IAM Engineer (Ping Identity / LDAP)

Job Title: Ping Identity / LDAP Administrator

Location: Miami, FL (On-Site)

Duration: 6-12 month contract with multiple extensions 

Rate: $60/hr on W2

Job Summary

The Ping Identity / LDAP Administrator is responsible for the design, implementation, maintenance, and support of the Enterprise Identity and Access Management (EIAM, IAM and PAM) infrastructure running on Amazon Web Services (AWS).

Key Responsibilities

1. Architecture & Administration

• Directory Operations: Configure, tune, and maintain LDAP infrastructure (e.g., PingDirectory) hosted on Amazon EC2 or containers, optimizing for replication performance across AWS regions.
• Access Management: Administer PingFederate and PingAccess policies, custom adapters, and federation setups (SAML, OAuth, OIDC) hosted in the Cloud.
• Policy Management: Design and maintain access control policies, authentication schemes, and authorization rules.
• Data Synchronization: Oversee data replication, synchronization, and integrity across multiple directory instances and environments.
• Migration: Lead or support lift-and-shift or refactoring initiatives to migrate legacy LDAP and Ping architectures to AWS.

2. Integration & Support

• SSO Federation: Configure and troubleshoot Single Sign-On (SSO) integrations using protocols such as SAML 2.0, OAuth 2.0, OIDC (OpenID Connect), and WS-Federation.
• Application Onboarding: Partner with internal application teams to integrate custom and third-party SaaS applications into the identity platform.
• API Security: Implement and secure API gateways using PingAccess or similar tools.
• Troubleshooting: Provide technical support for complex identity, authentication, and directory service issues.

3. Security & Compliance

• Cloud Security: Implement AWS security best practices utilizing AWS IAM, Security Groups, VPC ACLs, and AWS Secrets Manager to protect directory data and API keys.
• Audit & Logging: Monitor system logs and audit trails to detect potential security breaches or operational anomalies.
• Certificates: Manage the lifecycle of SSL/TLS and signing certificates used within the IAM infrastructure.

Required Skills & Qualifications

Technical Skills

• Directory Expertise: Deep understanding of LDAP schemas, object classes, attributes, tree structures, and ACIs (Access Control Instructions).
• IAM Tools: Proven hands-on experience with PingFederate, PingDirectory, and PingAccess.
• Protocols: Strong knowledge of federation protocols (SAML, OAuth, OIDC) and network protocols (TCP/IP, DHCP, DNS).
• Scripting: Proficiency in scripting languages (e.g., Python, PowerShell, Bash, or Shell) for automating administrative tasks.
• Operating Systems: Comfortable navigating and administering both Linux/Unix and Windows Server environments.

Soft Skills & Experience

• Experience: 3+ years of dedicated experience in Identity and Access Management with a focus on LDAP and Ping products on Cloud env.
• Problem-Solving: Strong analytical skills to diagnose complex federation and replication issues across disparate networks.
• Collaboration: Ability to work closely with Cloud Architects, DevOps Engineers, and Security teams to enforce enterprise-wide IAM policies.

Preferred Qualifications

• Certifications: Ping Certifications: Ping Identity Certified Professional or Expert.
• Cloud Experience: Experience migrating legacy on-premises LDAP/Ping infrastructures to cloud environments (AWS, Azure, Google Cloud Platform).
• DevOps/CI-CD: Familiarity with containerization (Docker, Kubernetes) and infrastructure as code (Terraform, Ansible) for deploying IAM solutions.