Senior Identity Services Engineer

Position Summary

Operates and maintains the Information Security team s portfolio of Identity products. Responsible for application integration, implementation of access control systems, data analytics, report generation, incident investigation/remediation, server administration, and team leadership. Performs extensive operational and strategic level duties with the ability to serves in an architectural capacity, providing the appropriate information and planning required for new technology and policy deployments.

Essential Job Duties

• Essential Job Duties
• Design, implement, and support enterprise SSO solutions (e.g., PingFederate, Azure AD, Okta)
• Maintain and enhance access management platforms and federation infrastructure
• Lead application integrations into existing SSO frameworks using SAML, OAuth2, and OIDC
• Implement and support Role-Based Access Control (RBAC) and modern authentication methods
• Support and improve authentication strategies across the organization
• Collaborate with information security, app owners, and infrastructure teams to deliver secure identity solutions
• Troubleshoot complex authentication and federation issues across multiple environments
• Participate in IAM roadmap planning and contribute to architectural decisions
• Provide mentorship and technical guidance to IAM engineers
• Support governance efforts related to authentication, authorization, and access control standards

May require occasional on-site presence; therefore, should live within a commutable distance. No relocation assistance available.

Preferred Qualifications

• Hands-on experience with the Ping Identity platform, particularly:

• PingFederate, PingOne, PingID, PingDirectory

• Experience with MFA and Passwordless/FIDO2/WebAuthn authentication strategies
• Experience building and configuring enterprise SSO applications in Azure AD / Entra ID
• Exposure to IAM orchestration platforms such as PingOne DaVinci or similar tools
• Experience supporting cloud identity integrations (Azure, AWS, Google Cloud Platform)
• Familiarity with enterprise SSO in hybrid environments (on-prem and cloud-based apps)

• Strong documentation and communication skills
• Comfortable collaborating across technical and non-technical teams
• Ability to lead projects and mentor junior engineers

Required Qualifications

• 5+ years of Identity & Access Management experience with a strong focus on SSO and federation
• Deep technical knowledge of:

• PingFederate, Azure AD, Okta, ADFS
• Federation protocols including SAML, OIDC, and OAuth2
• LDAP, Active Directory, SCIM

• Proficiency in scripting and development with PowerShell, Python, and Java
• Experience working with REST APIs for IAM services; familiarity with Postman or similar tools
• Familiarity with OGNL expression language for customizing PingFederate policies
• Front-end UX design and customization using HTML, CSS, and JavaScript
• Basic Linux administration skills for maintaining and managing IAM infrastructure
• Working knowledge of certificates and PKI (X.509, certificate chains, signing, encryption, keystore management)
• Strong troubleshooting and debugging skills across application, identity, and network layersx
• Understanding of modern identity concepts such as Zero Trust, adaptive authentication (risk-based, device/user signals), and conditional access