IAM Infrastructure Platform Engineer - Jersey City / Houston TX (Onsite)

Hi,

Hope you are doing well.

This is Rahul from ICS Global Soft. Kindly find the below job description and let me know your availability.

Role: IAM Infrastructure Platform Engineer

Location: Jersey City / Houston TX (Onsite)

Duration: Long term

Must have: Java + Go, Python, IaC ownership, ForgeRock / IAM production, Jenkins + Spinnaker, C4 + architecture docs,

Role Identity:

Profile A is the infrastructure foundation hire. This person owns the Terraform architecture, the CI/CD platform, and the IAM infrastructure layer. They write production Java and Go. They design systems using the C4 model and can present those designs to a room of non-engineers without losing the technical precision that makes the design trustworthy.

They have operated ForgeRock or an equivalent enterprise IAM platform in production. They know what breaks, why it breaks, and how to build around it.

If you have one hire to make, this is the profile to fill first.

Must-Have Requirements:

Every item in this section is a hard filter. Candidates who cannot demonstrate all of these should not be submitted.

IAM & ForgeRock Domain

• Has shipped production IAM systems using ForgeRock Identity Platform, PingFederate, Okta, or Keycloak at enterprise scale
• Understands federation protocols at an implementation level — SAML 2.0, OAuth 2.0, OpenID Connect, SCIM — not just conceptually but as things they have debugged and extended in production
• Has designed or contributed to identity architecture across multiple application integrations — SSO, MFA, delegated administration, policy-based access control
• Can articulate failure modes in IAM systems: token expiry edge cases, session management at scale, directory sync failures, and their mitigations

Infrastructure & IaC

• Has designed and owned layered Terraform module architectures — not just written modules, but defined the pattern, enforced it across teams, and migrated existing infrastructure into it
• Has worked with Terraform Enterprise (TFE) including workspace management, Sentinel policy compliance, and remote state strategies
• Multi-account, multi-region AWS — has personally dealt with state isolation, blast radius management, and cross-account IAM trust relationships
• Has operated inside constrained IaC environments — internal registries, policy engines, no direct resource creation — and delivered inside those constraints

CI/CD

• Has built or maintained Jenkins pipelines that other teams depend on — not just used Jenkins, but designed the pipeline architecture
• Has worked with Spinnaker at the integration level — pipeline templates, TFE API triggers, multi-stage deployment orchestration
• Understands the Bitbucket → Jenkins → Spinnaker → TFE trigger chain or a direct equivalent at the configuration level

Languages

• Java — production-quality. Has written backend services, not just scripts. Spring Boot or Spring Cloud experience strongly preferred given existing codebase context.
• Go — working production level minimum. Can read, debug, extend, and contribute to Go services without requiring a Go specialist alongside them.
• Python — scripting and automation level minimum.

Architecture & Communication

• Has produced C4 model architecture diagrams as a primary design artifact — not as a documentation afterthought but as the tool they use to think
• Has presented technical designs to non-engineering stakeholders and held the room — not just read slides but fielded questions and defended decisions
• Can write an Architecture Decision Record (ADR) that a new engineer would use to understand why a system is built the way it is

Professional Operating Standards

• Has delivered complex work without hand-holding — owns problems from assignment to delivery, proposes solutions rather than waiting for direction
• Has pushed back on technical decisions above them and done so in a way that was heard — not by being difficult, but by being clear and right
• Has navigated internal bureaucracy and approval processes to ship inside a large enterprise — knows how to work the system without being stopped by it

Thanks & Regards,

RAHUL

Technical Recruiter

E-mail:

Linkdin: