[Remote] Senior Identity and Access Management Engineer
Note: The job is a remote job and is open to candidates in USA. Washington Health Benefit Exchange is seeking a Senior Identity and Access Management Engineer to design, develop, and support customer IAM solutions using PingOne IdentityCloud. The role involves managing user lifecycle automation, implementing access controls, and enhancing security through various authentication methods while collaborating with IT, security, and product teams.ResponsibilitiesDesign, develop, implement, and support customer IAM solutions utilizing PingOne IdentityCloud, and support transition to Okta where applicableBuild and maintain automated processes for user lifecycle management, including provisioning, deprovisioning, and role- or attribute-based access controlsDevelop and maintain custom connectors, workflows, APIs, and scripts to integrate IAM systems with enterprise applicationsIntegrate web, mobile, and API-based cloud applications with IAM platforms using protocols such as SAML, OAuth, and OIDCImplement SSO, adaptive authentication, MFA, and risk-based policies to enhance security and user experienceConfigure and troubleshoot federation and OAuth/OIDC flows, and ensure secure session handling across systemsImplement and manage workflows for customer registration, login, account recovery, and profile managementSupport migration of CIAM capabilities from PingOne Identity Cloud to Okta, including configuration, testing, validation, troubleshooting, deploymentAssist with migration planning, architecture design, and implementation of access and identity flows in OktaEnsure IAM architecture and solutions adhere to security, privacy, regulatory, and consumer data protection requirementsWork closely with IT, Security, and Delivery teams to ensure secure IAM solutions across all cloud systemsCollaborate with delivery teams, product owners, and scrum masters to integrate IAM features into application releasesParticipate in sprint planning, backlog refinement, and technical design discussions to ensure identity requirements are considered early in developmentSupport IAM changes during sprint release cycles, ensuring thorough testing and validationCoordinate IAM-related changes with DevOps and change management teams to minimize disruptions during deploymentsProvide guidance to IT and Delivery teams on secure authentication patterns, token usage, and best practices for IAMEnsure IAM solutions align with enterprise security policies, identify gaps, and provide progress updatesMonitor IAM environments for authentication issues, anomalies, and performance bottlenecksDocument IAM architectures, integrations, and operational proceduresExecute and manage access recertification campaigns, ensuring timely completion and accurate audit reportingImplement and maintain least-privilege and segregation-of-duties controls across IAM systemsLeverage microservices and API architectures to design, build, and manage IAM functionalities, enabling secure and scalable authentication, authorization, and service access controlsServe as the primary technical contact with the Ping Identity support team to address environment-related issues, tenant performance concerns, incidents, and troubleshootingTrack vendor releases, platform updates, and new capabilities for adoption within the organizationCoordinate maintenance windows, patch updates, and feature releases with the Change Advisory Board, Delivery Team, and Ping Identity vendorValidate vendor fixes in lower environments before production rolloutMonitor authentication health, login trends, and token issuance metricsPerform root cause analysis for authentication and authorization incidentsAssist in investigations of security incidents involving identity compromiseMaintain detailed logging and audit trails aligned with regulatory requirementsMonitor IAM logs and integrate events with SIEM platforms to support security monitoring and incident responseSupport audit activities by providing technical guidance and documentation, and act as a liaison for internal and external audit reviews as neededDevelop automation scripts (e.g., Python, Java, or similar) to streamline IAM processesLeverage PingOne REST APIs for configuration management tasksSupport CI/CD deployment of IAM configurationsSupport infrastructure-as-code initiatives where applicableAssist the IAM Lead and Information Security Manager (ISM) in reviewing IAM capabilities and defining a roadmap for IAM enhancementsSupport the development and implementation of information security awareness and training initiativesStay current on industry trends, emerging threats, and relevant technologies, and communicate key insights to the IAM Lead and ISMProvide regular briefings to the IAM Lead and ISM, escalating issues and blockers as necessaryPerform other duties as assigned within the scope of IAMSkillsMinimum of seven (7) years of experience in Customer Identity and Access Management (CIAM) implementation and support, with a minimum of three (3) years within that experience focused on implementing and supporting CIAM solutions using PingOne Identity CloudHands-on experience with Okta including SSO, MFA, federation, application integrations, and identity lifecycle managementExperience with IAM migration projectsHands-on experience implementing authentication and authorization protocols including OAuth, OIDC, and SAMLExperience integrating web, mobile, and API applications with IAM platforms using token-based authentication mechanismsExperience in implementing SSO, MFA, federation, and identity lifecycle managementFamiliarity with customer registration, authentication journeys, and identity flows in CIAM platformsHands-on software development or scripting experience using languages such as Java, JavaScript, Python, or similarDemonstrated knowledge of IAM best practices, including risk-based authentication and consumer data protection strategiesExperience supporting IRS/CMS or other relevant audits in the context of IAMExperience working in Agile/Scrum environments, collaborating with product owners, scrum masters, and development teams during sprint cyclesFamiliarity with DevOps processes, change management, and release coordination to support secure and stable deploymentsUnderstanding of secure authentication patterns, token lifecycle management, and identity integration best practicesExperience working with enterprise security policies, identity governance practices, and compliance requirementsDemonstrated communication and collaboration skills with the ability to provide technical guidance to IT, delivery teams, and developers on secure IAM integrationMinimum of seven (7) years of experience in IAM, including work with Customer Identity and Access Management (CIAM) platformsExperience working with REST API integrations for IAM servicesKnowledge in integrating IAM systems with API gateways and backend services to ensure secure access controlExperience managing IAM platform configuration changes and automated deployments across development, staging, and production environmentsExperience integrating IAM platforms with SIEM or security monitoring tools for authentication and identity event monitoringExperienced in creating comprehensive reports and dashboards to communicate findings, track remediation progress, and provide visibility to management and relevant teamsExperience participating in sprint planning, backlog refinement, and technical design discussions to integrate identity and authentication requirements into application developmentMotivated self-starter with initiative to take independent action and accept responsibility for your actionsExcellent understanding of emerging threats in the IAM landscapeHands-on experience with CI/CD pipelines for IAM configuration deployments, including tools such as JenkinsExperience using source control and deployment workflows with GitHub for managing IAM configuration scripts or integration codeFamiliarity with DevOps practices and infrastructure automation supporting IAM or CIAM platform changesExperience troubleshooting authentication failures, federation issues, token validation issues, and identity integrationsDemonstrates strong interpersonal and collaboration skills, effectively partnering with internal management, staff, and cross-functional teams as well as external partners and vendorsAbility to prioritize identified gaps and collaborate with cross-functional teams to ensure timely remediation and effective risk mitigationDemonstrates a proactive approach by consistently identifying potential blockers and communicating them early, while maintaining a solutions-focused mindset to facilitate continued progressCreative and proactive problem solver; must possess the ability to make independent decisions, set work priorities, and address issues promptlyExperience in developing, reviewing, and updating security standards, procedures, awareness, and trainingDemonstrated knowledge of secure software development lifecycle (SDLC) and secure architecture design principlesCompany OverviewWashington Health Benefit Exchange is an online marketplace that will help to find, compare and enroll health and dental insurance coverage. It was founded in 2011, and is headquartered in Olympia, Washington, USA, with a workforce of 51-200 employees. Its website is https://www.wahbexchange.org/.