Senior IAM Architect

Senior IAM Architect

USA - Remote

At Ping Identity, we believe in making digital experiences both secure and seamless for all users, without compromise. We call this digital freedom. And it's not just something we provide our customers. It's something that inspires our company. People don't come here to join a culture that's built on digital freedom. They come to cultivate it.

Our intelligent, cloud identity platform lets people shop, work, bank, and interact wherever and however they want. Without friction. Without fear.

While protecting digital identities is at the core of our technology, protecting individual identities is at the core of our culture. We champion every identity. One of our core values, Respect Individuality, reminds us to celebrate differences so you are empowered to bring your authentic self to work.

We're headquartered in Denver, Colorado and we have offices and employees around the globe. We serve the largest, most demanding enterprises worldwide, including more than half of the Fortune 100. At Ping Identity, we're changing the way people and businesses think about cybersecurity, digital experiences, and identity and access management.

As a Senior IAM Architect on Ping's Corporate IT Systems Administration team, you will lead the company's internal IAM practice across both workforce and customer identity environments. This is a senior, hands-on role for someone who can design, implement, operate, troubleshoot, and continuously improve identity capabilities for Ping as the customer.

This person will serve as the internal owner of Ping's IAM architecture, role model, and operational direction, helping ensure the environment is secure, functional, scalable, and maintainable while partnering closely with internal product teams and business stakeholders to evaluate and adopt new Ping capabilities over time.

Responsibilities

• Lead the architecture, roadmap, and day-to-day maturity of Ping's internal IAM practice across WIAM, CIAM, authentication, authorization, federation, lifecycle management, and governance.
• Own the design, implementation, operation, and continuous improvement of Ping's internal identity platforms and supporting processes, with responsibility for keeping the environment secure, functional, and maintainable.
• Act as the internal owner of Ping's role model, access model, and identity architecture, ensuring business requirements are translated into scalable technical controls and usable identity services.
• Partner with internal product teams to evaluate, pilot, and adopt new Ping products and acquired capabilities in Ping's corporate and CIAM environments.
• Work closely with IT, Security, HR, Engineering, Product, and other business stakeholders to define identity requirements, improve processes, and align IAM capabilities to real business needs.
• Lead role engineering efforts by analyzing business requirements, defining roles and permissions in functional business terms, and ensuring system privileges map correctly to approved access models.
• Drive strong operational execution for SSO, MFA, federation, provisioning, deprovisioning, role assignment, access reviews, and exception handling across internal and customer-facing systems.
• Troubleshoot complex authentication, authorization, provisioning, and access issues across applications, directories, workflows, and connected systems.
• Maintain and improve standards, procedures, controls, reporting, and documentation for IAM operations, including actual-state versus desired-state validation, access reviews, and change governance.
• Maintain a lab and test environment to validate new integrations, prototype new capabilities, and safely trial new Ping products and patterns before production rollout.
• Serve as Ping's internal IAM thought leader and provide practical product feedback based on real enterprise use cases from Ping's WIAM and CIAM environments.

Required Skills & Qualifications

• 8+ years of experience in Identity and Access Management, including significant experience designing, implementing, and operating both WIAM and CIAM environments.
• Proven experience owning complex IAM platforms from architecture through operations in enterprise environments.
• Experience building and maintaining DaVinci flows for WIAM and CIAM use cases.
• Strong hands-on experience with Ping Identity products in production environments; including PingOne SSO, PingID, PingOne MFA, PingOne Protect, PingFederate.
• Strong expertise with modern identity standards and protocols such as SAML, OAuth, OpenID Connect, SCIM, LDAP, and REST-based integrations.
• Strong hands-on troubleshooting skills across authentication, federation, access, and provisioning flows, including the ability to diagnose issues across browsers, applications, logs, and connected systems.
• Experience defining and maintaining roles, permissions, and access models in business terms while ensuring accurate implementation in technical systems and application authorization structures.
• Strong understanding of identity lifecycle processes, including joiner/mover/leaver workflows, access requests, approvals, exception handling, access removal, and periodic review.
• Experience implementing IAM controls, reporting, and governance processes that improve auditability, risk management, and operational integrity.
• Working knowledge of identity-related infrastructure and supporting technologies such as directory services, PKI/certificates, networking, system administration, and application integrations.
• Strong written and verbal communication skills with the ability to partner effectively across technical teams, business stakeholders, and leadership.
• Demonstrated ability to operate independently, drive change, and bring structure to a fast-moving and evolving environment.
• Bachelor's degree in Computer Science, Information Systems, Engineering, or a related field, or equivalent practical experience.

Desired Candidate Skills

• Strong hands-on experience with Ping Identity products in production environments.
• Expertise designing, implementing, and maintaining DaVinci Product flows.
• Familiarity with PingOne Architecture and the broader Ping platform ecosystem.
• Experience with PingOne SSO, PingID, PingOne MFA, PingOne Protect, PingOne Authorize, PingFederate, PingAccess, PingDirectory, and related Ping technologies.
• Experience serving as an internal platform owner who can evaluate new capabilities, form a point of view on the right architecture for the business, and drive adoption of new identity capabilities over time.
• Experience maintaining lab environments, testing new integrations, and validating new identity patterns before production deployment.
• Strong understanding of access controls, segregation of duties, least privilege, and policy-driven authorization models.
• Experience with change management, release management, and integrating IAM work into broader IT and security operating processes.
• Experience with DevOps and platform engineering practices such as Terraform, CI/CD, API integration, and cloud-native deployment models.
• Ability to represent Ping internally as the enterprise customer and translate that experience into better architecture, better operational outcomes, and stronger adoption of Ping technology.

Salary Range: $137,000 - $180,000

We believe in and facilitate a flexible, collaborative work environment. We're growing quickly, but remain true to the innovative, can-do startup values that got us here. Most importantly, we keep hiring talented, smart, fun, and genuinely nice people because that's who we want to succeed with every day.

Here are just a few of the things that make Ping special:

• A company culture that empowers you to do your best work.
• Employee Resource Groups that create a sense of belonging for everyone.
• Regular company and team bonding events.
• Competitive benefits and perks.
• Global volunteering and community initiatives

Our Benefits:

• Generous PTO & Holiday Schedule
• Parental Leave
• Progressive Healthcare Options
• Retirement Programs
• Opportunity for Education Reimbursement
• Commuter Offset (Specific locations)

Ping is the collective sum of all our individual experiences, backgrounds and influences and we pride ourselves in growing and learning together. We are committed to building an inclusive and diverse environment where everyone's individuality is respected and everyone has an Identity. In recruiting for new colleagues, we welcome the unique contributions you can bring and encourage you to be your best self.

We are an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex including sexual orientation and gender identity, national origin, disability, protected Veteran Status, or any other characteristic protected by applicable federal, state, or local law.