Overview

Role Title: IAM Security Engineer
Location: London (3 Days per Week Onsite)
Duration: Until end of Year Initially
Rate: £505p/d via Umbrella

Responsibilities

• Join us as a senior software security engineer for CIAM to bring to life a new digital platform capability and modernise our digital estate to build a market-leading digital offering with customer experience at its heart.
• Partner with business-aligned engineering and product teams to ensure a collaborative team culture is at the heart of delivery.
• Design and implement IAM solutions with a broad range of tooling, products, protocols, taxonomy, identity management, authentication, authorization and identity federation.
• Develop extensible IAM APIs for seamless integration with external and internal applications, including hands-on coding in JavaScript or Java.
• Implement Ping Identity solutions (PingGateway, PingAM, PingIDM, PingDS) and develop PingGateway scripted routes and PingAM authentication trees, including integration with threat sensors and adaptive / step-up authentication.
• Configure and manage data links between internal and external sources (LDAPS, JDBC, SOAP, HTTPS, and other data sources) as part of IAM implementations.

Qualifications

• Strong hands-on IAM engineer background with broad expertise across the IAM domain, including tooling, products, protocols, taxonomy, identity management, authentication, authorization and identity federation.
• Expertise with single sign-on, OAuth2, OIDC, PKI, PSD2 SCA knowledge and possession-based authentication. Experience with ForgeRock development and PingGateway, PingAM, PingIDM and PingDS; including JavaScript coding of PingGateway scripted routes and PingAM authentication trees.
• Strong hands-on coding across either JavaScript or Java; ability to design extensible IAM APIs for seamless integration with external and internal applications.
• Experience implementing PingAM custom authentication trees, including downstream API integration with threat sensors (e.g., ThreatMetrix, BioCatch), adaptive authentication and step-up authentication, and data links between internal and external sources (LDAPS, JDBC, SOAP, HTTPS).
• Desirable: experience implementing PingGateway SSO routes, dynamic proxies and filter chains, or PingIDM data links; ability to collaborate with security, product, engineering and compliance teams to embed identity-first principles into the DevSecOps lifecycle.

Other

You may be assessed on key critical skills relevant for success in the role, such as risk and controls, change and transformation, business acumen, strategic thinking and digital and technology, as well as job-specific technical skills.