Senior IAM Engineer - ForgeRock

At Ensono, our Purpose is to be a relentless ally, disrupting the status quo and unleashing our clients to Do Great Things!  We enable our clients to achieve key business outcomes that reshape how our world runs. As an expert technology adviser and managed service provider with cross-platform certifications, Ensono empowers our clients to keep up with continuous change and embrace innovation.

We can Do Great Things because we have great Associates. The Ensono Core Values unify our diverse talents and are woven into how we do business. These five traits are the key to achieving our purpose:

Honesty, Reliability, Curiosity, Collaboration, and Passion.

About the role and what you'll be doing: 

We are seeking a skilled ForgeRock Senior IAM Engineer to oversee the day-to-day administration, operational maintenance, and custom expansion of our Identity and Access Management platform. In this role, you will ensure high availability and optimal performance of the ForgeRock environment while actively developing custom scripts, authentication journeys, and plugins to meet evolving business needs. You will act as the bridge between core system engineering and day-to-day identity operations, maintaining platform stability and implementing custom configurations.

We want all new Associates to succeed in their roles at Ensono. That's why we've outlined the job requirements below. To be considered for this role, it's important that you meet all Required Qualifications. If you do not meet all of the Preferred Qualifications, we still encourage you to apply. 

Key Responsibilities

Application Maintenance & Performance

• Monitor platform health across the ForgeRock software suite including Access Management (AM), Identity Management (IDM), Directory Services (DS), and Identity Gateway (IG).
• Manage system upgrades, critical security patches, and hotfix deployments with minimal disruption to business operations.
• Maintain directory integrations ensuring steady synchronization between ForgeRock components and connected enterprise systems like Active Directory, Azure AD/Entra ID, and HR systems.
• Optimize system capacity by tuning JVM, database connectors, and LDAP server performances to meet service level agreements (SLAs).

Operational Support & Triage

• Provide L3 technical support to resolve complex identity federation, single sign-on (SSO), and authentication routing incidents.
• Conduct root cause analysis on system failures, application performance drops, or certificate expirations, implementing permanent remediation steps.
• Oversee backup and disaster recovery protocols, verifying snapshot integrity for all identity data and configurations.
• Maintain technical documentation including operational standard operating procedures (SOPs), runbooks, and environment architecture diagrams.

Custom Configuration & Engineering

• Build custom authentication scripts and logic plugins utilizing Java, JavaScript, or Groovy to address advanced access use cases.
• Configure authentication journeys incorporating multi-factor authentication (MFA), risk-based conditional access, and Zero Trust validation policies.
• Develop JSON-based route profiles within ForgeRock Identity Gateway to enforce policy controls for legacy applications and microservice APIs.
• Automate deployment workflows using CI/CD pipelines and infrastructure-as-code blueprints within Docker or Kubernetes container environments.

Required Technical Qualifications

• Experience: 6+ years of dedicated professional experience in Identity & Access Management (IAM), with at least 2+ years specialized in the ForgeRock ecosystem.
• ForgeRock Core: Proven mastery of ForgeRock AM, IDM, DS, and IG components, configuration files, and properties.
• Protocols: Deep understanding of core identity security standards including OAuth 2.0, OpenID Connect (OIDC), SAML 2.0, and LDAP.
• Languages: Proficiency writing production-grade scripts in Groovy, JavaScript, or Java.
• Environments: Comfortable operating within Linux Server ecosystems, command-line interfaces, and shell scripting.

Preferred Qualifications

• Certifications: ForgeRock Certified Access Management Specialist, Identity Management Specialist, or Ping Identity equivalent certifications.
• DevOps Skills: Hands-on familiarity using Git version control, Jenkins, Docker, or Kubernetes clusters.

Ensono is a place to make better happen – for our clients and for your career. You can do great things through innovation or collaboration, by learning or volunteering, or to promote diversity and inclusion. You can do great things for your own health or for a healthier planet. Whatever it means to you to do great things we want Ensono to be the place you can do it. 

We are a client-facing business, but we do encourage clients to allow us to work remotely most of the time so if you are not required to be on a client site, you can choose to work from home or in our Ensono offices.

Some of our benefits include:

• Unlimited Paid Days Off

• Three health plan options

• 401k with company match

• Eligibility for dental, vision, short and long-term disability, life and AD&D coverage, and flexible spending accounts

• Family Forming Benefit including fertility coverage and adoption/surrogacy reimbursement

• Paid childbearing and paternal leave

• Education Reimbursement, Student Loan Assistance or 529 College Funding

• Sabbatical leave

• Wellness program

• Flexible work schedule

As of the date of this posting, a good faith estimate of the current pay scale for this role is $125,000 to $162,000 annually based on a full-time schedule. Please note that placement in the range may vary based on numerous factors including but not limited to skills, experience, internal equity, and business needs. In addition to base salary, other compensation programs, depending on eligibility, include an annual bonus plan based on company and individual performance and an equity grant under our Associate Equity Appreciation Program.

Ensono is an Equal Opportunity/Affirmative Action employer. We are committed to providing equal employment to our Associates and building a diverse and inclusive workforce. All qualified applicants will be considered without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, or other legally protected basis, in accordance with applicable law.

Pay transparency nondiscrimination statement/posting OFCCP’s pay transparency policy can be found on OFCCP’s website.

If you need accommodation at any point during the application or interview process, please let your recruiter know or email [email protected].