Senior CIAM Architect
New York City, New York, United States of America
Full Time
1 day ago
No Visa Sponsorship
Key skills
AWSCloudDNSJenkinsLinuxTerraformIAMOAuthJWTSAMLLDAPSSOGitCI/CDLeadershipFirewall
About this role
Role Overview
- Lead the architecture, design, implementation, and support of enterprise CIAM solutions using Ping Identity products.
- Own end-to-end solution design for customer authentication, federation, authorization, and directory integration use cases.
- Design scalable and secure authentication platforms capable of supporting large user populations and high transaction volumes.
- Implement and optimize SSO, MFA, OAuth, OIDC, and federation flows for enterprise and customer-facing applications.
- Drive integration with downstream applications, identity providers, APIs, directories, and security infrastructure.
- Lead production issue resolution for complex authentication, federation, token, certificate, and directory-related problems.
- Collaborate with infrastructure, network, security, application, and DevOps teams to ensure resilient and secure identity services.
- Define engineering standards, deployment patterns, operational runbooks, and best practices for CIAM platform support.
- Provide technical leadership to engineering teams, review solution designs, and mentor junior team members.
- Support modernization initiatives including cloud adoption, automation, and observability for identity platforms.
Requirements
- 15+ years in IAM/CIAM domain
- 8+ years working with Ping Identity products
- Strong hands-on experience with:
- PingFederate
- PingDirectory
- PingAccess
- PingOne
- Experience supporting enterprise-scale customer authentication platforms (10M+ users preferred) With Banking customer would be an added advantage.
- 15+ years of experience in Identity and Access Management (IAM) / Customer Identity and Access Management (CIAM).
- 8+ years of strong hands-on experience with Ping Identity product suite, especially PingFederate, PingDirectory, PingAccess, and PingOne.
- Proven experience designing and supporting enterprise-scale customer authentication platforms; experience with 10M+ user environments is strongly preferred.
- Strong expertise in authentication and federation standards including SAML 2.0, OAuth 2.0, OpenID Connect (OIDC), and JWT technologies.
- Deep hands-on expertise in PingFederate administration, SSO integrations, token exchange, authentication policies, selectors, adapters, and OAuth/OIDC troubleshooting.
- Experience with PingDirectory administration, LDAP integrations, directory operations, replication, performance tuning, and troubleshooting.
- Good understanding of PingAccess for application access control, policy enforcement, and secure application integration.
- Strong hands-on experience with SSL/TLS certificates, certificate renewals, keystore and truststore management, JKS/PKCS12 handling, CSR generation, CA chains, and mutual TLS.
- Solid knowledge of Linux administration, networking fundamentals, DNS, load balancers, reverse proxies, and firewall concepts.
- Experience working in cloud environments, preferably AWS.
- Hands-on exposure to CI/CD pipelines, Git, Jenkins, Terraform, and monitoring or observability tooling.
- Strong troubleshooting skills across federation, OAuth, token validation, LDAP connectivity, directory replication, certificate chain issues, latency, routing, and production incidents.
Tech Stack
- AWS
- Cloud
- DNS
- Jenkins
- Linux
- Terraform