ForgeRock Identity Gateway; IG​/PingGateway, Engineer

Responsibilities

We are seeking a Forge Rock Identity Gateway (IG)/Ping Gateway, Engineer to support a federal Identity and Access Management (IAM) program for the U.S. Department of Education Federal Student Aid (FSA). This role is responsible for designing and operating identity-aware reverse proxy and gateway solutions that secure applications, APIs, and microservices across a Zero Trust architecture.

Key responsibilities include serving as a key Policy Enforcement Point (PEP) architect, ensuring consistent identity and access control enforcement across legacy, cloud, and hybrid systems in alignment with federal security standards such as NIST, FICAM, FedRAMP, and Zero Trust principles.

• Design, configure, and maintain Ping Gateway (Forge Rock IG) as an identity-aware reverse proxy
• Manage HTTP/S traffic routing, TLS termination, and load balancer integrations
• Enforce identity and access policies at the network edge

• Develop and maintain JSON-based route configurations and gateway policies
• Implement filters, handlers, and scripts for request/response transformation
• Support credential replay, token injections, and header manipulation for legacy apps

• Secure APIs using Ping Gateway microgateway capabilities
• Implement OAuth 2.0 resource server patterns and token validation
• Integrate with external authorization systems (e.g., Ping Authorize)

• Implement SSO, MFA, and federated identity flows
• Configure OAuth 2.0, OpenID Connect (OIDC), and SAML integrations
• Support migration of legacy identity protocols to Ping One Advanced Identity Cloud

• Implement gateway-based Policy Enforcement Points (PEP) within a Zero Trust architecture
• Enforce adaptive authentication and risk-based access controls

• Develop Groovy and JavaScript scripts for custom gateway behavior
• Build custom authentication, token handling, and audit logging logic

• Configure logging, metrics, and audit trails for gateway traffic
• Integrate with enterprise SIEM and monitoring tools (e.g., Prometheus, Open Telemetry)

• Deploy Ping Gateway in Docker and Kubernetes environments
• Support CI/CD pipelines and infrastructure-as-code practices
• Work with hardened container environments for federal systems

• Integrate Ping Gateway with Forge Rock components (AM, IDM, DS)
• Support identity flows across hybrid and cloud environments

• Provide L3 support for production incidents
• Perform root cause analysis and resolve complex identity and routing issues
• Ensure high availability and performance of gateway services

• Ensure compliance with FISMA, FedRAMP, NIST, and federal IAM standards
• Support audits, security assessments, and continuous monitoring requirements
• Participate in design reviews and agile ceremonies

Required Qualifications:

• Bachelor's degree and 5 years of experience or 9 years with a HS diploma/equivalent
• 5+ years in Identity and Access Management (IAM)
• Hands-on experience with Forge Rock IG / Ping Gateway or similar API gateway/IAM reverse proxy solutions
• Experience in enterprise or federal environments
• Experience working in Agile/Scrum teams
• Forge Rock IG / Ping Gateway (route configuration, scripting, policy design) experience
• Familiarity in OAuth 2.0, OpenID Connect, SAML 2.0, JWT, LDAP
• Groovy and JavaScript scripting experience
• Experience in REST APIs and microservices security
• Familiarity in Kubernetes, Docker, and CI/CD pipelines
• LDAP/Active Directory integration experience
• Understanding of Zero Trust architecture (NIST SP 800-207)
• Familiarity with cloud platforms (AWS, Azure, or GCP)
• U.S. Citizenship required
• Must be able to obtain and maintain the required agency clearance

Preferred Qualifications:

• Forge Rock or Ping Identity certifications
• CISSP, Security+, or similar cybersecurity certifications
• Experience with Ping Authorize or externalized authorization models
• Experience with federal IAM programs (FSA, DHS, DoD, etc.)
• Knowledge of observability tools (Prometheus, Open Telemetry)
• Experience with SailPoint, Okta, or Cyber Ark
• Familiarity with advanced security topics (mTLS, FAPI, PKI, or post-quantum crypto)
• Agile/SAFe certifications

$80,000 - $128,000. This represents the typical salary range for this position. Salary is determined by various factors, including but not limited to, the scope and responsibilities of the position, the individual's experience, education, knowledge, skills, and competencies, as well as geographic location and business and contract considerations. Depending on the position, employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay.

Equal opportunity employer, including disability and protected veterans, or other characteristics protected by law.