ForgeRock IAM Engineer

Responsibilities

 

We are seeking a skilled ForgeRock IAM Engineer with strong experience in ForgeRock (PingOne Advanced Identity Cloud) to design, implement, and support secure access management solutions for a large federal environment. This role focuses on authentication, SSO, and Zero Trust security aligned with federal standards such as NIST and FedRAMP.

 

The ForgeRock AM (Access Management) Engineer is a specialized Identity and Access Management (IAM) professional responsible for designing, implementing, and maintaining secure access management solutions using the ForgeRock Identity Platform (now PingOne Advanced Identity Cloud). This role is integral to the U.S. Department of Education's Federal Student Aid (FSA) Federal IAM program — a mission-critical platform securing digital assets and managing identity for millions of students, institutions, and federal stakeholders.

 

The engineer focuses on delivering robust authentication, authorization, and Single Sign-On (SSO) strategies that align with federal security mandates including NIST SP 800-63, FICAM, FedRAMP, and Zero Trust Architecture (ZTA) principles. Working within an agile delivery environment, this role collaborates across engineering, security, architecture, and product teams to ensure the IAM platform remains secure, scalable, and compliant.

 

Key Responsibilities:

 

• Design & Architecture: Translate business and security requirements into scalable IAM technical designs using ForgeRock/PingOne components — Access Management (AM/PingAM), Identity Management (IDM/PingIDM), Directory Services (DS/PingDS), and Identity Gateway (IG/PingGateway); lead design reviews, architecture workshops, and technical documentation.
• Implementation & Integration: Install, configure, and integrate ForgeRock AM solutions with enterprise applications, cloud services (AWS, Azure, GCP), and legacy systems; develop and maintain REST API integrations and federation configurations across hybrid and multi-cloud environments.
• Authentication & Authorization: Design and implement custom authentication trees/journeys, Multi-Factor Authentication (MFA) nodes, Risk-Based Authentication (RBA), and authorization policies to enforce secure, least-privilege user access; support phishing-resistant MFA including PIV/CAC card integration aligned with NIST Authenticator Assurance Levels (AAL1/AAL2/AAL3).
• Identity Lifecycle Management: Oversee automated user provisioning, de-provisioning, and role-based access control (RBAC) and attribute-based access control (ABAC) workflows; integrate with HR systems, LDAP/Active Directory, and downstream applications to support full identity lifecycle governance.
• Zero Trust Architecture Implementation: Implement Zero Trust principles per NIST SP 800-207 and federal Executive Order mandates; deploy authentication authority and authorization engines that enforce continuous verification across hybrid, multi-cloud environments.
• Federation & SSO: Configure and maintain identity federation hubs integrating with third-party authentication sources, diverse user directories, and existing ICAM systems; enable standards-based SSO across agency boundaries and mission partner environments using SAML 2.0, OAuth 2.0, and OIDC.
• Identity Governance & Administration (IGA): Streamline access request workflows, access reviews, and Segregation of Duties (SoD) enforcement to ensure correct permissions, prevent inappropriate access, and satisfy federal audit and compliance requirements.
• Automation & Scripting: Build and maintain scripts (Java, Groovy, JavaScript, Python, or Shell) to automate routine operational tasks, optimize system performance, and support CI/CD pipeline integration for IAM configuration management.
• Troubleshooting & L3 Support: Provide Level 3 support for identity-related incidents; perform root cause analysis, resolve complex platform issues, and ensure high system availability and uptime; serve as Subject Matter Expert (SME) for production escalations.
• Compliance & Audit Support: Ensure IAM configurations meet federal regulatory requirements (FISMA, FedRAMP, NIST, FICAM, CMMC); support security audits, continuous monitoring, and audit-ready reporting; maintain alignment with DoD 8570/8140 baseline requirements where applicable.

 

Qualifications

 

Required Qualifications:

 

• Bachelors degree and 5 years of experience or 9 years of experience and a HS diploma/equivalent
• 5+ years of IAM engineering experience
• Experience working with ForgeRock AM or PingOne
• Hands-on experience with MFA, SSO, and federation solutions
• Experience working in agile environments
• ForgeRock/Ping: AM, IDM, DS, IG (or equivalents)
• IAM Protocols: SAML 2.0, OAuth 2.0, OpenID Connect, JWT, LDAP, Kerberos, SCIM
• Programming/Scripting: Java, Groovy, JavaScript, Python, or Shell
• Directory Services: LDAP, Active Directory, Azure AD (Entra ID)
• Cloud/DevOps: AWS, Azure, or GCP; Docker, Kubernetes, CI/CD, Git
• Security: MFA, PKI, RBAC/ABAC, Zero Trust principles
• Compliance: Familiarity with NIST 800-63, NIST 800-207, FedRAMP, FISMA
• U.S. Citizenship required
• Ability to obtain and maintain the required agency clearance

 

Preferred Qualifications:

 

• Experience with IAM/IGA tools such as SailPoint, Saviynt, Okta, or CyberArk
• Familiarity with PingFederate, PingAccess, or PingDirectory
• Experience with PIV/CAC authentication and phishing-resistant MFA
• SIEM integration and IAM monitoring experience
• Prior federal government IAM experience (DoD, DHS, etc.)
• Knowledge of post-quantum cryptography concepts
• Agile/SAFe experience

 

Certifications (Preferred):

 

• ForgeRock or Ping Identity certifications
• CISSP, CISM, or CompTIA Security+
• AWS or Azure security certifications

Peraton Overview

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world’s leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can’t be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we’re keeping people around the world safe and secure.

Target Salary Range

$80,000 - $128,000. This represents the typical salary range for this position. Salary is determined by various factors, including but not limited to, the scope and responsibilities of the position, the individual’s experience, education, knowledge, skills, and competencies, as well as geographic location and business and contract considerations. Depending on the position, employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay.

EEO

EEO: Equal opportunity employer, including disability and protected veterans, or other characteristics protected by law.