Senior IAM Architect

This is a fully remote position, open to applicants in Colorado.

📋 Description

• Oversee the architecture, roadmap, and daily advancement of Ping’s internal IAM practice, which includes WIAM, CIAM, authentication, authorization, federation, lifecycle management, and governance.

• Take charge of the design, implementation, operation, and ongoing enhancement of Ping’s internal identity platforms and their supporting processes, ensuring the environment is secure, functional, and maintainable.

• Serve as the internal authority on Ping’s role model, access model, and identity architecture, making certain that business requirements are converted into scalable technical controls and user-friendly identity services.

• Collaborate with internal product teams to assess, pilot, and integrate new Ping products and acquired capabilities within Ping’s corporate and CIAM settings.

• Work closely with IT, Security, HR, Engineering, Product, and other business stakeholders to define identity requirements, streamline processes, and align IAM capabilities with genuine business needs.

• Lead role engineering initiatives by analyzing business requirements, defining roles and permissions in functional business language, and verifying that system privileges align with approved access models.

• Ensure strong operational execution for SSO, MFA, federation, provisioning, deprovisioning, role assignment, access reviews, and exception management across both internal and customer-facing systems.

• Diagnose complex authentication, authorization, provisioning, and access issues across applications, directories, workflows, and connected systems.

• Enhance and maintain standards, procedures, controls, reporting, and documentation for IAM operations, including validation of actual-state versus desired-state, access reviews, and change governance.

• Maintain a lab and test environment to validate new integrations, prototype new capabilities, and safely trial new Ping products and patterns prior to production deployment.

• Act as Ping’s internal IAM thought leader, offering practical product feedback based on real enterprise use cases from Ping’s WIAM and CIAM environments.

⛳️ Requirements

• 8+ years of experience in Identity and Access Management, with significant experience in designing, implementing, and operating both WIAM and CIAM environments.

• Demonstrated experience managing complex IAM platforms from architecture to operations within enterprise environments.

• Experience in building and maintaining DaVinci flows for WIAM and CIAM use cases.

• Strong hands-on experience with Ping Identity products in production settings, including PingOne SSO, PingID, PingOne MFA, PingOne Protect, and PingFederate.

• In-depth expertise with modern identity standards and protocols such as SAML, OAuth, OpenID Connect, SCIM, LDAP, and REST-based integrations.

• Proficient troubleshooting skills across authentication, federation, access, and provisioning processes, with the ability to diagnose issues across browsers, applications, logs, and interconnected systems.

• Experience in defining and maintaining roles, permissions, and access models in business terminology while ensuring accurate implementation in technical systems and application authorization frameworks.

• Strong understanding of identity lifecycle processes, including joiner/mover/leaver workflows, access requests, approvals, exception handling, access removal, and periodic review.

• Experience in implementing IAM controls, reporting, and governance processes that enhance auditability, risk management, and operational integrity.

• Familiarity with identity-related infrastructure and supporting technologies, including directory services, PKI/certificates, networking, system administration, and application integrations.

• Excellent written and verbal communication skills, enabling effective collaboration with technical teams, business stakeholders, and leadership.

• Proven ability to work independently, drive change, and create structure in a fast-paced and evolving environment.

• Bachelor’s degree in Computer Science, Information Systems, Engineering, or a related field, or equivalent practical experience.

🏝️ Benefits

• Generous PTO & Holiday Schedule

• Parental Leave

• Progressive Healthcare Options

• Retirement Programs

• Opportunity for Education Reimbursement

• Commuter Offset (Specific locations)