Lead, mentor, and develop the SSO Engineering team, fostering a culture of technical excellence, accountability, and continuous learning.
Own end‑to‑end design, implementation, and support of enterprise SSO services, including SAML, OAuth, OIDC, MFA, RADIUS, and application federation patterns.
Oversee migration initiatives transitioning legacy platforms (e.g., IBM TFIM/WebSEAL, App Proxy) to modern architectures leveraging Azure Entra ID and PingFederate, PingDirectory, and PingOne.
Establish reusable templates, standards, and patterns for integrating new applications into SSO platforms and improving onboarding efficiency.
Partner closely with Cybersecurity, Azure Engineering, CIAM teams, and application owners to align identity solutions with regulatory, security, and Zero Trust requirements.
Direct troubleshooting and resolution of complex authentication issues across multi‑environment architectures.
Drive automation and modernization initiatives (e.g., Power Automate/Logic Apps, infrastructure improvements, federation onboarding workflows).
Ensure compliance with enterprise controls, audit standards, and change management procedures.
Perform other leadership and technical responsibilities as assigned.
Requirements
Bachelor's Degree or 4+ additional years of equivalent experience
10+ years of related experience in Identity & Access Management or Information Security
3-5+ years of hands on experience with Ping Identity technologies (PingFederate, PingAccess, PingDirectory, PingOne MFA)
3+ years of experience integrating SSO and MFA solutions with enterprise applications using SAML, OAuth, and OIDC
3+ years of experience managing or leading technical engineering teams
Strong understanding of workforce authentication flows, federation patterns, and identity lifecycle processes
Practical experience troubleshooting complex authentication failures in highly regulated or enterprise environments
Experience with Azure AD/Entra ID, Conditional Access, App Registrations, and hybrid identity models
Familiarity with PingOne DaVinci, PingAuthorize, or orchestration frameworks
Experience with CI/CD pipelines, automation, and infrastructure‑as‑code (e.g., Terraform)
Knowledge of RADIUS authentication flows, NPS integrations, and MFA extensions
Strong scripting or development skills (PowerShell, Python, Java, .NET)
Experience supporting environments undergoing modernization or legacy identity decommissioning initiatives
Relevant certifications such as Ping Identity, CISSP, CISM, or equivalent.