ForgeRock Federation Engineer

ForgeRock Federation EngineerJob Locations: USResponsibilitiesWe are seeking a skilled ForgeRock Federation Engineer to support the design, implementation, and maintenance of secure identity federation solutions within a large federal IAM environment. This role focuses on enabling secure authentication and authorization data exchange across enterprise, cloud, and partner systems using the ForgeRock (PingOne Advanced Identity Cloud) platform, while ensuring compliance with federal security standards.Key Responsibilities:Configure and manage identity federation and SSO using SAML 2.0, OAuth 2.0, and OIDCEstablish and maintain IdP/SP trust relationships across enterprise and cloud systemsDesign and implement ForgeRock components (AM, IDM, DS, IG) for scalable IAM solutionsDevelop authentication journeys supporting MFA, adaptive access, and Zero Trust policiesIntegrate with directory services (LDAP, Active Directory, Azure AD / Entra ID)Enable application and API integrations using REST, SCIM, and federation protocolsDevelop custom authentication nodes and scripts (Java, Groovy, JavaScript)Support platform upgrades, patching, and DevOps automation (Docker, Kubernetes, CI/CD)Ensure compliance with federal standards (NIST, FISMA, FedRAMP)Troubleshoot complex federation and integration issues (L3 support)Collaborate within agile teams for delivery and continuous improvementQualificationsRequired Qualifications:Bachelor's degree and 5 years of experience or 9 years with a HS diploma/equivalent5 years of IAM engineering experienceExperience with ForgeRock or PingOne platformExperience implementing federation and SSO solutionsExperience working in agile environmentsFederation Protocols: SAML 2.0, OAuth 2.0, OpenID Connect (OIDC), JWT, PKCE, mTLS experienceForgeRock/Ping: AM, IDM, DS, IG configuration and administration experienceDirectory Services: LDAP, Active Directory, Azure AD (Entra ID) experienceExperience in Java, Groovy, JavaScript; REST API integrationDevOps: Docker, Kubernetes, CI/CD tools (Jenkins, GitLab CI), Git experienceFamiliarity with AWS, Azure, or GCPSecurity: MFA, RBAC/ABAC, Zero Trust principlesU.S. Citizenship requiredAbility to obtain and maintain the required agency clearancePreferred Qualifications:Experience with Okta, SailPoint, CyberArk, or IBM Security VerifyFamiliarity with PingFederate, PingAccess, or PingDirectoryExperience with CIAM (Customer Identity and Access Management)Knowledge of identity analytics or AI-driven IAM toolsPrior federal IAM program experience (DoD, DHS, FSA, etc.)Familiarity with NIST, FISMA, and FedRAMP complianceCertifications (Preferred):ForgeRock or Ping Identity certificationsCISSP or Certified Identity and Access Manager (CIAM)CompTIA Security+Target Salary Range$80,000 - $128,000. This represents the typical salary range for this position. Salary is determined by various factors, including but not limited to, the scope and responsibilities of the position, the individual's experience, education, knowledge, skills, and competencies, as well as geographic location and business and contract considerations. Depending on the position, employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay.EEOEEO: Equal opportunity employer, including disability and protected veterans, or other characteristics protected by law.#J-18808-Ljbffr

Government Careers

Show more