ForgeRock Identity and Access Management Engineer

Position is bonus eligible.

Prestigious Financial Institution is currently seeking a Senior Identity and Access Management Engineer with strong ForgeRock experience. The candidate will be responsible for access control and all associated programs, including ForgeRock, SailPoint, and Duo. This role emphasizes integrating internal applications with the ForgeRock Identity suite using OAuth methodologies and custom scopes, coordinating with application development teams and enterprise architecture. Team members collaborate daily on IAM system design and implementation, as well as operational and customer support related to Identity and Access functions. They also assist in evaluating and enhancing our compliance posture, control execution, process efficiency, and evidence gathering for audits.

• Perform primary duties satisfactorily as outlined.
• Administer and configure IAM products, focusing on ForgeRock Identity products.
• Develop custom integrations, workflows, and rules using Agile methodologies.
• Plan, implement, enforce, and review security policies, procedures, and controls specific to Identity Access Management.
• Process access requests and issue tickets for internal and external customers.
• Lead troubleshooting and resolution of system issues impacting enterprise production.
• Manage project phases from design to deployment.
• Report on controls, gather evidence, and ensure control execution.
• Collaborate across IT and Business departments to implement technical solutions.
• Monitor, evaluate, and maintain systems to enforce best practices for user access and control under limited supervision.
• Research and recommend system and procedural changes to improve security.
• Communicate security policies and procedures to users.
• Assist customers with multi-platform security access issues and requests.
• Identify or develop tools to monitor and manage risk.
• Support management with special projects and other duties as assigned.

• Proven ability to perform responsibilities listed, with reasonable accommodations for disabilities.
• Experience with control reporting, evidence gathering, and control execution.
• Ability to work collaboratively across departments to implement solutions.
• Ability to monitor and maintain systems to enforce access controls and security best practices.
• Experience researching and implementing security enhancements.
• Ability to communicate security policies effectively.
• Support customers with multi-platform access issues.
• Develop and identify tools to monitor and mitigate risks.
• Support management with projects and other tasks.
• Proficiency with Microsoft Active Directory and LDAP.
• Experience in highly regulated environments using security frameworks like NIST or COBIT.
• Experience supporting ForgeRock Identity Platform components.
• Knowledge of Multi-Factor Authentication protocols and systems (e.g., Entrust, Duo).
• Knowledge of Single Sign-On protocols and systems (e.g., OIDC, OAuth2.0, SAML, Okta, Ping).
• Development skills in Java, Javascript, Groovy, Python, and shell scripting.
• Understanding of Encryption and Network protocols (SSL, IPV4, HTTP).
• Basic Linux and Windows server administration knowledge.
• Familiarity with Amazon Web Services (AWS).
• Understanding of IT audit controls, risk ranking, and remediation.
• Preferred: SailPoint Identity IQ administration, E-GRC/Archer, ServiceNow, Mainframe architecture, CA-ACF2, Directory services.
• Bachelor’s degree in related field or equivalent experience.
• 7+ years of IAM experience preferred.
• Industry certifications such as CISSP, ITIL are advantageous.