PingFederate Consultant
•Today
| Verified Pay check_circle | Provided by the employer$50.00 to $90.00 per hour |
|---|---|
| Hours | Full-time |
| Location | El Cajon, California |
About this job
Job Description
Job Description
Senior IAM / Ping SSO Engineer
Location: Remote
Employment Type: Contract
Level: Senior
LHH is seeking a Senior IAM / Ping SSO Engineer for a remote contract opportunity. This role will support enterprise identity, SSO, and federation initiatives with a strong focus on the Ping Identity stack.
The ideal candidate will have deep hands-on experience with PingFederate and PingAccess, strong SAML/OAuth/OIDC implementation experience, and the ability to provide L3 production support in a Ping-based SSO environment.
Responsibilities
Design, implement, and support enterprise SSO and federation using PingFederate, PingAccess, PingOne, and/or PingDirectory
Configure SAML 2.0, OAuth 2.0, and OIDC integrations for enterprise and SaaS applications within the Ping stack
Onboard applications end-to-end, including IdP/SP connections, attribute mapping, policy contracts, and certificate lifecycle management
Administer OAuth 2.0 authorization servers, access token policies, scopes, and claims for API and microservice access
Deploy and support Ping infrastructure in AWS, including EC2, load balancers, Route 53, and HA/DR configurations
Provide L3 support for SSO incidents, including SAML failures, token validation issues, certificate issues, and related federation problems
Integrate Ping solutions with Active Directory, Entra ID, and LDAP directories
Automate Ping deployments and configurations using Terraform, Ansible, Python, Bash, or similar tools
Support MFA and passwordless authentication initiatives using PingID, FIDO2, or related technologies
Lead or support migrations from legacy IAM platforms such as SiteMinder or OpenAM to Ping Identity
Required Qualifications
7+ years of IAM, SSO, federation, or identity engineering experience
5+ years of hands-on PingFederate experience, including IdP/SP configuration, adapters, and authentication policies
Hands-on PingAccess experience, including policy configuration, reverse proxy, and token mediation
Experience with PingOne and/or PingDirectory, including directory integration or cloud identity services
Strong experience implementing SAML 2.0, OAuth 2.0, and OIDC in a Ping environment
L3 or production support experience in a Ping-based SSO environment
Experience onboarding applications into enterprise SSO environments
Experience with attribute mapping, policy contracts, token policies, scopes, claims, and certificate lifecycle management
Experience integrating Ping with Active Directory, Entra ID, and/or LDAP
Strong troubleshooting skills and ability to resolve complex SSO, federation, and authentication issues
Nice to Have
Okta administration experience
CyberArk or PAM integration experience
Auth0, PingOne AIC, or ForgeRock experience
AWS IAM infrastructure deployment experience
Terraform experience
Kubernetes or Helm experience for Ping deployments
CIAM experience
Scripting or automation experience with Python, Bash, Ansible, or similar tools
Qualified applicants with arrest or conviction records will be considered for employment in accordance with applicable local, state, and federal law, including the Los Angeles County Fair Chance Ordinance for Employers, the City of Los Angeles Fair Chance Initiative for Hiring Ordinance, and the California Fair Chance Act, where applicable.
Pay Details: $50.00 to $90.00 per hour
Search managed by: Evan Blakey
Benefit offerings available for our associates include medical, dental, vision, life insurance, short-term disability, additional voluntary benefits, EAP program, commuter benefits and a 401K plan. Our benefit offerings provide employees the flexibility to choose the type of coverage that meets their individual needs. In addition, our associates may be eligible for paid leave including Paid Sick Leave or any other paid leave required by Federal, State, or local law, as well as Holiday pay where applicable.
Equal Opportunity Employer/Veterans/Disabled
Military connected talent encouraged to apply
To read our Candidate Privacy Information Statement, which explains how we will use your information, please navigate to https://www.lhh.com/us/en/candidate-privacy
The Company will consider qualified applicants with arrest and conviction records in accordance with federal, state, and local laws and/or security clearance requirements, including, as applicable:
Location: Remote
Employment Type: Contract
Level: Senior
LHH is seeking a Senior IAM / Ping SSO Engineer for a remote contract opportunity. This role will support enterprise identity, SSO, and federation initiatives with a strong focus on the Ping Identity stack.
