Senior CIAM Architect

Senior CIAM Architect (15+ Years)

We are seeking a highly experienced Senior CIAM Architect with deep expertise in Ping Identity technologies to lead the design, engineering, integration, and support of enterprise-scale customer identity and access management platforms. This role requires strong hands-on experience across federation, authentication, directory services, security, PKI, infrastructure, and automation, with the ability to drive architecture decisions and resolve complex production issues in high-scale environments.

Role Summary

Mandatory Experience

• 15+ years in IAM/CIAM domain
• 8+ years working with Ping Identity products
• Strong hands-on experience with:
• PingFederate
• PingDirectory
• PingAccess
• PingOne
• Experience supporting enterprise-scale customer authentication platforms (10M+ users preferred) With Banking customer would be an added advantage.

Key Responsibilities

• · Lead the architecture, design, implementation, and support of enterprise CIAM solutions using Ping Identity products.
• · Own end-to-end solution design for customer authentication, federation, authorization, and directory integration use cases.
• · Design scalable and secure authentication platforms capable of supporting large user populations and high transaction volumes.
• · Implement and optimize SSO, MFA, OAuth, OIDC, and federation flows for enterprise and customer-facing applications.
• · Drive integration with downstream applications, identity providers, APIs, directories, and security infrastructure.
• · Lead production issue resolution for complex authentication, federation, token, certificate, and directory-related problems.
• · Collaborate with infrastructure, network, security, application, and DevOps teams to ensure resilient and secure identity services.
• · Define engineering standards, deployment patterns, operational runbooks, and best practices for CIAM platform support.
• · Provide technical leadership to engineering teams, review solution designs, and mentor junior team members.
• · Support modernization initiatives including cloud adoption, automation, and observability for identity platforms.

Technical Skills

Federation & Authentication

• SAML 2.0
• OAuth 2.0
• OpenID Connect (OIDC)
• JWT/JWS/JWE

PingFederate Expertise

• End-to-end PingFederate administration
• SSO Integration
• Token exchange
• Authentication Policies
• Selectors and Adapters
• OAuth/OIDC troubleshooting
• Federation onboarding

PingDirectory Expertise

Cloud Skills

• Amazon Web Services (AWS)

  Infrastructure

• Linux administration
• Networking fundamentals
• DNS
• Load balancers
• Reverse proxies
• Firewall concepts

Security & PKI Expertise (Very Important)

Candidate must have hands-on experience with:

• SSL/TLS certificate installation
• Certificate renewal process
• Keystore management
• Truststore management
• JKS/PKCS12 handling
• CSR generation
• Root and Intermediate CA chains
• Mutual TLS (mTLS)

DevOps & Automation

• CI/CD pipelines
• Git
• Jenkins
• Terraform
• Monitoring and observability

Troubleshooting Capability

Candidate should be able to independently troubleshoot:

• Federation failures
• OAuth failures
• Token validation issues
• LDAP connectivity issues
• Replication failures
• Certificate chain issues
• Load balancer routing issues
• Authentication latency problems
• Production incidents

Required Qualifications

• · 15+ years of experience in Identity and Access Management (IAM) / Customer Identity and Access Management (CIAM).
• · 8+ years of strong hands-on experience with Ping Identity product suite, especially PingFederate, PingDirectory, PingAccess, and PingOne.
• · Proven experience designing and supporting enterprise-scale customer authentication platforms; experience with 10M+ user environments is strongly preferred.
• · Strong expertise in authentication and federation standards including SAML 2.0, OAuth 2.0, OpenID Connect (OIDC), and JWT technologies.
• · Deep hands-on expertise in PingFederate administration, SSO integrations, token exchange, authentication policies, selectors, adapters, and OAuth/OIDC troubleshooting.
• · Experience with PingDirectory administration, LDAP integrations, directory operations, replication, performance tuning, and troubleshooting.
• · Good understanding of PingAccess for application access control, policy enforcement, and secure application integration.
• · Strong hands-on experience with SSL/TLS certificates, certificate renewals, keystore and truststore management, JKS/PKCS12 handling, CSR generation, CA chains, and mutual TLS.
• · Solid knowledge of Linux administration, networking fundamentals, DNS, load balancers, reverse proxies, and firewall concepts.
• · Experience working in cloud environments, preferably AWS.
• · Hands-on exposure to CI/CD pipelines, Git, Jenkins, Terraform, and monitoring or observability tooling.
• · Strong troubleshooting skills across federation, OAuth, token validation, LDAP connectivity, directory replication, certificate chain issues, latency, routing, and production incidents.

Preferred Qualifications

• · Ping Identity certifications such as Ping Identity Certified Professional.
• · AWS certifications such as AWS Solutions Architect.
• · Experience in highly regulated, large-scale, or customer-facing enterprise environments.
• · Exposure to architecture governance, engineering leadership, and cross-functional stakeholder management.

Key Competencies

• · Strong ownership and leadership in driving critical identity platform initiatives.
• · Ability to translate business and security requirements into robust CIAM architecture and engineering solutions.
• · Excellent analytical and problem-solving skills for high-severity production incidents.
• · Strong verbal and written communication skills with the ability to work across technical and business stakeholders.
• · Ability to operate effectively in fast-paced, high-availability production environments.

Preferred Certifications

• Ping Identity Certified Professional
• AWS Solutions Architect