Job Description

Senior SSO Implementation Engineer (8-10+ years)

You will own end-to-end SSO implementations and federation architecture for large, complex customers -- from discovery and design to delivery, automation, and operational handover. You'll act as the technical lead for SSO/IAM projects, collaborate with solution architects and product teams, and drive best practices across security, scalability, and reliability.

Key responsibilities

Architect, lead and deliver enterprise SSO/federation projects using SAML, OAuth2, OpenID Connect, WS-Federation and SCIM. Design integration patterns for cloud (SaaS) apps, legacy on-prem apps, microservices and APIs. Implement and configure IdPs/SPs (Okta, Azure AD, Ping, ForgeRock, Keycloak, OneLogin, etc.) and customize integrations when needed. Lead complex migrations (legacy SSO ? modern OIDC/OAuth or cloud IdP migrations) with zero/low downtime. Build reusable templates, automation, and runbooks for onboarding apps (SAML metadata, certificate rotation, attribute mapping, SCIM provisioning). Integrate SSO with API gateways, reverse proxies and WAFs (NGINX, HAProxy, Apigee, Kong, AWS API Gateway). Implement authentication/authorization flows for web, mobile and APIs, including OAuth2 grant types, JWT validation, token lifecycles and refresh strategies. Own certificate and PKI lifecycle management for SSO components. Develop automation (Terraform, Ansible, CloudFormation) for IaC, deployment pipelines, and environment provisioning. Troubleshoot complex auth failures, perform root cause analysis, and implement fixes; provide L2/L3 handover with documentation. Define security standards (token encryption, key rotation, session management), run threat/risk assessments and ensure compliance (SOC2, ISO27001, GDPR where applicable). Mentor junior engineers, run knowledge sessions, and perform code/config reviews. Engage with customers and presales for scoping, estimates, and technical proposals.

Must-have technical skills & experience

8-10+ years in IAM/SSO/Authentication engineering with multiple full lifecycle SSO projects. Deep, hands-on experience with SAML 2.0, OAuth2, OpenID Connect, WS-Federation and SCIM. Proven experience implementing/configuring major IdPs:

Okta, Azure AD, Ping, ForgeRock, Keycloak, OneLogin

(any 2+ in depth). Strong experience integrating SSO with SaaS (Office365, Salesforce, Google Workspace), custom web apps (.NET/Java/Node), and mobile apps. Solid programming/scripting skills:

Python

,

PowerShell

,

Java

,

C#

, or

Node.js

-- used for automation or custom adapters. Automation & IaC:

Terraform

,

Powershell, Ansible

,

CloudFormation

(production use). Cloud: architecture & implementation experience on

AWS

,

Azure

or

GCP

(at least one). Web/API security fundamentals: JWT, JWKs, OAuth token flows, CSRF, cookie/session security, TLS, cert management. Directory services and provisioning:

Active Directory

,

LDAP

. Debugging and observability: logs/traces with

Splunk/ELK

, metrics with

Prometheus/Grafana

. CI/CD:

Jenkins

,

GitLab CI

, or

GitHub Actions

. Experience with containers and orchestration:

Docker

,

Kubernetes

(deploying IdP or gateway components). Strong stakeholder management, client-facing skills, and ability to lead technical discussions.

Nice-to-have / Preferred

Hands-on with identity governance (SailPoint, Saviynt) or entitlement management. Experience with API gateways (Apigee, Kong) and service mesh patterns. Familiarity with PKI solutions and HSMs for key management. Certifications:

CISSP

,

CCSP

,

Okta Certified

,

Azure AD

/Microsoft Identity certifications,

ForgeRock

or

Ping

certs. Prior exposure to compliance audits (SOC2/ISO) and security assessment tools (Burp Suite, Nessus).
Job Type: Full-time

Benefits:

Commuter assistance Leave encashment Paid sick time Paid time off
Experience:

IAM: 5 years (Required) SSO: 5 years (Required)
Shift availability:

Night Shift (Preferred)
Work Location: In person