Job Details

Advisor Application Designer & IAM Engineer

We are seeking a highly skilled Advisor Application Designer & IAM Engineer to lead the architecture, implementation, and management of our identity ecosystems. This is a versatile role requiring deep expertise across the "Big Three" of identity: Okta, ForgeRock, and Ping Identity.

As an IAM Engineer, you will be the bridge between complex security protocols and seamless user experiences. You will design secure authentication pathways, automate identity lifecycles, and ensure our cloud and on-premise environments remain fortified and compliant.

What You Will Do

• Platform Management: Implement and optimize Okta (SSO, MFA, Workflows), ForgeRock (OpenAM, OpenIDM, OpenDJ, OpenIG), and Ping Identity (PingFederate, PingAccess, PingDirectory).
• Identity Architecture: Leverage OAuth, SAML, OpenID Connect, and Kerberos to secure user authentication and authorization across domains.
• Automation & Customization: Utilize Java, Python, JavaScript, Groovy, and PowerShell to build integrations and streamline IAM workflows.
• Cloud & Hybrid Integration: Securely integrate IAM platforms with AWS cloud, SaaS applications, and legacy on-premises systems.
• Modern Deployment: Use Jenkins, Kubernetes, Docker, and Terraform to manage deployments and infrastructure-as-code.
• Security & Compliance: Maintain rigorous standards including SSL/TLS, PKI, and encryption, while ensuring alignment with GDPR, HIPAA, and SOC2 regulations.

What You Will Bring

• Technical Versatility: Proven experience managing identities in hybrid and cloud environments using RESTful APIs and federation principles.
• DevOps Mindset: Familiarity with CI/CD pipelines and containerization for IAM scaling.
• Problem-Solving: Strong analytical skills to troubleshoot complex authentication issues and system vulnerabilities.
• Communication: Ability to translate high-level technical concepts for non-technical stakeholders and collaborate across cross-functional teams.
• Certifications (Highly Preferred): Okta Certified Professional, ForgeRock Identity Management Specialist, or Ping Identity Certified Professional.

Additional Details

• Location Policy:
  • Local Candidates: Those in the Sacramento/Roseville area are required to be in-office 23 days per week.
  • Non-Local/Out-of-State: 100% remote eligibility for candidates outside a commutable distance within California or residing in other US states.