Security Architect

Project Role : Security Architect
Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations.
Must have skills : ForgeRock Identity Management
Good to have skills : ForgeRock Access Management
Minimum 5 year(s) of experience is required
Educational Qualification : 15 years full time education

Summary
As a Lead ForgeRock Engineer, you will serve as the Subject Matter Expert (SME) for our global Identity and Access Management platform. You will be responsible for the a high-level orchestration, and security governance of the ForgeRock stack (AM, IDM, DS, IG). You will bridge the gap between business requirements and technical execution, leading a team of junior and mid-level administrators

Key Responsibilities
1. Platform Administration & Health
Maintenance: Perform system upgrades, patches, and version migrations for PingAM, PingIDM, and PingDS.
Monitoring: Use tools like Splunk, ELK, or Prometheus to monitor system health, log rotation, and performance bottlenecks.
Directory Management: Manage LDAP schemas, indexes, and replication in Directory Services (DS) to ensure data consistency.

2. Identity Lifecycle & Integration
App Onboarding: Configure SAML 2.0, OIDC, and OAuth2 integrations to enable Single Sign-On (SSO) for new applications.
Provisioning: Build and manage reconciliation/sync jobs in IDM to automate user onboarding and offboarding from HR systems (like Workday) to Active Directory.
Policy Enforcement: Create and maintain authorization policies and Authentication Trees (Journeys) to enforce MFA and adaptive risk-based security.

3. Security & Compliance
Governance: Implement Role-Based Access Control (RBAC) and ensure the principle of least privilege is followed.
Auditing: Generate reports for compliance (SOX, GDPR, HIPAA) showing who has access to what and when.
Incident Response: Troubleshoot login failures, session timeouts, and synchronization errors.

4. Modern DevOps Tasks
Automation: Use Groovy or JavaScript to write custom scripts for authentication nodes or IDM triggers.
IaC: Manage environment configurations using Terraform or Ansible and deploy via CI/CD pipelines.where applicable).

5.Governance, Security & Mentorship
Compliance: Ensure the platform meets global standards (GDPR, SOX, HIPAA) through robust audit logging and automated access reviews.
Mentorship: Lead a team of 3 5 IAM engineers, providing code reviews, technical guidance, and certification support

Professional & Technical Skills
ForgeRock & CIAM :- Deep knowledge of AM (Access), IDM (Identity), DS (Directory), and IG (Gateway).
Identity & Security :-
1. OAuth 2.0
2. OpenID Connect (OIDC)
3. SAML 2.0
4. JWT, REST APIs
5. LDAP / directory services

Scripting :-
1. Java, JavaScript / Groovy (ForgeRock scripting)
2. API security patterns
3. Linux / Unix environments
4. CI/CD and DevSecOps exposure

Additional functional experience :-
1. ForgeRock Identity Gateway (IG)
2. Cloud platforms (AWS / Azure / GCP)
3. Docker, Kubernetes
4. ForgeRock or IAM certifications
5. Experience with CIAM migrations (Ping, Okta, custom IAM)

Additional Information:
1.Bachelors and above degree in Computer Science, Information Technology, MIS, Engineering / Bachelor or college degree in related field or equivalent work experience (Full time).
2.The candidate should have minimum 5 years of experience in ForgeRock Identity Management & overall 10+ years overall IT experience

Certifications
ForgeRock FRX-AM-CSE Certified