Ping IAM Architect

Atlanta | Chicago | Detroit | Kansas City | Philadelphia | Seattle Valorem Reply, US - IT Modernization Permanent (Full Time)

Valorem Reply is seeking a Ping IAM Architect that is experienced with assessing, designing, and operating both on-prem environments that also know how to operate similar features once moved into the cloud. It's ideal to have experience with documenting the environment "as-is" architecturally compared to the "to-be" within the cloud once implemented. Must be able to do discovery in customized Ping solutions. Ideally has deep understanding in Azure AD. DEEP experience in Okta, Azure AD, AND Authentication might substitute if candidates lack Ping experience.

Evaluate, design and architect access management solutions related to Ping Identity / Ping One as the primary focus or secondarily one the following Identity Platforms (IdP): Active Directory (AD) / Azure AD, or Okta. Experience is required in architecting and rolling out MFA, Conditional Access, and Identity Governance and Protection to manage the identity solution. 

Experience should include the following:
·       Working knowledge of Ping Access, Ping Federate, and Ping One as the IDP hub; of mTLS with JWT; and Attribute-Based Access Control (ABAC) systems (e.g., role, location, device health, citizenship).
·       Discover and define a clear problem statement beyond just replacing current or outdated technologies.
·       Specify use cases that, once delivered, help to solve the problem through envisioning workshops and assessment of the As-Is environment. These use cases could include:
o   Migrating from a heavily customized on-premises network-based Identity and Access Management platform to a Cloud-based IAM service.
o   Migrating from a heavily customized IaaS-based Identity and Access Management platform to a Cloud-based IAM service.
·       Create and document a solution bill of material that defines all the elements needed to deliver a solution including technologies, policies, processes, and skilling. This can include:
o   Providing a list of adapters that need to be migrated.
o   Providing a list of applications that need to be migrated with an indication of the pattern used.
o   Documenting the impact of using OAuth/OIDC as the new default pattern for any application.
o   Documenting the impact of no longer having access to the virtual machines running the Ping on-premises services.
o   Documenting the impact of no longer having direct access to the Ping logs for ingestion into a SIEM solution.
o   Providing a list of required changes to IAM services to integrate with the ABAC system
o   Providing a roadmap for changes to IAM services to support ABAC
o   Documenting integration as well as recommendations for where to implement ABAC capabilities.
o   Documenting impact for capturing identity attributes like citizenship, and geographic location at AuthN.
·       Design a solution architecture using current and new technologies as well as utilities and APIs required to integrate.
·       Define the set of activities (e.g., technical implementation, policy and process development, and training) and layout the roadmap and plan.
·       Understand and convey the customer’s change readiness to assimilate all the elements in the solution so that delivery happens as envisioned on time and in budget.
Experience should include providing direction and guidance to customer personnel in the areas below:
·       Implement Identity Management solutions
·       Implement an Authentication and Access Management solution
·       Implement Access Management for Apps
·       Plan and implement an identity governance strategy. 

Basic Requirements:

  • ·       7+ years of specific experience in Identity and Access Management (IAM) Projects
  • ·       Knowledge of Ping concepts and features
  • ·       Experience building authentication modules within applications and web applications.
  • ·       Extensive knowledge of the Identity and Access Management Domain
  • ·       Extensive knowledge of Authentication and Authorization concepts
  • ·       Extensive knowledge of Single sign-on Concepts
  • ·       Well versed in Identity Federation Concepts
  • Certifications:

  • Certifications that suggest proficiency in these tasks include:
  • ·       Ping Identity Certified Professional
  • ·       Microsoft Certified: Identity and Access Administrator Associate (SC-300)
  • ·       Okta Certified Professional / Okta Certified Administrator
  • Atlanta | Chicago | Detroit | Kansas City | Philadelphia | Seattle

    Ping IAM Architect