DatamaticsRemote
Identity DevOps Engineer
United States of America
Full Time
3 weeks ago
H1B Sponsor Likely
Key skills
PingFederateJavaJ2EEPassword Credential ValidatorsPingOne SSOPingOne MFAPing DaVinciPingOne ProtectMicrosoft 365 SSOMicrosoft Entra IDOracle Identity Manager (OIM)Oracle Access Gateway (OAG)Google Cloud PlatformGoogle Kubernetes EngineTerraformHelm chartsGitJenkinsContainerizationPythonPowerShellGCPGoogle CloudKubernetesGKEHelmIAMEntra IDOracleActive DirectorySSOSingle Sign-On
About this role
Datamatics is seeking a Senior Identity DevOps Engineer / IAM Architect to enhance the engineering and operational stability of their enterprise Single Sign-On (SSO) and Identity & Access Management (IAM) platforms. The role involves bridging high-level IAM architecture with hands-on DevOps execution, focusing on platform modernization, complex integrations, and operational support.
Responsibilities:
- Lead the architectural migration from on-premise PingFederate instances to cloud-native PingOne environments
- Leverage Ping DaVinci to design and enhance customized user journeys for self-service MFA, password resets, and international application onboarding
- Maintain, troubleshoot, and understand legacy Java-based custom adapters using Java/J2EE PingFederate components, custom Password Credential Validators (PCVs), and complex data store integrations
- Design, build, and maintain hybrid identity infrastructure utilizing Terraform, Helm charts, Google Kubernetes Engine (GKE), and containerization to strengthen platform resiliency
- Partner with international business units to enable SSO across global application portfolios
- Expand MFA footprint across legacy and cloud-native applications, executing targeted user MFA campaigns
- Own the end-to-end lifecycle of new identity intake requests, certificate management improvements, and production incidents
- Improve platform visibility by building advanced logging, monitoring architectures, and dashboards to proactively catch 'phantom/rogue' login errors
- Expand the PingOne Protect application footprint
- Partner closely with the Security team to tune risk triggers, evaluate threats, and mitigate malicious authentication attempts
- Initiate the deployment of PingCentral to automate environment promotions and provide application owners with customer self-service capabilities
- Partner with QA teams to develop automated test scripts for authentication paths
- Serve as an escalation point for complex user issues involving Active Directory (AD), networking, lockouts, and authentication consistency
- Partner closely with the Service Desk to optimize MFA setups and reset procedures
Requirements:
- Expert Proficiency: PingFederate (including custom Java/J2EE adapters, custom PCVs, and complex data store integrations)
- Strong Proficiency: PingOne Suite (PingOne SSO, PingOne MFA, DaVinci, and PingOne Protect)
- Deep understanding of Microsoft 365 SSO integrations and Microsoft Entra ID configuration
- Familiarity with legacy Oracle Authorization suites (OIM, OAG) is considered a strong plus
- Proven experience managing hybrid and cloud environments, specifically utilizing Google Cloud Platform (GCP) and Google Kubernetes Engine (GKE)
- Strong hands-on experience with Terraform and Helm charts for deploying identity components
- Proficient with Git, Jenkins, and containerization workflows
- Advanced scripting capabilities utilizing Python, PowerShell, or similar languages to automate repeatable IAM tasks and configurations