Senior CIAM Architect (15+ Years)We are seeking a highly experienced Senior CIAM Architect with deep expertise in Ping Identity technologies to lead the design, engineering, integration, and support of enterprise-scale customer identity and access management platforms. This role requires strong hands-on experience across federation, authentication, directory services, security, PKI, infrastructure, and automation, with the ability to drive architecture decisions and resolve complex production issues in high-scale environments.
Role SummaryMandatory Experience- 15+ years in IAM/CIAM domain
- 8+ years working with Ping Identity products
- Strong hands-on experience with:
- PingFederate
- PingDirectory
- PingAccess
- PingOne
- Experience supporting enterprise-scale customer authentication platforms (10M+ users preferred) With Banking customer would be an added advantage.
Key Responsibilities- Lead the architecture, design, implementation, and support of enterprise CIAM solutions using Ping Identity products.
- Own end-to-end solution design for customer authentication, federation, authorization, and directory integration use cases.
- Design scalable and secure authentication platforms capable of supporting large user populations and high transaction volumes.
- Implement and optimize SSO, MFA, OAuth, OIDC, and federation flows for enterprise and customer-facing applications.
- Drive integration with downstream applications, identity providers, APIs, directories, and security infrastructure.
- Lead production issue resolution for complex authentication, federation, token, certificate, and directory-related problems.
- Collaborate with infrastructure, network, security, application, and DevOps teams to ensure resilient and secure identity services.
- Define engineering standards, deployment patterns, operational runbooks, and best practices for CIAM platform support.
- Provide technical leadership to engineering teams, review solution designs, and mentor junior team members.
- Support modernization initiatives including cloud adoption, automation, and observability for identity platforms.
Technical SkillsFederation & Authentication- SAML 2.0
- OAuth 2.0
- OpenID Connect (OIDC)
- JWT/JWS/JWE
PingFederate Expertise- End-to-end PingFederate administration
- SSO Integration
- Token exchange
- Authentication Policies
- Selectors and Adapters
- OAuth/OIDC troubleshooting
- Federation onboarding
PingDirectory ExpertiseCloud Skills- Amazon Web Services (AWS)
Infrastructure- Linux administration
- Networking fundamentals
- DNS
- Load balancers
- Reverse proxies
- Firewall concepts
Security & PKI Expertise (Very Important)Candidate must have hands-on experience with:
- SSL/TLS certificate installation
- Certificate renewal process
- Keystore management
- Truststore management
- JKS/PKCS12 handling
- CSR generation
- Root and Intermediate CA chains
- Mutual TLS (mTLS)
DevOps & Automation- CI/CD pipelines
- Git
- Jenkins
- Terraform
- Monitoring and observability
Troubleshooting CapabilityCandidate should be able to independently troubleshoot:
- Federation failures
- OAuth failures
- Token validation issues
- LDAP connectivity issues
- Replication failures
- Certificate chain issues
- Load balancer routing issues
- Authentication latency problems
- Production incidents
Required Qualifications- 15+ years of experience in Identity and Access Management (IAM) / Customer Identity and Access Management (CIAM).
- 8+ years of strong hands-on experience with Ping Identity product suite, especially PingFederate, PingDirectory, PingAccess, and PingOne.
- Proven experience designing and supporting enterprise-scale customer authentication platforms; experience with 10M+ user environments is strongly preferred.
- Strong expertise in authentication and federation standards including SAML 2.0, OAuth 2.0, OpenID Connect (OIDC), and JWT technologies.
- Deep hands-on expertise in PingFederate administration, SSO integrations, token exchange, authentication policies, selectors, adapters, and OAuth/OIDC troubleshooting.
- Experience with PingDirectory administration, LDAP integrations, directory operations, replication, performance tuning, and troubleshooting.
- Good understanding of PingAccess for application access control, policy enforcement, and secure application integration.
- Strong hands-on experience with SSL/TLS certificates, certificate renewals, keystore and truststore management, JKS/PKCS12 handling, CSR generation, CA chains, and mutual TLS.
- Solid knowledge of Linux administration, networking fundamentals, DNS, load balancers, reverse proxies, and firewall concepts.
- Experience working in cloud environments, preferably AWS.
- Hands-on exposure to CI/CD pipelines, Git, Jenkins, Terraform, and monitoring or observability tooling.
- Strong troubleshooting skills across federation, OAuth, token validation, LDAP connectivity, directory replication, certificate chain issues, latency, routing, and production incidents.
Preferred Qualifications- Ping Identity certifications such as Ping Identity Certified Professional.
- AWS certifications such as AWS Solutions Architect.
- Experience in highly regulated, large-scale, or customer-facing enterprise environments.
- Exposure to architecture governance, engineering leadership, and cross-functional stakeholder management.
Key Competencies- Strong ownership and leadership in driving critical identity platform initiatives.
- Ability to translate business and security requirements into robust CIAM architecture and engineering solutions.
- Excellent analytical and problem-solving skills for high-severity production incidents.
- Strong verbal and written communication skills with the ability to work across technical and business stakeholders.
- Ability to operate effectively in fast-paced, high-availability production environments.
Preferred Certifications- Ping Identity Certified Professional
- AWS Solutions Architect
