Lead IAM Engineer

Description and Requirements
Description and Requirements
Role Value Proposition:
MetLife is a leader in providing insurance and protection products to customers around the globe. MetLife has undertaken a digital transformation journey to deliver innovative and industry-leading digital solutions, employing innovative cloud and engineering technologies, and agile development practices.
We are looking for an exceptional lead engineer with specialized focus on implementation and management of modern authentication access management tools.
You will be a SME & critical member of the Authentication Services engineering team that owns and manages Customer IAM (CIAM) services across on-prem and in cloud. Presenting an opportunity to implement innovative identity solutions using modern authentication, cloud based IDP and directory technologies.
As a global company, you will collaborate with cross-functional teams including security, IT and business units across US, LATAM, EMEA and APAC regions to lead, drive and deliver global CIAM solutions. Working hours for this role are aligned to US EST time zone.
We prefer the location of this position to be hybrid in Cary, NC, but this is open to the consideration of virtual candidates located in the U.S.
How You'll Help Us Build a Confident Future
Key Responsibilities:

• Design and Implement scalable IAM solutions that follow a global, hybrid cloud architecture.
• Lead and implement seamless application migration efforts from legacy to modern IDP solutions.
• Work closely with enterprise, IAM architects to solution design and publish new CIAM Patterns.
• Conducts proof of concepts for new requirements and feature enhancements.
• Administration and management of authentication services within CIAM portfolio. Implement proper security controls and policies (Roles, Groups, Permissions, Certificates, Encryption, TLS).
• Provide domain expertise in authentication & access management services and consultancy to global IT teams and business units on new integrations and best practice.
• Implement modern authentication using tools like Ping Federate, Ping Access and Ping One (SAML, OIDC, OAUTH, MFA and Access Gateway).
• Partner with app teams to understand their requirements and onboard apps within timelines.
• Provide leadership in level 3 support, troubleshooting, perform RCA and implement mitigation plan.
• Showcase operational excellence and planning in implementing large scale projects.
• Educate and mentor junior team members by conducting demo/training sessions.
• Develop and publish runbooks, architecture documentation and diagrams for CIAM solution.
• Conduct regular security audits, identity lifecycle management, and compliance assessments to ensure adherence to global standards such as GDPR, PCI, etc.
• Collaborate with security and compliance teams to maintain and improve the security posture and of our CIAM systems.
• Proactively identify gaps in technical and admin process and propose pragmatic solutions.
• Move projects towards architecture North Star and Security Standards.

Essential Business Experience and Technical Skills:
Required Skills:

• 6 - 8+ years of strong experience in designing and implementing authentication access management solution using tools like Ping Federate, Ping Access, Ping One with proficiency and hands-on knowledge of SAML 2.0, OAuth, OpenID Connect, SSO, Web Access Management, Cloud Security, or API Security.
• Strong knowledge in Ping Federate, Ping Access, Ping One MFA, or PingOne Advanced Services (P1AS).
• 5+ years of strong experience in designing and implementing MFA using factors like Email, SMS, Voice OTP, Mobile App or FIDO2 Biometrics/Security Keys.
• Led large scale IAM migration projects and experience with CIAM use cases including user self-service registration and password reset flows.
• Experience with Log analytics and SIEM tools such as Splunk, Elastic or QRadar.

Preferred Skills:

• Bachelor's degree in an engineering discipline (Computer Science, Information Technology, Math or other engineering equivalent).
• Strategic thinking with the ability to lead large-scale IAM initiatives.
• 5+ years of good experience with LDAP directory services (like Ping Directory, AD, ADLDS, CA Directory).
• Solid understanding of cloud security frameworks and zero-trust architecture.
• Ping Identity Certification is a plus.
• Ability to code and write custom scripts is a plus.
• Agile and DevSecOps experience.

The salary range for applicants for this position is $101,300 - $155,300.
Benefits We Offer
Our U.S. benefits address holistic well-being with programs for physical and mental health, financial wellness, and support for families. We offer a comprehensive health plan that includes medical/prescription drug and vision, dental insurance, and no-cost short- and long-term disability. We also provide company-paid life insurance and legal services, a retirement pension funded entirely by MetLife and 401(k) with employer matching, group discounts on voluntary insurance products including auto and home, pet, critical illness, hospital indemnity, and accident insurance, as well as Employee Assistance Program (EAP) and digital mental health programs, parental leave, volunteer time off, tuition assistance and much more!
About MetLife
Recognized on Fortune magazine's list of the 2024 "World's Most Admired Companies" as well as the 2024 Fortune 100 Best Companies to Work For ®, MetLife , through its subsidiaries and affiliates, is one of the world's leading financial services companies; providing insurance, annuities, employee benefits and asset management to individual and institutional customers. With operations in more than 40 markets, we hold leading positions in the United States, Latin America, Asia, Europe, and the Middle East.
Our purpose is simple - to help our colleagues, customers, communities, and the world at large create a more confident future. United by purpose and guided by empathy, we're inspired to transform the next century in financial services. At MetLife, it's #AllTogetherPossible . Join us!
Equal Employment Opportunity/Disability/Veterans
If you need an accommodation due to a disability, please email us at [email protected]. This information will be held in confidence and used only to determine an appropriate accommodation for the application process.
MetLife maintains a drug-free workplace.
$101,300 - $155,300
#BI-Hybrid