ForgeRock Identity Engineer / Architect

Qode

$100K — $130K *
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • 4+ years hands-on experience with ForgeRock Access Manager (AM)
  • Strong SAML 2.0 skills with ability to debug raw assertions
  • Proficient in OIDC/OAuth 2.0 protocols
  • Experience with ForgeRock REST APIs and scripted nodes
  • Knowledge of keystore/X.509 management and secrets management (AWS/Vault)
  • Solid coding background in Java/Groovy, including CI/CD and API testing

Responsibilities

  • Design a multi-tenant ForgeRock AM federation architecture
  • Build REST APIs to manage the SAML SP connection lifecycle
  • Implement SAML/OIDC flows and manage secure sessions
  • Develop and automate scripted authentication and certificate lifecycle
  • Enable break-glass fallback and ensure system high availability
  • Migrate manual SP connections to an automated framework

Benefits

  • Opportunity to define identity architecture for numerous future customers
  • Ownership of critical architectural decisions and automation processes
  • Engagement in solving complex, real-world federation challenges
  • Hands-on role with significant coding and design responsibilities
  • Work within a high-impact, collaborative development pod
Full Job Description
Role: ForgeRock Identity Engineer / Architect

Location: VA, NJ, TX, Atlanta, Colorado, Tampa

About the Role

Join a high-impact POD building a self-service federated SSO platform. You'll be the hands-on ForgeRock expert designing and engineering a scalable identity broker integrating with Okta, Microsoft Entra ID, PingIdentity, and more. This is a build-from-scratch, code-heavy role-not admin/config.

Key Responsibilities
  • Design multi-tenant ForgeRock AM federation architecture
  • Build REST APIs for programmatic SAML SP connection lifecycle (create/validate/activate)
  • Implement SAML/OIDC flows, assertion validation, and secure session management across apps
  • Develop scripted authentication (Groovy/JS) and automate certificate lifecycle (monitoring & rotation)
  • Enable break-glass fallback, ensure high availability, and prepare SCIM-ready architecture
  • Migrate existing manual SP connections to automated framework


Must Have
  • 4+ years hands-on ForgeRock Access Manager (AM)
  • Strong SAML 2.0 (debugging raw assertions), OIDC/OAuth 2.0
  • Experience with ForgeRock REST APIs, scripted nodes, and keystore/X.509 management
  • API design & integrations, LDAP, secrets management (AWS/Vault)
  • Coding: Java/Groovy + CI/CD, API testing, SAML debugging tools


Nice to Have
  • ForgeRock IDM, SCIM 2.0, cloud (AWS/Azure/GCP)
  • Experience with Okta / Entra / Ping as IDP
  • Migration of manual SP setups to programmatic model


Why This Role?

You'll define the identity architecture powering hundreds of future customers-owning critical decisions, building automation, and solving complex, real-world federation challenges.

Similar Jobs

More Jobs at Qode

More Information Technology Jobs

Find similar ForgeRock Identity Engineer / Architect jobs: