SSO Engineer

Design, implement, and maintain CIAM services including Identity Federation, Single Sign-On, and Multi-Factor Authentication using PingFederate, PingOne, and PingDirectory, in alignment with enterprise security, privacy, and compliance standards. Lead migrations from legacy platforms such as IBM TFIM and WebSEAL to Ping Identity solutions, ensuring seamless onboarding and interoperability. Architect and optimize CIAM platforms for performance, scalability, and resilience, supporting environments with millions of identities. Develop reusable patterns and templates for SAML and OIDC integrations, and drive custom API development and third-party integrations. Collaborate with architects, product owners, application teams, and security stakeholders to align with enterprise standards and drive innovation. Troubleshoot and resolve authentication and authorization issues during migration and operational phases. Promote a culture of continuous learning, mentoring, and knowledge sharing within the SSO engineering team. Ensure compliance with industry standards and regulatory requirements in financial or highly regulated environments. Perform other duties as assigned.Required Experience and Skills
Eight or more years of experience in Information Security or Identity Engineering. Five or more years of hands-on experience with Ping Identity products including PingFederate, PingAccess, PingDirectory, and PingOne MFA in on-premises and or cloud environments. Three or more years of experience working with SAML, OAuth, and OpenID Connect protocols. Three or more years of experience integrating SSO and MFA with enterprise applications.Preferred Qualifications
Experience with PingOne DaVinci, PingAuthorize, PingDataSync, or identity orchestration platforms. Familiarity with FDX and FAPI standards. Experience with CI CD pipelines and infrastructure as code tools such as Terraform. Strong scripting or development skills using Java, Python, or .NET Core. Experience working in hybrid cloud environments.