Security Engineer, Identity and Access Management (IAM) - PING FEDERATE

NRECA is a unique national trade association providing advocacy, financial services, and business support services to over 900 consumer-owned electric cooperatives across the country. NRECA employees are united by our mission, inclusive culture, collaborative workplace, and commitment to service excellence. As a "best place to work" employer, we operate with integrity, transparency, and a spirit of innovation.

The IAM Engineer supports Identity and Access Management (IAM) tools, enhances processes, and improves policies related to user access and identity management. This role is responsible for delivering enterprise-wide Identity, Access, Directory, and Authentication Services with capabilities to support Cloud and On-Prem Application services. THIS IS A HYBRID POSITION LOCATED IN ARLINGTON, VA.

• Provide technical leadership to a team of engineers to ensure successful delivery of IDP and IAM projects.
• Maintain strong knowledge of modern authentication standards, protocols, and frameworks: LDAP, SAML, OAUTH2, OIDC, FIDO2, Kerberos, SCIM, WS-Federation, JWT.
• Implement and manage SSO integration for SaaS-based and private applications using PingFederate, PingAccess, Okta, Azure AD, AWS IAM Identity Center.
• Design, implement, and maintain identity and access management solutions using Okta, Ping, Azure AD, OAuth, OIDC, SAML, Header-based authentication, SiteMinder, LDAP, SCIM, e-directory, and other relevant technologies.
• Serve as a subject matter expert on authentication services, providing guidance and technical leadership to team members.
• Evaluate and recommend new IDP and IAM technologies to meet business needs.
• Ensure compliance with security standards and policies.
• Implement automation to streamline identity management processes.
• Troubleshoot and resolve identity and access management issues.
• Foster a culture of automation and innovation, developing and supporting new methods, products, procedures, or technologies.
• Manage application credentials and user access policies.
• Troubleshoot MFA and Single Sign-On issues with Ping and Azure AD.
• Assist application teams through the SDLC process for integrating applications/systems with IAM solutions.

• 8+ years in a technical role such as security, network, systems, or software engineering, with at least 5 years focused on IAM.
• 8+ years engineering IAM solutions in AWS, Azure, or large-scale IDP implementations (e.g., Okta, Ping).
• Experience with SSO domains, realms, rules, responses, policies, and federation using SAML, OAuth, OIDC, APIs, with automation of provisioning and deprovisioning.
• Proficiency with SAML, OpenID Connect, OAuth, passwordless authentication, MFA.
• Understanding of LDAP, Virtual Directory Services, Directory Services, and Active Directory.
• Experience at an Architecture Senior Engineering level, designing and deploying complex enterprise systems.

Bachelor's Degree in Computer Science, Information Systems, or related field. Master's preferred.

• Experience with standard authentication protocols: OAuth, OAuth2, OIDC, WS-Fed, WS-Trust, SAML, LDAP, SCIM.

• Close visual acuity for data analysis, reading, and computer work.
• Ability to exert up to 20 pounds of force occasionally, and/or 10 pounds frequently; primarily sedentary work.

This job description reflects essential functions but does not restrict other tasks that may be assigned. NRECA is committed to diversity and equal opportunity employment. Reasonable accommodations are available upon request. For inquiries, contact humanresources@nreca.coop or call 703-907-5992 (Arlington) or 402-483-9275 (Lincoln, NE). For more about life at NRECA, visit www.Electric.coop.