Senior CIAM Architect

Senior CIAM Architect (15+ Years)

We are seeking a highly experienced Senior CIAM Architect with deep expertise in Ping Identity technologies to lead the design, engineering, integration, and support of enterprise-scale customer identity and access management platforms. This role requires strong hands-on experience across federation, authentication, directory services, security, PKI, infrastructure, and automation, with the ability to drive architecture decisions and resolve complex production issues in high-scale environments.

Role Summary

Mandatory Experience

• 15+ years in IAM/CIAM domain
• 8+ years working with Ping Identity products
• Strong hands-on experience with:
• PingFederate
• PingDirectory
• PingAccess
• PingOne
• Experience supporting enterprise-scale customer authentication platforms (10M+ users preferred) With Banking customer would be an added advantage.

Key Responsibilities

• ·      Lead the architecture, design, implementation, and support of enterprise CIAM solutions using Ping Identity products.
• ·      Own end-to-end solution design for customer authentication, federation, authorization, and directory integration use cases.
• ·      Design scalable and secure authentication platforms capable of supporting large user populations and high transaction volumes.
• ·      Implement and optimize SSO, MFA, OAuth, OIDC, and federation flows for enterprise and customer-facing applications.
• ·      Drive integration with downstream applications, identity providers, APIs, directories, and security infrastructure.
• ·      Lead production issue resolution for complex authentication, federation, token, certificate, and directory-related problems.
• ·      Collaborate with infrastructure, network, security, application, and DevOps teams to ensure resilient and secure identity services.
• ·      Define engineering standards, deployment patterns, operational runbooks, and best practices for CIAM platform support.
• ·      Provide technical leadership to engineering teams, review solution designs, and mentor junior team members.
• ·      Support modernization initiatives including cloud adoption, automation, and observability for identity platforms.

Technical Skills

Federation & Authentication

• SAML 2.0
• OAuth 2.0
• OpenID Connect (OIDC)
• JWT/JWS/JWE

PingFederate Expertise

• End-to-end PingFederate administration
• SSO Integration
• Token exchange
• Authentication Policies
• Selectors and Adapters
• OAuth/OIDC troubleshooting
• Federation onboarding

PingDirectory Expertise

Cloud Skills

• Amazon Web Services (AWS)

 Infrastructure

• Linux administration
• Networking fundamentals
• DNS
• Load balancers
• Reverse proxies
• Firewall concepts

Security & PKI Expertise (Very Important)

Candidate must have hands-on experience with:

• SSL/TLS certificate installation
• Certificate renewal process
• Keystore management
• Truststore management
• JKS/PKCS12 handling
• CSR generation
• Root and Intermediate CA chains
• Mutual TLS (mTLS)

DevOps & Automation

• CI/CD pipelines
• Git
• Jenkins
• Terraform
• Monitoring and observability

Troubleshooting Capability

Candidate should be able to independently troubleshoot:

• Federation failures
• OAuth failures
• Token validation issues
• LDAP connectivity issues
• Replication failures
• Certificate chain issues
• Load balancer routing issues
• Authentication latency problems
• Production incidents

Required Qualifications

• ·      15+ years of experience in Identity and Access Management (IAM) / Customer Identity and Access Management (CIAM).
• ·      8+ years of strong hands-on experience with Ping Identity product suite, especially PingFederate, PingDirectory, PingAccess, and PingOne.
• ·      Proven experience designing and supporting enterprise-scale customer authentication platforms; experience with 10M+ user environments is strongly preferred.
• ·      Strong expertise in authentication and federation standards including SAML 2.0, OAuth 2.0, OpenID Connect (OIDC), and JWT technologies.
• ·      Deep hands-on expertise in PingFederate administration, SSO integrations, token exchange, authentication policies, selectors, adapters, and OAuth/OIDC troubleshooting.
• ·      Experience with PingDirectory administration, LDAP integrations, directory operations, replication, performance tuning, and troubleshooting.
• ·      Good understanding of PingAccess for application access control, policy enforcement, and secure application integration.
• ·      Strong hands-on experience with SSL/TLS certificates, certificate renewals, keystore and truststore management, JKS/PKCS12 handling, CSR generation, CA chains, and mutual TLS.
• ·      Solid knowledge of Linux administration, networking fundamentals, DNS, load balancers, reverse proxies, and firewall concepts.
• ·      Experience working in cloud environments, preferably AWS.
• ·      Hands-on exposure to CI/CD pipelines, Git, Jenkins, Terraform, and monitoring or observability tooling.
• ·      Strong troubleshooting skills across federation, OAuth, token validation, LDAP connectivity, directory replication, certificate chain issues, latency, routing, and production incidents.

Preferred Qualifications

• ·      Ping Identity certifications such as Ping Identity Certified Professional.
• ·      AWS certifications such as AWS Solutions Architect.
• ·      Experience in highly regulated, large-scale, or customer-facing enterprise environments.
• ·      Exposure to architecture governance, engineering leadership, and cross-functional stakeholder management.

Key Competencies

• ·      Strong ownership and leadership in driving critical identity platform initiatives.
• ·      Ability to translate business and security requirements into robust CIAM architecture and engineering solutions.
• ·      Excellent analytical and problem-solving skills for high-severity production incidents.
• ·      Strong verbal and written communication skills with the ability to work across technical and business stakeholders.
• ·      Ability to operate effectively in fast-paced, high-availability production environments.

Preferred Certifications

• Ping Identity Certified Professional
• AWS Solutions Architect