Lead the architecture and design of enterprise IAM solutions, leveraging the Ping Identity suite.
Design and implement a robust RBAC model adaptable across workforce, applications, and platforms, with a clear evolutionary path toward hybrid RBAC/ABAC and Fine-Grained Authorization (FGA).
Define patterns for API security and token-based access (OAuth2, OIDC, JWT).
Partner closely with API Platform teams to establish standardized token validation, scoping, and mediation patterns at the API Gateway tier (e.g., Apigee, Kong).
Architect secure service-identity and M2M authorization models, including Client Credentials flows, service identity lifecycles, and API-to-API trust frameworks.
Ensure all identity patterns align with Zero Trust principles, producing robust architectural artifacts including role hierarchies, token claims strategies, and centralized access policies.
Requirements
Core IAM & Authorization
Hands-on architectural experience with the Ping Identity suite.
Deep understanding of modern identity protocols like: OAuth2, OIDC, SAML, and JWT architecture.
Proven experience designing enterprise-wide RBAC and entitlement models spanning both users and services.
Experience implementing modern authorization patterns (Modern Grant Authorization, scopes, claims-based access).
Solid experience integrating IAM frameworks with API Management and Gateway platforms (Apigee, Kong, or AWS API Gateway) to enforce edge security.
Deep experience with the OAuth2 Client Credentials flow, token design, workload identities, and securing service-to-service communication.
Strong enterprise architecture background with a design-first mindset (focusing on systemic patterns rather than just localized implementation).
Proven ability to align large, diverse stakeholder groups (Security, Business Domains, App Teams, and Platform/Infra teams) and articulate complex IAM concepts in business-friendly language.
Comfortable dealing with ambiguity, legacy constraints, and organizational complexity.
Nice to have, but not essential
Experience with Identity Governance & Administration (IGA) tools.
Familiarity with compliance frameworks (SOX, GDPR, ISO).
Knowledge of DevSecOps, infrastructure-as-code (IaC), and IAM automation pipelines.