Be an Early Applicant
At MetLife, we’re a purpose-driven company that helps our customers build a more confident future.
The Role
Lead enterprise Identity and Access Management architecture for SSO and directory services using Ping and Entra ID. Define reference architectures, drive migrations (SiteMinder/OUD to Ping/Entra), establish SAML/OIDC/OAuth2 patterns, ensure security/compliance, oversee incident/change management and platform stability, automate operations, design HA/DR and capacity, and provide L2/L3 support across global regions.
Summary Generated by Built In
Description and Requirements
Position Summary:
The Single Sign-On (SSO) /Ping /Directory services Architect is responsible for defining and driving enterprise-wide Identity and Access Management (IAM) strategy and architecture, leveraging platforms such as Ping Identity (PingFederate, PingAccess, Ping Directory) and Microsoft Entra ID. This role leads the design and standardization of secure, scalable, and resilient SSO solutions across the organization.
This Senior role/Architect serves as a subject matter expert (SME), providing deep technical leadership across solution design, architecture governance, and technology roadmap planning. They are accountable for evaluating emerging technologies, establishing integration patterns, and ensuring alignment with enterprise security, compliance, and regulatory requirements.
This role requires strong collaboration with business stakeholders, application teams, infrastructure engineering, and security organizations to enable standardized customer identity models and seamless authentication experiences.
Now is an exciting time to be a part of MetLife - start your next career journey with us. In this role you will make an impact by standardizing customer directories/ SSO infrastructure, collaborating with business partners on common identities and exploring new technologies for the Single Sign-On (SSO).
Job Responsibilities:
Education:
Bachelor's degree in computer science, Information Systems, or related field.
Experience:
Knowledge & Skills:
Other Skills:
About MetLife
Recognized on Fortune magazine's list of the "World's Most Admired Companies" and Fortune World's 25 Best Workplaces™, MetLife, through its subsidiaries and affiliates, is one of the world's leading financial services companies; providing insurance, annuities, employee benefits and asset management to individual and institutional customers. With operations in more than 40 markets, we hold leading positions in the United States, Latin America, Asia, Europe, and the Middle East.
Our purpose is simple - to help our colleagues, customers, communities, and the world at large create a more confident future. United by purpose and guided by our core values - Win Together, Do the Right Thing, Deliver Impact Over Activity, and Think Ahead - we're inspired to transform the next century in financial services. At MetLife, it's #AllTogetherPossible . Join us!
#BI-Hybrid
Position Summary:
The Single Sign-On (SSO) /Ping /Directory services Architect is responsible for defining and driving enterprise-wide Identity and Access Management (IAM) strategy and architecture, leveraging platforms such as Ping Identity (PingFederate, PingAccess, Ping Directory) and Microsoft Entra ID. This role leads the design and standardization of secure, scalable, and resilient SSO solutions across the organization.
This Senior role/Architect serves as a subject matter expert (SME), providing deep technical leadership across solution design, architecture governance, and technology roadmap planning. They are accountable for evaluating emerging technologies, establishing integration patterns, and ensuring alignment with enterprise security, compliance, and regulatory requirements.
This role requires strong collaboration with business stakeholders, application teams, infrastructure engineering, and security organizations to enable standardized customer identity models and seamless authentication experiences.
Now is an exciting time to be a part of MetLife - start your next career journey with us. In this role you will make an impact by standardizing customer directories/ SSO infrastructure, collaborating with business partners on common identities and exploring new technologies for the Single Sign-On (SSO).
- Define and govern enterprise SSO & IAM architecture across Ping (Federate/Access/Directory), Entra ID, SiteMinder, and OUD.
- Lead design for complex integrations across Ping and Entra ecosystems.
- Establish reference architectures, reusable patterns, and best practices.
- Drive modernization (SiteMinder → Ping/Entra and OUD → Ping Directory migration strategies)
- Ensure compliance with security policies, audit requirements, and regulatory obligations
- Evaluate and onboard emerging IAM technologies and capabilities (Zero Trust, passwordless, adaptive auth).
- Act as escalation point for critical design and platform challenges.
- Oversee incident management, change execution, and platform stability.
- Ensure operational governance, SLA adherence, and audit compliance
- Collaborate with architecture, security, infrastructure, and application teams.
- Drive automation, monitoring, and continuous improvement across IAM operations.
- Provide leadership visibility through executive reporting and stakeholder communication
- Establish standard design patterns for SAML, OAuth2, and OIDC integrations.
