Job Description

OPEN JOB: Senior Identity Services Engineer / PingFederate, Azure AD, Okta
LOCATION: New York City, New York
**The role is primarily remote, but will require occasional on-site presence; therefore, candidate should live within a commutable distance to Manhattan
SALARY: $97,000 to $145,000
Full-time
Full Benefits

Essential Job Duties

• Design, implement, and support enterprise SSO solutions (e.g., PingFederate, Azure AD, Okta)
• Maintain and enhance access management platforms and federation infrastructure
• Lead application integrations into existing SSO frameworks using SAML, OAuth2, and OIDC
• Implement and support Role-Based Access Control (RBAC) and modern authentication methods
• Support and improve authentication strategies across the organization
• Collaborate with information security, app owners, and infrastructure teams to deliver secure identity solutions
• Troubleshoot complex authentication and federation issues across multiple environments
• Participate in IAM roadmap planning and contribute to architectural decisions
• Provide mentorship and technical guidance to IAM engineers
• Support governance efforts related to authentication, authorization, and access control standards

Required Qualifications

• 5+ years of Identity & Access Management experience with a strong focus on SSO and federation
• Deep technical knowledge of:
  • PingFederate, Azure AD, Okta, ADFS
  • Federation protocols including SAML, OIDC, and OAuth2
  • LDAP, Active Directory, SCIM
• Proficiency in scripting and development with PowerShell, Python, and Java
• Experience working with REST APIs for IAM services; familiarity with Postman or similar tools
• Familiarity with OGNL expression language for customizing PingFederate policies
• Front-end UX design and customization using HTML, CSS, and JavaScript
• Basic Linux administration skills for maintaining and managing IAM infrastructure
• Working knowledge of certificates and PKI (X.509, certificate chains, signing, encryption, keystore management)
• Strong troubleshooting and debugging skills across application, identity, and network layersx
• Understanding of modern identity concepts such as Zero Trust, adaptive authentication (risk-based, device/user signals), and conditional access

Preferred Qualifications

• Hands-on experience with the Ping Identity platform, particularly:
  • PingFederate, PingOne, PingID, PingDirectory
• Experience with MFA and Passwordless/FIDO2/WebAuthn authentication strategies
• Experience building and configuring enterprise SSO applications in Azure AD / Entra ID
• Exposure to IAM orchestration platforms such as PingOne DaVinci or similar tools
• Experience supporting cloud identity integrations (Azure, AWS, GCP)
• Familiarity with enterprise SSO in hybrid environments (on-prem and cloud-based apps)

• Strong documentation and communication skills
• Comfortable collaborating across technical and non-technical teams
• Ability to lead projects and mentor junior engineers

If you are interested in pursuing this opportunity, please respond back and include the following:

• Full MS WORD Resume
• Required compensation
• Contact information
• Availability
  

Upon receipt, one of our managers will contact you to discuss in full

JASON DENMARK
Recruiting Manager
INTERMEDIA GROUP, INC.
EMAIL:  jdenmark@intermediagroup.com
LINKEDIN: 

Job Tags

Full time, Remote work,

Similar Jobs