# Senior CIAM Architect > Qode · New York, United States (Hybrid) · Full-time · Posted 2026-06-05 **Workplace:** hybrid ## Description **Senior CIAM Architect (15+ Years)** We are seeking a highly experienced Senior CIAM Architect with deep expertise in Ping Identity technologies to lead the design, engineering, integration, and support of enterprise-scale customer identity and access management platforms. This role requires strong hands-on experience across federation, authentication, directory services, security, PKI, infrastructure, and automation, with the ability to drive architecture decisions and resolve complex production issues in high-scale environments. **Role Summary** **Mandatory Experience** - 15+ years in IAM/CIAM domain - 8+ years working with Ping Identity products - Strong hands-on experience with: - PingFederate - PingDirectory - PingAccess - PingOne - Experience supporting enterprise-scale customer authentication platforms (10M+ users preferred) With Banking customer would be an added advantage. **Key Responsibilities** - ·      Lead the architecture, design, implementation, and support of enterprise CIAM solutions using Ping Identity products. - ·      Own end-to-end solution design for customer authentication, federation, authorization, and directory integration use cases. - ·      Design scalable and secure authentication platforms capable of supporting large user populations and high transaction volumes. - ·      Implement and optimize SSO, MFA, OAuth, OIDC, and federation flows for enterprise and customer-facing applications. - ·      Drive integration with downstream applications, identity providers, APIs, directories, and security infrastructure. - ·      Lead production issue resolution for complex authentication, federation, token, certificate, and directory-related problems. - ·      Collaborate with infrastructure, network, security, application, and DevOps teams to ensure resilient and secure identity services. - ·      Define engineering standards, deployment patterns, operational runbooks, and best practices for CIAM platform support. - ·      Provide technical leadership to engineering teams, review solution designs, and mentor junior team members. - ·      Support modernization initiatives including cloud adoption, automation, and observability for identity platforms. **Technical Skills** **Federation & Authentication** - SAML 2.0 - OAuth 2.0 - OpenID Connect (OIDC) - JWT/JWS/JWE **PingFederate Expertise** - End-to-end PingFederate administration - SSO Integration - Token exchange - Authentication Policies - Selectors and Adapters - OAuth/OIDC troubleshooting - Federation onboarding **PingDirectory Expertise** **Cloud Skills** - Amazon Web Services (AWS)  **Infrastructure** - Linux administration - Networking fundamentals - DNS - Load balancers - Reverse proxies - Firewall concepts **Security & PKI Expertise (Very Important)** Candidate must have hands-on experience with: - SSL/TLS certificate installation - Certificate renewal process - Keystore management - Truststore management - JKS/PKCS12 handling - CSR generation - Root and Intermediate CA chains - Mutual TLS (mTLS) **DevOps & Automation** - CI/CD pipelines - Git - Jenkins - Terraform - Monitoring and observability **Troubleshooting Capability** Candidate should be able to independently troubleshoot: - Federation failures - OAuth failures - Token validation issues - LDAP connectivity issues - Replication failures - Certificate chain issues - Load balancer routing issues - Authentication latency problems - Production incidents **Required Qualifications** - ·      15+ years of experience in Identity and Access Management (IAM) / Customer Identity and Access Management (CIAM). - ·      8+ years of strong hands-on experience with Ping Identity product suite, especially PingFederate, PingDirectory, PingAccess, and PingOne. - ·      Proven experience designing and supporting enterprise-scale customer authentication platforms; experience with 10M+ user environments is strongly preferred. - ·      Strong expertise in authentication and federation standards including SAML 2.0, OAuth 2.0, OpenID Connect (OIDC), and JWT technologies. - ·      Deep hands-on expertise in PingFederate administration, SSO integrations, token exchange, authentication policies, selectors, adapters, and OAuth/OIDC troubleshooting. - ·      Experience with PingDirectory administration, LDAP integrations, directory operations, replication, performance tuning, and troubleshooting. - ·      Good understanding of PingAccess for application access control, policy enforcement, and secure application integration. - ·      Strong hands-on experience with SSL/TLS certificates, certificate renewals, keystore and truststore management, JKS/PKCS12 handling, CSR generation, CA chains, and mutual TLS. - ·      Solid knowledge of Linux administration, networking fundamentals, DNS, load balancers, reverse proxies, and firewall concepts. - ·      Experience working in cloud environments, preferably AWS. - ·      Hands-on exposure to CI/CD pipelines, Git, Jenkins, Terraform, and monitoring or observability tooling. - ·      Strong troubleshooting skills across federation, OAuth, token validation, LDAP connectivity, directory replication, certificate chain issues, latency, routing, and production incidents. **Preferred Qualifications** - ·      Ping Identity certifications such as Ping Identity Certified Professional. - ·      AWS certifications such as AWS Solutions Architect. - ·      Experience in highly regulated, large-scale, or customer-facing enterprise environments. - ·      Exposure to architecture governance, engineering leadership, and cross-functional stakeholder management. **Key Competencies** - ·      Strong ownership and leadership in driving critical identity platform initiatives. - ·      Ability to translate business and security requirements into robust CIAM architecture and engineering solutions. - ·      Excellent analytical and problem-solving skills for high-severity production incidents. - ·      Strong verbal and written communication skills with the ability to work across technical and business stakeholders. - ·      Ability to operate effectively in fast-paced, high-availability production environments. **Preferred Certifications** - Ping Identity Certified Professional - AWS Solutions Architect ## Apply [Apply at Qode](https://apply.workable.com/qodeworld/j/BE37036BD2/apply) --- Powered by [Workable](https://www.workable.com)