- Lead hybrid (on-prem + cloud) IAM solution design and modernization initiatives.
- Architect solutions across Ping Identity stack & Entra ID (App registrations, Conditional Access, MFA), Directory services (LDAP, AD, Ping Directory, OUD).
- Drive certificate lifecycle strategy (SSL, federation trust, encryption/signing of assertions/LDAP).
- Defining and configuring password policies.
- Creating custom LDIFs and ACLs for directory configurations.
- Define vulnerability management and remediation strategies.
- Define user directory mapping and identity flows for authentication & authorization.
- Define monitoring strategy using Splunk / Elastic / OpenSearch.
- Establish proactive alerting, dashboards, and health monitoring frameworks.
- AI based Automation of recurring tasks and manual tasks.
- Capacity tunings and design Infrastructure for high availability, DR, and performance optimization.
Job Responsibilities:
- Define frameworks for Incident, Problem, and Change Management.
- Provide architectural guidance during Critical incidents and platform escalations.
- Strong understanding of Linux systems and infrastructure components.
- Partner with security, infra, and application teams to standardize identity patterns.
- Act as SME for complex IAM design decisions and escalations.
- Contribute to strategic discussions and technical solutioning and blueprint preparations.
- Drive IAM roadmap, innovation, and adoption of new technologies.
- Owns end-to-end IAM architecture, strategy, and governance, ensuring scalable, secure, and future-ready SSO solutions across the enterprise.
- Establish collaborative work environment.
- Provide ongoing Level 2 and Level 3 support for MetLife's directory services, which includes: upgrades, tuning, monitoring, problem resolution and identification of root cause.
- Support APAC/ EMEA / US regions in a 24x7 operating model.
Education:
Bachelor's degree in computer science, Information Systems, or related field.
Experience:
- At least 14 years of overall experience in Cyber, SSO and IAM Domain.
- At least 7+ years of experience and hands-on acumen in managing Directory services or architecting/solutioning Directory services (Ping Directory / LDAP).
- At least 7+ years of experience with setup and troubleshooting of inbound and outbound federations using SAML, OAuth and OIDC protocols including login and logout flows. Experience in configuring Azure SSO, OIDC protocols, Ping Federate and Ping access management. Deep understanding of Active Directory Federation Services. Experience of installation, configurations, onboarding and architecting SSO solutions like Ping Directory, Ping federate, Ping Access, SiteMinder, Entra ID.
- Extensive experience in People and Stakeholder management.
- Experience in end to end infrastructure setup for Directory solutions.
Knowledge & Skills:
- Prior experience with Identity and access management (IAM) /SSO/ Directory services tools like Ping Directory, SiteMinder, Ping (Federate/Access), Okta, Entra ID and Forge Rock.
- Excellent communication and collaboration skills to partner with business and the users.
- Expert in SSO and Directory services, not only administration, but in-depth understanding of concepts and processing.
- Architectural understanding of infra and capacity planning.
- Ability to troubleshoot complex SSO / Directory issues and in-depth understanding of tuning and available configuration settings
- Working knowledge of HTTP protocol, cookies, headers, response codes, and how to troubleshoot.
- Working knowledge of LDAP protocol; searches, responses, and how to troubleshoot
- Excellent Linux and Windows system knowledge
- Expert in application of authentication and authorization solutions to address business and security problems
- Experience with enterprise-level support of business-critical services
- Experience with technical documentation writing / knowledgebase article creation
- Strong motivation to analyze and improve systems and infrastructure
Other Skills:
- Linux Scripting, Power Shell, VB Script is a plus.
- ITIL, Ping Expert, Directory Services/LDAP, SSO (SiteMinder/Ping/Entra ID/Okta) Certification will be preferred.
- CISSP, CISM certification is a plus.
About MetLife
Recognized on Fortune magazine's list of the "World's Most Admired Companies" and Fortune World's 25 Best Workplaces™, MetLife, through its subsidiaries and affiliates, is one of the world's leading financial services companies; providing insurance, annuities, employee benefits and asset management to individual and institutional customers. With operations in more than 40 markets, we hold leading positions in the United States, Latin America, Asia, Europe, and the Middle East.
Our purpose is simple - to help our colleagues, customers, communities, and the world at large create a more confident future. United by purpose and guided by our core values - Win Together, Do the Right Thing, Deliver Impact Over Activity, and Think Ahead - we're inspired to transform the next century in financial services. At MetLife, it's #AllTogetherPossible . Join us!
