ForgeRock Federation Engineer

Forge Rock Federation Engineer

Job Location s: US

We are seeking a skilled Forge Rock Federation Engineer to support the design, implementation, and maintenance of secure identity federation solutions within a large federal IAM environment. This role focuses on enabling secure authentication and authorization data exchange across enterprise, cloud, and partner systems using the Forge Rock (Ping One Advanced Identity Cloud) platform, while ensuring compliance with federal security standards.

Key Responsibilities:

• Configure and manage identity federation and SSO using SAML 2.0, OAuth 2.0, and OIDC
• Establish and maintain IdP/SP trust relationships across enterprise and cloud systems
• Design and implement Forge Rock components (AM, IDM, DS, IG) for scalable IAM solutions
• Develop authentication journeys supporting MFA, adaptive access, and Zero Trust policies
• Integrate with directory services (LDAP, Active Directory, Azure AD / Entra )
• Enable application and API integrations using REST, SCIM, and federation protocols
• Develop custom authentication nodes and scripts (Java, Groovy, JavaScript)
• Support platform upgrades, patching, and Dev Ops automation (Docker, Kubernetes, CI/CD)
• Ensure compliance with federal standards (NIST, FISMA, FedRAMP)
• Troubleshoot complex federation and integration issues (L3 support)
• Collaborate within agile teams for delivery and continuous improvement

Required Qualifications:

• Bachelor's degree and 5 years of experience or 9 years with a HS diploma/equivalent
• 5 years of IAM engineering experience
• Experience with Forge Rock or Ping One platform
• Experience implementing federation and SSO solutions
• Experience working in agile environments
• Federation Protocols: SAML 2.0, OAuth 2.0, OpenID Connect (OIDC), JWT, PKCE, mTLS experience
• Forge Rock/Ping: AM, IDM, DS, IG configuration and administration experience
• Directory Services: LDAP, Active Directory, Azure AD (Entra ) experience
• Experience in Java, Groovy, JavaScript; REST API integration
• Dev Ops:
  Docker, Kubernetes, CI/CD tools (Jenkins, Git Lab CI), Git experience
• Familiarity with AWS, Azure, or GCP
• Security: MFA, RBAC/ABAC, Zero Trust principles
• U.S. Citizenship required
• Ability to obtain and maintain the required agency clearance

Preferred Qualifications:

• Experience with Okta, SailPoint, Cyber Ark, or IBM Security Verify
• Familiarity with Ping Federate, Ping Access, or Ping Directory
• Experience with CIAM (Customer Identity and Access Management)
• Knowledge of identity analytics or AI-driven IAM tools
• Prior federal IAM program experience (DoD, DHS, FSA, etc.)
• Familiarity with NIST, FISMA, and FedRAMP compliance

Certifications (Preferred):

• Forge Rock or Ping Identity certifications
• CISSP or Certified Identity and Access Manager (CIAM)
• CompTIA Security+

$80,000 - $128,000. This represents the typical salary range for this position. Salary is determined by various factors, including but not limited to, the scope and responsibilities of the position, the individual's experience, education, knowledge, skills, and competencies, as well as geographic location and business and contract considerations. Depending on the position, employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay.

EEO:
Equal opportunity employer, including disability and protected veterans, or other characteristics protected by law.