The ideal candidate will have deep hands-on experience with PingFederate and PingAccess, strong SAML/OAuth/OIDC implementation experience, and the ability to provide L3 production support in a Ping-based SSO environment.
Responsibilities
Design, implement, and support enterprise SSO and federation using PingFederate, PingAccess, PingOne, and/or PingDirectory
Configure SAML 2.0, OAuth 2.0, and OIDC integrations for enterprise and SaaS applications within the Ping stack
Onboard applications end-to-end, including IdP/SP connections, attribute mapping, policy contracts, and certificate lifecycle management
Administer OAuth 2.0 authorization servers, access token policies, scopes, and claims for API and microservice access
Deploy and support Ping infrastructure in AWS, including EC2, load balancers, Route 53, and HA/DR configurations
Provide L3 support for SSO incidents, including SAML failures, token validation issues, certificate issues, and related federation problems
Integrate Ping solutions with Active Directory, Entra ID, and LDAP directories
Automate Ping deployments and configurations using Terraform, Ansible, Python, Bash, or similar tools
Support MFA and passwordless authentication initiatives using PingID, FIDO2, or related technologies
Lead or support migrations from legacy IAM platforms such as SiteMinder or OpenAM to Ping Identity
Required Qualifications
7+ years of IAM, SSO, federation, or identity engineering experience
5+ years of hands-on PingFederate experience, including IdP/SP configuration, adapters, and authentication policies
Hands-on PingAccess experience, including policy configuration, reverse proxy, and token mediation
Experience with PingOne and/or PingDirectory, including directory integration or cloud identity services
Strong experience implementing SAML 2.0, OAuth 2.0, and OIDC in a Ping environment
L3 or production support experience in a Ping-based SSO environment
Experience onboarding applications into enterprise SSO environments
Experience with attribute mapping, policy contracts, token policies, scopes, claims, and certificate lifecycle management
Experience integrating Ping with Active Directory, Entra ID, and/or LDAP
Strong troubleshooting skills and ability to resolve complex SSO, federation, and authentication issues
Nice to Have
Okta administration experience
CyberArk or PAM integration experience
Auth0, PingOne AIC, or ForgeRock experience
AWS IAM infrastructure deployment experience
Terraform experience
Kubernetes or Helm experience for Ping deployments
CIAM experience
Scripting or automation experience with Python, Bash, Ansible, or similar tools
Qualified applicants with arrest or conviction records will be considered for employment in accordance with applicable local, state, and federal law, including the Los Angeles County Fair Chance Ordinance for Employers, the City of Los Angeles Fair Chance Initiative for Hiring Ordinance, and the California Fair Chance Act, where applicable.
Pay Details: $50.00 to $90.00 per hour
Search managed by: Evan Blakey
Benefit offerings available for our associates include medical, dental, vision, life insurance, short-term disability, additional voluntary benefits, EAP program, commuter benefits and a 401K plan. Our benefit offerings provide employees the flexibility to choose the type of coverage that meets their individual needs. In addition, our associates may be eligible for paid leave including Paid Sick Leave or any other paid leave required by Federal, State, or local law, as well as Holiday pay where applicable.
Equal Opportunity Employer/Veterans/Disabled
Military connected talent encouraged to apply
To read our Candidate Privacy Information Statement, which explains how we will use your information, please navigate to https://www.lhh.com/us/en/candidate-privacy
The Company will consider qualified applicants with arrest and conviction records in accordance with federal, state, and local laws and/or security clearance requirements, including, as applicable:
- The California Fair Chance Act
- Los Angeles City Fair Chance Ordinance
- Los Angeles County Fair Chance Ordinance for Employers
- San Francisco Fair Chance Ordinance
Nearby locations
Nearby Job Titles
Insurance Sales Agent Jobs Radiologic Technologist Jobs Personal Care Aide Jobs Data Entry Jobs Retail Salesperson JobsNearby Locations
San Diego, CA Jobs Chula Vista, CA Jobs El Cajon, CA Jobs La Mesa, CA Jobs California JobsNearby Companies
ApexFocusGroup Jobs Care.com Jobs Free Cash by Almedia Jobs U.S. Navy Jobs Great Clips JobsNearby Categories
Full-time Jobs Part-time Jobs Gig Jobs Posting ID: 1271556882 Posted: 2026-06-24 Job Title: Pingfederate Consultant
Your Privacy Choices