ForgeRock Federation Engineer

We are seeking a skilled ForgeRock Federation Engineer to support the design, implementation, and maintenance of secure identity federation solutions within a large federal IAM environment. This role focuses on enabling secure authentication and authorization data exchange across enterprise, cloud, and partner systems using the ForgeRock (PingOne Advanced Identity Cloud) platform, while ensuring compliance with federal security standards.

Key Responsibilities:

Configure and manage identity federation and SSO using SAML 2.0, OAuth 2.0, and OIDC
• Establish and maintain IdP/SP trust relationships across enterprise and cloud systems
• Design and implement ForgeRock components (AM, IDM, DS, IG) for scalable IAM solutions
• Develop authentication journeys supporting MFA, adaptive access, and Zero Trust policies
• Integrate with directory services (LDAP, Active Directory, Azure AD / Entra ID)
• Enable application and API integrations using REST, SCIM, and federation protocols
• Develop custom authentication nodes and scripts (Java, Groovy, JavaScript)
• Support platform upgrades, patching, and DevOps automation (Docker, Kubernetes, CI/CD)
• Ensure compliance with federal standards (NIST, FISMA, FedRAMP)
• Troubleshoot complex federation and integration issues (L3 support)
• Collaborate within agile teams for delivery and continuous improvement

Required Qualifications:

• Bachelor's degree and 5 years of experience or 9 years with a HS diploma/equivalent
• 5 years of IAM engineering experience
• Experience with ForgeRock or PingOne platform
• Experience implementing federation and SSO solutions
• Experience working in agile environments
• Federation Protocols: SAML 2.0, OAuth 2.0, OpenID Connect (OIDC), JWT, PKCE, mTLS experience
• ForgeRock/Ping: AM, IDM, DS, IG configuration and administration experience
• Directory Services: LDAP, Active Directory, Azure AD (Entra ID) experience
• Experience in Java, Groovy, JavaScript; REST API integration
• DevOps: Docker, Kubernetes, CI/CD tools (Jenkins, GitLab CI), Git experience
• Familiarity with AWS, Azure, or GCP
• Security: MFA, RBAC/ABAC, Zero Trust principles
• U.S. Citizenship required
• Ability to obtain and maintain the required agency clearance

Preferred Qualifications:

• Experience with Okta, SailPoint, CyberArk, or IBM Security Verify
• Familiarity with PingFederate, PingAccess, or PingDirectory
• Experience with CIAM (Customer Identity and Access Management)
• Knowledge of identity analytics or AI-driven IAM tools
• Prior federal IAM program experience (DoD, DHS, FSA, etc.)
• Familiarity with NIST, FISMA, and FedRAMP compliance

Certifications (Preferred):

• ForgeRock or Ping Identity certifications
• CISSP or Certified Identity and Access Manager (CIAM)
• CompTIA Security+

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world's leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can't be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we're keeping people around the world safe and secure.