#BI-Hybrid
Skills Required
- Bachelor's degree in computer science, Information Systems, or related field
- At least 14 years of overall experience in Cyber, SSO and IAM domain
- 7+ years managing or architecting Directory services (Ping Directory / LDAP)
- 7+ years configuring and troubleshooting federations using SAML, OAuth2, OIDC; experience with Azure SSO, PingFederate, PingAccess and ADFS
- Hands-on experience installing, configuring, onboarding and architecting SSO solutions: Ping Directory, PingFederate, PingAccess, SiteMinder, Entra ID
- Experience in end-to-end infrastructure setup for Directory solutions, capacity planning, HA/DR and performance tuning
- Prior experience with IAM/SSO/Directory tools (Ping products, SiteMinder, Okta, Entra ID, ForgeRock)
- Expert-level understanding of SSO and Directory services (architecture, processing, not just administration)
- Working knowledge of LDAP protocol (searches, responses, troubleshooting) and ability to create custom LDIFs and ACLs
- Working knowledge of HTTP (cookies, headers, response codes) and ability to troubleshoot web auth flows
- Excellent Linux and Windows system knowledge and Linux scripting experience
- Experience providing enterprise-level L2/L3 support for business-critical directory/SSO services and 24x7 regional support
- Experience in people and stakeholder management and executive-level reporting
- Experience defining monitoring strategies and using Splunk, Elastic or OpenSearch for alerting and dashboards
- Experience evaluating and onboarding IAM technologies (Zero Trust, passwordless, adaptive authentication) and driving IAM roadmap
- Experience with certificate lifecycle management (SSL, federation trust, signing/encryption of assertions)
- Experience writing technical documentation and knowledgebase articles
- Linux scripting, PowerShell, VBScript
- ITIL, Ping Expert, Directory Services/LDAP, SSO certifications
- CISSP or CISM certification
What the Team is Saying
Chelsea
Senior Threat Response Engineer
Nick
Assistant Vice President, Developer Platforms
Naren
AVP, Business Analytics
.png)
Laura
Director, Artificial Intelligence
Bill
EVP & Head of Global Technology and Operations
Jing Huang
Software Platform Engineer
Sara Strauch
Portfolio Specialist, Emerging Markets
Dan Xiao
Principal Software Engineer
Cara Mootz
Senior Long-Term Disability (LTD) Claims Specialist
Cara Mootz
Senior Long-Term Disability (LTD) Claims Specialist
Naren Peri
Head of Data and Analytics, Hyderabad
Patricia Hixson
Senior Customer Care Advocate
Jing Huang
Software Platform Engineer
Samantha Heron
VP Global Head of HR Business Controls
Pete Clarke
ADA Unit Leader
Erica Provido
Assistant Vice President
Rene Rivera
Senior Full Stack Software Engineer
.png)
Am I A Good Fit?
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.
Success! Refresh the page to see how your skills align with this role.
The Company
What We Do
We're honored to be No. 10 on Great Place to Work's World's Best Workplaces and recognized in the Fortune 100 Best Companies to Work For® list in 2025. At MetLife, we're leading the global transformation of an industry we’ve defined for over 157 years. At MetLife, every innovation and line of code is a lifeline for our customers and their families—from victims of natural disasters to people living with disabilities and beyond. With operations in more than 40 markets and leading positions across the globe, MetLife fosters an inclusive culture where our people are energized and inspired to deliver for our customers and communities. Join our remarkable journey—one in which you help write the next century of innovation in financial services—because with MetLife, making the world a better place is All Together Possible.
Why Work With Us
At MetLife, you’ll be working for a company whose purpose is to help customers throughout their life’s journey, and often in their most critical time of need. You’ll be a part of developing leading-edge platforms that will have a lasting impact on the lives and well-being of tens of millions of customers.
Gallery
MetLife Teams
Product + Tech
About our Teams
MetLife Offices
Hybrid Workspace
Employees engage in a combination of remote and on-site work.
MetLife's current workplace policies classify roles as Office, Hybrid or Virtual based on the nature of work, encouraging new ways of working together
Typical time on-site:
Flexible
New York City, NY
Pune, IN
Mexico City, MX
Bridgewater, NJ
Cary, NC
Clark Summit, PA
Greenville, SC
Hyderabad, IN
Tampa, FL
Whippany, NJ
Learn more
