subject to specific elections, plan, or program terms. This temporary role may be eligible for the following:

• Medical, dental & vision
• 401(k)/Roth
• Insurance (Basic/Supplemental Life & AD&D)
• Short and long-term disability
• Health & Dependent Care Spending Accounts (HSA & DCFSA)
• Transportation benefits
• Employee Assistance Program
• Time Off/Leave (PTO, Vacation or Sick Leave)

Job Type & Location
This is a Contract to Hire position based out of Denver, CO.
Pay and Benefits
The pay range for this position is $60.00 - $78.00/hr.
Eligibility requirements apply to some benefits and may depend on your job classification and length of employment. Benefits are subject to change and may be subject to specific elections, plan, or program terms. If eligible, the benefits available for this temporary role may include the following: Medical, dental & vision Critical Illness, Accident, and Hospital 401(k) Retirement Plan - Pre-tax and Roth post-tax contributions available Life Insurance (Voluntary Life & AD&D for the employee and dependents) Short and long-term disability Health Spending Account (HSA) Transportation benefits Employee Assistance Program Time Off/Leave (PTO, Vacation or Sick Leave)
Workplace Type
This is a fully onsite position in Denver,CO.
Application Deadline
This position is anticipated to close on Mar 25, 2026.
>About TEKsystems:
We're partners in transformation. We help clients activate ideas and solutions to take advantage of a new world of opportunity. We are a team of 80,000 strong, working with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe and Asia. As an industry leader in Full-Stack Technology Services, Talent Services, and real-world application, we work with progressive leaders to drive change. That's the power of true partnership. TEKsystems is an Allegis Group company.

The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.

About TEKsystems and TEKsystems Global Services

We're a leading provider of business and technology services. We accelerate business transformation for our customers. Our expertise in strategy, design, execution and operations unlocks business value through a range of solutions. We're a team of 80,000 strong, working with over 6,000 customers, including 80% of the Fortune 500 across North America, Europe and Asia, who partner with us for our scale, full-stack capabilities and speed. We're strategic thinkers, hands-on collaborators, helping customers capitalize on change and master the momentum of technology. We're building tomorrow by delivering business outcomes and making positive impacts in our global communities. TEKsystems and TEKsystems Global Services are Allegis Group companies. Learn more at TEKsystems.com.

The company is an equal opportunity employer and will consider all applications without regard to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.