Identity Access Management Engineer III

Ultimate Software is seeking an Identity Access Management Engineer III with a talent, passion, and proven ability to work on an Identity Access Management team to install, configure, and support authentication, provisioning, and identity management systems. The incumbent will work with Identity Architects, Identity Engineers, IT leadership, security and system engineers across all levels of the organization. Key responsibilities include the integration of single sign-on (SSO) and directory platforms, in-house and cloud applications, with identity access management platforms.

Here at Ultimate Software, we truly put our people first. We strongly believe in teamwork, and we encourage and trust our people to reach higher, learn more, and live up to their potential. Ultimate is ranked #1 on Fortune's "Best Places to Work in Technology" for 2017 and #7 on the "100 Best Companies to Work For" list in 2017. Ultimate is also ranked #1 on the Fortune's "100 Best Workplaces for Millennials" for 2017 and #5 on its "50 Best Workplaces for Diversity" list for 2016.

Primary Duties and Responsibilities:

  • Identification of complex business processes, internal controls which mitigate risks, and related opportunities for internal automation.
  • Design, develop, and implement enterprise identity access management platforms.
  • Build integrations; role-based access control and password management tools with existing applications and systems.
  • Work with appropriate resources for maintenance, patching, upgrades, troubleshooting, and future development of every component of all identity access management platforms and tools.
  • Work is primarily performed between 8:30am – 5:30pm, Monday – Friday, with "on-call" as all environments are expected to operate 24x7.
  • Work on projects outside normal working hours.

Required Qualifications:

  • 4+ years software architecture experience in Identity Management and/or other major enterprise systems
  • Experience with large and complex systems having multi-layered architectures
  • Proven ability to provide clear and consistent documentation with attention to detail
  • 5+ years experience in operating enterprise-scale federated identity infrastructures and its lifecycle management.
  • Demonstrated experience with SSO/Federation services products such as ADFS, PingFederate, and PingOne
  • Expert knowledge of industry protocol standards such as: LDAP, Kerberos, SAML v1.1 & 2.0, WS-Federation, OAuth, OpenID, SCIM 2.0, JWT, etc.
  • Experience related to user provisioning, access management, access governance/access recertification, federation/single sign-on, and privileged access management
  • Strong hands on expertise with RBAC and ABAC design and implementation
  • Experience with Active Directory and privileged account management
  • Detailed knowledge of user administration, authentication methods, file permissions, groups, and domain concepts
  • Experience with Groovy and OGNL scripting languages
  • Familiarity with information risk management, compliance tasks and reporting (e.g. risk treatment, audit controls and remediation, vendor risk management, and risk monitoring)
  • Be able to work with application teams and assist in implementing SAML/OAuth integration and tuning services that are reliable and highly available
  • Understanding of the following concepts: high availability, load balancing, firewalls, topology models, performance testing, and functional testing
  • Track and trend metrics for continuous service improvement to include capacity, monitoring, auditing, growth, and maintenance
  • Understanding of associated technologies such as: F5 Big-IP LTM, GTM and PKI, certification authorities, multi-factor authentication
  • Familiarity with industry compliance requirements (such as SOX, etc.)

Preferred Qualifications:

  • Skilled in creating, training, and utilizing reporting tools to support audit requirements


  • Bachelor of Science degree preferred or equivalent work experience

Travel Requirement:

  • May be required to travel up to 5%

This job description has been written to include the general nature of work performed. It is not designed to contain a comprehensive detailed inventory of all duties, responsibilities and qualifications required of employees assigned to this job.

Meet Some of Ultimate Software's Employees

Markese R.

Team Lead, Time Clock Team

As Team Lead, Markese takes care of the time clock needs, whether it’s related to hardware, software, or networking, ensuring customers can utilize the time clock functions without disruption.

Ted V.

VP, Technical Services Delivery

As VP, Technical Services Delivery, Ted is responsible for the successful implementation of Ultimate Software’s products with the Technical Services Team.

Back to top