Role Overview
As a ForgeRock Architect, you will own the end-to-end technical strategy, design, and architecture for our enterprise Identity and Access Management (IAM) and Customer Identity (CIAM) ecosystems. You will bridge the gap between business risk and cutting-edge security engineering—leading cloud modernization strategies, defining identity lifecycles, and converting legacy stacks into unified, secure, standards-based identity experiences.
Responsibilities:
· Design and lead high-availability (HA), multi-region architectures leveraging the full ForgeRock stack (AM, IDM, DS, IG) and PingOne Advanced Identity Cloud (AIC).
· Architect and implement complex, risk-based user journeys using ForgeRock Intelligent Access Trees, multi-factor authentication (MFA), and adaptive/contextual access control.
· Define enterprise standards for Single Sign-On (SSO), Identity Federation, and Fine-Grained Authorization using OAuth 2.0, OpenID Connect (OIDC), and SAML 2.0.
· Oversee Identity Management (IDM) workflow development, user provisioning, role-based access control (RBAC), and directory schema customization on ForgeRock Directory Services (DS).
· Drive modern deployment strategies using ForgeOps, Kubernetes, Docker, and CI/CD pipelines across public cloud landscapes (AWS, Azure, or Google Cloud Platform).
· Act as the ultimate technical authority for IAM troubleshooting, performance tuning, and database/platform migrations while mentoring a dedicated team of IAM engineers.
Required Skills & Experience
Technical Expertise
· 8+ years in Cybersecurity/IAM, with at least 4+ years of dedicated hands-on experience designing and implementing ForgeRock solutions.
· Proficient in configuring and extending ForgeRock Access Management (AM), Identity Management (IDM), Directory Services (DS), and Identity Gateway (IG).
· Mastery of modern federation frameworks: SAML 2.0, OAuth 2.0, OIDC, SCIM, and LDAP.
· Strong experience writing customized authentication nodes and custom workflows using JavaScript, Java, or Groovy script.
· Solid grounding in microservices infrastructure (Docker, Kubernetes) and deploying cloud-hosted IAM stacks.
Soft Skills & Leadership
· Proven ability to translate complex security requirements into clear, scannable roadmaps for C-suite Executives and business owners.
· Advanced root-cause analysis skills using enterprise monitoring and logging tools (e.g., Splunk, AppDynamics).
Preferred Qualifications and certifications:
· Experience migrating on-premise ForgeRock legacy workloads to PingOne Advanced Identity Cloud (AIC).
· ForgeRock / Ping Identity Certifications (e.g., ForgeRock Certified Access Management Specialist or Architect).
· Background designing IAM solutions within strictly regulated frameworks (e.g., Open Banking/SCA, HIPAA, GDPR).