Senior Specialist, Lead Zero Trust Identity Security Engineering

Key Responsibilities

Identity Platform Engineering & Leadership

• Serve as technical lead for workforce identity platforms, with Okta as the primary IdP and integrations to complementary platforms (e.g., Ping/Entra Identity).
• Own end-to-end identity architecture, including authentication flows, federation, directory integrations, and token issuance.
• Lead design reviews and decisions for IdP resiliency, failover, and supplier-risk mitigation strategies.
• Document existing and new architecture and act as a hands-on engineer while also setting technical direction, patterns, and standards.
• Strong communication, influence, and stakeholder-management skills, with the ability to distill complex identity and security architectures into clear and concise messaging

• Design and troubleshoot identity flows using OAuth 2.0 / OIDC SAML 2.0 SCIM JWT / token-based auth
• Ensure token parity, claim consistency, and issuer abstraction across identity providers to minimize application impact.
• Partner with application teams to enable modern authentication without app re-architecture.

• Engineer and maintain directory integrations across Active Directory, Okta UD, and cloud directories (e.g., Ping Directory).
• Design attribute models, lifecycle management, and group strategies at enterprise scale (thousands of groups, large population sizes).
• Support directory deployments in cloud-native environments (AWS/GCP, containers, Kubernetes).

• Build and operate identity infrastructure in AWS/GCP/Azure, using: Infrastructure & Policy as Code (Terraform / CloudFormation) Kubernetes & containerized identity services
• Automate provisioning, deployment, monitoring, and drift detection for identity platforms.
• Support SRE-style operational maturity: SLIs/SLOs, alerting, incident response, and runbooks for identity services.

• Design identity controls aligned to Zero Trust principles and enterprise security policies.
• Partner with CSOC, audit, and risk teams on: Control validation Incident response Regulatory and audit requirements (SOX, SOC, internal controls)
• Contribute to risk assessments related to supplier dependency, SPOFs, and identity outages.

• Work closely with security architecture, infrastructure, application engineering, IAM operations, and vendors.
• Influence roadmap decisions through clear technical reasoning and executive-ready communication.
• Mentor senior and mid-level engineers and raise overall identity engineering maturity.

• Undergraduate degree in a related field or the equivalent combination of training and experience.
• 12+ years of experience in Identity & Access Management engineering.
• Skilled in using DevOps tools and experience in Policy as code.
• Deep hands-on expertise with Okta (Workforce Identity, MFA, SSO, policies, lifecycle).
• Strong working knowledge of Ping Identity products (PingFederate, PingOne, Ping Directory) or equivalent platforms.
• Expert understanding of identity standards: OAuth 2.0, OIDC, SAML Federation and token-based security
• Proven experience with directory services & LDAP (AD, cloud directories).
• Experience building identity platforms in AWS/GCP, including containerized/Kubernetes deployments.
• Strong troubleshooting skills for complex authentication and federation failures.
• Ability to operate in high-visibility, high-impact environments.