Key skills
AWSAzureCloudGoogle Cloud PlatformKubernetesGCPGoogle CloudOAuthJWTOktaSAMLLDAPActive DirectorySSOZero Trust
About this role
Role Overview
- Serve as technical lead for workforce identity platforms, with Okta as the primary IdP and integrations to complementary platforms.
- Own end‑to‑end identity architecture, including authentication flows, federation, directory integrations, and token issuance.
- Lead design reviews and decisions for IdP resiliency, failover, and supplier‑risk mitigation strategies.
- Document existing and new architecture and act as a hands‑on engineer while also setting technical direction, patterns, and standards.
- Design and troubleshoot identity flows using OAuth 2.0 / OIDC SAML 2.0 SCIM JWT / token‑based auth.
- Ensure token parity, claim consistency, and issuer abstraction across identity providers to minimize application impact.
- Partner with application teams to enable modern authentication without app re‑architecture.
- Engineer and maintain directory integrations across Active Directory, Okta UD, and cloud directories.
- Design attribute models, lifecycle management, and group strategies at enterprise scale.
- Support directory deployments in cloud‑native environments (AWS/GCP, containers, Kubernetes).
- Build and operate identity infrastructure in AWS/GCP/Azure.
- Automate provisioning, deployment, monitoring, and drift detection for identity platforms.
- Design identity controls aligned to Zero Trust principles and enterprise security policies.
Requirements
- Undergraduate degree in a related field or the equivalent combination of training and experience.
- 12+ years of experience in Identity & Access Management engineering.
- Skilled in using DevOps tools and experience in Policy as code.
- Deep hands-on expertise with Okta (Workforce Identity, MFA, SSO, policies, lifecycle).
- Strong working knowledge of Ping Identity products (PingFederate, PingOne, Ping Directory) or equivalent platforms.
- Expert understanding of identity standards: OAuth 2.0, OIDC, SAML Federation and token-based security.
- Proven experience with directory services & LDAP (AD, cloud directories).
- Experience building identity platforms in AWS/GCP, including containerized/Kubernetes deployments.
- Strong troubleshooting skills for complex authentication and federation failures.
- Ability to operate in high-visibility, high-impact environments.
Tech Stack
- AWS
- Azure
- Cloud
- Google Cloud Platform
- Kubernetes
Benefits
- Visa sponsorship