Identity and Access Management Engineer

Job Description

Immediate hiring!!

**Role : Ping Identity/Administrator**

**Location: Frisco, TX, Overland Park, KS (Onsite)**

**Duration: Long Term Contract**

**ONLY H1B**

Please find the JD for the role:

Key Responsibilities:

* Manage and maintain PingFederate instances across on-premises and cloud environments, ensuring optimal performance and uptime.
* Design and implement secure Single Sign-On (SSO) solutions using SAML 2.0, OAuth 2.0, and OpenID Connect (OIDC).
* Develop and administer authentication policies, identity mappings, and token processors/issuers.
* Integrate internal, third-party, and SaaS/cloud applications into PingFederate for federated authentication.
* Collaborate closely with Ping Access, Ping Directory, and Ping One teams to deliver cohesive identity solutions.
* Build and maintain reusable connection templates, token validators, and assertion creation rules.
* Support developers and architects with secure API authentication strategies using token-based models.
* Troubleshoot and resolve SSO and federation issues, including debugging SAML assertions and OIDC tokens.
* Maintain accurate and version-controlled documentation, runbooks, and configuration artifacts.
* Provide expert guidance and support during system migrations, upgrades, and disaster recovery scenarios.
* Ensure alignment with enterprise security standards, audit requirements, and industry best practices.

Required Skills:

* 3–5+ years of hands-on experience in Identity and Access Management (IAM), with a focus on PingFederate.
* Strong command of identity federation and authentication protocols:
* SAML 2.0, OAuth 2.0, OpenID Connect (OIDC)
* Proficient in configuring and managing:
* Service Provider (SP) and Identity Provider (IdP) connections
* Authentication policies and adapter instances
* Token issuance, validation, and attribute mapping
* Skilled in Groovy scripting, JSON, XML, PowerShell, and access policy configuration.
* Experience using diagnostic tools such as SAML Tracer, Fiddler, Postman, etc.
* Familiarity with Active Directory, LDAP, SCIM, and general directory services.
* Strong understanding of secure authentication practices and token lifecycle management.
* Comfortable working in Linux/Unix environments using CLI tools.

Preferred Qualifications:

* Experience with related Ping products: Ping Access, Ping Directory, or Ping One Advanced Services.
* Familiarity with DevOps tools such as Git, Jenkins, and Docker; exposure to CI/CD workflows.
* Knowledge of Zero Trust principles and password less authentication standards (e.g., FIDO2/WebAuthn).
* Previous integration experience with enterprise platforms like Salesforce, AWS, ServiceNow, Workday, etc.
* Basic understanding of other identity platforms such as Azure AD, Okta, or ForgeRock.

Please share resume at Crystal@americanunit.com