Senior IAM Architect

As a Senior IAM Architect on Ping’s Corporate IT Systems Administration team, you will lead the company’s internal IAM practice across both workforce and customer identity environments. This is a senior, hands-on role for someone who can design, implement, operate, troubleshoot, and continuously improve identity capabilities for Ping as the customer.

This person will serve as the internal owner of Ping’s IAM architecture, role model, and operational direction, helping ensure the environment is secure, functional, scalable, and maintainable while partnering closely with internal product teams and business stakeholders to evaluate and adopt new Ping capabilities over time.

• Lead the architecture, roadmap, and day-to-day maturity of Ping’s internal IAM practice across WIAM, CIAM, authentication, authorization, federation, lifecycle management, and governance.
• Own the design, implementation, operation, and continuous improvement of Ping’s internal identity platforms and supporting processes, with responsibility for keeping the environment secure, functional, and maintainable.
• Act as the internal owner of Ping’s role model, access model, and identity architecture, ensuring business requirements are translated into scalable technical controls and usable identity services.
• Partner with internal product teams to evaluate, pilot, and adopt new Ping products and acquired capabilities in Ping’s corporate and CIAM environments.
• Work closely with IT, Security, HR, Engineering, Product, and other business stakeholders to define identity requirements, improve processes, and align IAM capabilities to real business needs.
• Lead role engineering efforts by analyzing business requirements, defining roles and permissions in functional business terms, and ensuring system privileges map correctly to approved access models.
• Drive strong operational execution for SSO, MFA, federation, provisioning, deprovisioning, role assignment, access reviews, and exception handling across internal and customer-facing systems.
• Troubleshoot complex authentication, authorization, provisioning, and access issues across applications, directories, workflows, and connected systems.
• Maintain and improve standards, procedures, controls, reporting, and documentation for IAM operations, including actual-state versus desired-state validation, access reviews, and change governance.
• Maintain a lab and test environment to validate new integrations, prototype new capabilities, and safely trial new Ping products and patterns before production rollout.
• Serve as Ping’s internal IAM thought leader and provide practical product feedback based on real enterprise use cases from Ping’s WIAM and CIAM environments.

• 8+ years of experience in Identity and Access Management, including significant experience designing, implementing, and operating both WIAM and CIAM environments.
• Proven experience owning complex IAM platforms from architecture through operations in enterprise environments.
• Experience building and maintaining DaVinci flows for WIAM and CIAM use cases.
• Strong hands-on experience with Ping Identity products in production environments; including PingOne SSO, PingID, PingOne MFA, PingOne Protect, PingFederate.
• Strong expertise with modern identity standards and protocols such as SAML, OAuth, OpenID Connect, SCIM, LDAP, and REST-based integrations.
• Strong hands-on troubleshooting skills across authentication, federation, access, and provisioning flows, including the ability to diagnose issues across browsers, applications, logs, and connected systems.
• Experience defining and maintaining roles, permissions, and access models in business terms while ensuring accurate implementation in technical systems and application authorization structures.
• Strong understanding of identity lifecycle processes, including joiner/mover/leaver workflows, access requests, approvals, exception handling, access removal, and periodic review.
• Experience implementing IAM controls, reporting, and governance processes that improve auditability, risk management, and operational integrity.
• Working knowledge of identity-related infrastructure and supporting technologies such as directory services, PKI/certificates, networking, system administration, and application integrations.
• Strong written and verbal communication skills with the ability to partner effectively across technical teams, business stakeholders, and leadership.
• Demonstrated ability to operate independently, drive change, and bring structure to a fast-moving and evolving environment.
• Bachelor’s degree in Computer Science, Information Systems, Engineering, or a related field, or equivalent practical experience.

• Strong hands-on experience with Ping Identity products in production environments.
• Expertise designing, implementing, and maintaining DaVinci Product flows.
• Familiarity with PingOne Architecture and the broader Ping platform ecosystem.
• Experience with PingOne SSO, PingID, PingOne MFA, PingOne Protect, PingOne Authorize, PingFederate, PingAccess, PingDirectory, and related Ping technologies.
• Experience serving as an internal platform owner who can evaluate new capabilities, form a point of view on the right architecture for the business, and drive adoption of new identity capabilities over time.
• Experience maintaining lab environments, testing new integrations, and validating new identity patterns before production deployment.
• Strong understanding of access controls, segregation of duties, least privilege, and policy-driven authorization models.
• Experience with change management, release management, and integrating IAM work into broader IT and security operating processes.
• Experience with DevOps and platform engineering practices such as Terraform, CI/CD, API integration, and cloud-native deployment models.
• Ability to represent Ping internally as the enterprise customer and translate that experience into better architecture, better operational outcomes, and stronger adoption of Ping technology.

Salary Range: $137,000 - $180,000