Role: ForgeRock Identity Engineer / Architect
Location: VA, NJ, TX, Atlanta, Colorado, Tampa
About the Role
Join a high-impact POD building a self-service federated SSO platform. You’ll be the hands-on ForgeRock expert designing and engineering a scalable identity broker integrating with Okta, Microsoft Entra ID, PingIdentity, and more. This is a build-from-scratch, code-heavy role—not admin/config.
Key Responsibilities
- Design multi-tenant ForgeRock AM federation architecture
- Build REST APIs for programmatic SAML SP connection lifecycle (create/validate/activate)
- Implement SAML/OIDC flows, assertion validation, and secure session management across apps
- Develop scripted authentication (Groovy/JS) and automate certificate lifecycle (monitoring & rotation)
- Enable break-glass fallback, ensure high availability, and prepare SCIM-ready architecture
- Migrate existing manual SP connections to automated framework
Must Have
- 4+ years hands-on ForgeRock Access Manager (AM)
- Strong SAML 2.0 (debugging raw assertions), OIDC/OAuth 2.0
- Experience with ForgeRock REST APIs, scripted nodes, and keystore/X.509 management
- API design & integrations, LDAP, secrets management (AWS/Vault)
- Coding: Java/Groovy + CI/CD, API testing, SAML debugging tools
Nice to Have
- ForgeRock IDM, SCIM 2.0, cloud (AWS/Azure/GCP)
- Experience with Okta / Entra / Ping as IDP
- Migration of manual SP setups to programmatic model
Why This Role?
You’ll define the identity architecture powering hundreds of future customers—owning critical decisions, building automation, and solving complex, real-world federation challenges.
Other open roles at Qode(6)
Qode is your AI recruiting engine, built to eliminate grunt work, surface top candidates instantly, and scale hiring without scaling your team.
Jobr aggregates jobs directly from company career portals — no middlemen. Our team applies on your behalf with AI-tailored resumes, reviewed by a human before submission.