Responsibilities
We are seeking a skilled ForgeRock Federation Engineer to support the design, implementation, and maintenance of secure identity federation solutions within a large federal IAM environment. This role focuses on enabling secure authentication and authorization data exchange across enterprise, cloud, and partner systems using the ForgeRock (PingOne Advanced Identity Cloud) platform, while ensuring compliance with federal security standards.
Key Responsibilities:
- Configure and manage identity federation and SSO using SAML 2.0, OAuth 2.0, and OIDC
- Establish and maintain IdP/SP trust relationships across enterprise and cloud systems
- Design and implement ForgeRock components (AM, IDM, DS, IG) for scalable IAM solutions
- Develop authentication journeys supporting MFA, adaptive access, and Zero Trust policies
- Integrate with directory services (LDAP, Active Directory, Azure AD / Entra ID)
- Enable application and API integrations using REST, SCIM, and federation protocols
- Develop custom authentication nodes and scripts (Java, Groovy, JavaScript)
- Support platform upgrades, patching, and DevOps automation (Docker, Kubernetes, CI/CD)
- Ensure compliance with federal standards (NIST, FISMA, FedRAMP)
- Troubleshoot complex federation and integration issues (L3 support)
- Collaborate within agile teams for delivery and continuous improvement
Qualifications
Required Qualifications:
- Bachelor’s degree and 5 years of experience or 9 years with a HS diploma/equivalent
- 5 years of IAM engineering experience
- Experience with ForgeRock or PingOne platform
- Experience implementing federation and SSO solutions
- Experience working in agile environments
- Federation Protocols: SAML 2.0, OAuth 2.0, OpenID Connect (OIDC), JWT, PKCE, mTLS experience
- ForgeRock/Ping: AM, IDM, DS, IG configuration and administration experience
- Directory Services: LDAP, Active Directory, Azure AD (Entra ID) experience
- Experience in Java, Groovy, JavaScript; REST API integration
- DevOps: Docker, Kubernetes, CI/CD tools (Jenkins, GitLab CI), Git experience
- Familiarity with AWS, Azure, or GCP
- Security: MFA, RBAC/ABAC, Zero Trust principles
- U.S. Citizenship required
- Ability to obtain and maintain the required agency clearance
Preferred Qualifications:
- Experience with Okta, SailPoint, CyberArk, or IBM Security Verify
- Familiarity with PingFederate, PingAccess, or PingDirectory
- Experience with CIAM (Customer Identity and Access Management)
- Knowledge of identity analytics or AI-driven IAM tools
- Prior federal IAM program experience (DoD, DHS, FSA, etc.)
- Familiarity with NIST, FISMA, and FedRAMP compliance
Certifications (Preferred):
- ForgeRock or Ping Identity certifications
- CISSP or Certified Identity and Access Manager (CIAM)
- CompTIA Security+
Target Salary Range$80,000 - $128,000. This represents the typical salary range for this position. Salary is determined by various factors, including but not limited to, the scope and responsibilities of the position, the individual’s experience, education, knowledge, skills, and competencies, as well as geographic location and business and contract considerations. Depending on the position, employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay.
