Senior IAM Engineer – ForgeRock

Senior IAM Engineer – Forge Rock Remote

Location:

United States

Job

We are seeking a skilled Forge Rock Senior IAM Engineer to oversee the day-to‑day administration, operational maintenance, and custom expansion of our Identity and Access Management platform. In this role, you will ensure high availability and optimal performance of the Forge Rock environment while actively developing custom scripts, authentication journeys, and plugins to meet evolving business needs. You will act as the bridge between core system engineering and day‑to‑day identity operations, maintaining platform stability and implementing custom configurations.

• Monitor platform health across the Forge Rock software suite including Access Management (AM), Identity Management (IDM), Directory Services (DS), and Identity Gateway (IG).
• Manage system upgrades, critical security patches, and hotfix deployments with minimal disruption to business operations.
• Maintain directory integrations ensuring steady synchronization between Forge Rock components and connected enterprise systems like Active Directory, Azure AD/Entra , and HR systems.
• Optimize system capacity by tuning JVM, database connectors, and LDAP server performances to meet service level agreements (SLAs).

• Provide L3 technical support to resolve complex identity federation, single sign-on (SSO), and authentication routing incidents.
• Conduct root cause analysis on system failures, application performance drops, or certificate expirations, implementing permanent remediation steps.
• Oversee backup and disaster recovery protocols, verifying snapshot integrity for all identity data and configurations.
• Maintain technical documentation including operational standard operating procedures (SOPs), runbooks, and environment architecture diagrams.

• Build custom authentication scripts and logic plugins utilizing Java, JavaScript, or Groovy to address advanced access use cases.
• Configure authentication journeys incorporating multi‑factor authentication (MFA), risk‑based conditional access, and Zero Trust validation policies.
• Develop JSON‑based route profiles within Forge Rock Identity Gateway to enforce policy controls for legacy applications and microservice APIs.
• Automate deployment workflows using CI/CD pipelines and infrastructure‑as‑code blueprints within Docker or Kubernetes container environments.

• Experience:
  
  6+ years of dedicated professional experience in Identity & Access Management (IAM), with at least 2+ years specialized in the Forge Rock ecosystem.
• Forge Rock Core:
  Proven mastery of Forge Rock AM, IDM, DS, and IG components, configuration files, and properties.
• Protocols:
  Deep understanding of core identity security standards including OAuth 2.0, OpenID Connect (OIDC), SAML 2.0, and LDAP.
• Languages:
  
  Proficiency writing production‑grade scripts in Groovy, JavaScript, or Java.
• Environments:
  Comfortable operating within Linux Server ecosystems, command‑line interfaces, and shell scripting.

• Certifications:
  
  Forge Rock Certified Access Management Specialist, Identity Management Specialist, or Ping Identity equivalent certifications.
• Dev Ops
  
  Skills:
  
  Hands‑on familiarity using Git version control, Jenkins, Docker, or Kubernetes clusters.

Ensono is a place to make better happen – for our clients and for your career. You can do great things through innovation or collaboration, by learning or volunteering, or to promote diversity and inclusion. You can do great things for your own health or for a healthier planet. Whatever it means to you to do great things, we want Ensono to be the place you can do it.

We are a client‑facing business, but we do encourage clients to allow us to work remotely most of the time so if you are not required to be on a client site, you can choose to work from home or in our Ensono offices.

• Unlimited Paid Days Off
• Three health plan options
• 401k with company match
• Eligibility for dental, vision, short and long‑term disability, life and AD&D coverage, and…