ForgeRock IAM Engineer
Peraton · United States
- Hybrid
- Full-time
- $128,000 / year
- United States
Job highlights
- Design and implement secure access management using ForgeRock.
- Focus on authentication, SSO, and Zero Trust security.
- Support federal security standards like NIST and FedRAMP.
- Integrate with enterprise applications and cloud services.
- Automate tasks and provide Level 3 support.
About the role
About Peraton
Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world's leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees solve the most daunting challenges that our customers face. Visit peraton.com to learn how we're keeping people around the world safe and secure.
About The Role
We are seeking a skilled ForgeRock IAM Engineer with strong experience in ForgeRock (PingOne Advanced Identity Cloud) to design, implement, and support secure access management solutions for a large federal environment. This role focuses on authentication, SSO, and Zero Trust security aligned with federal standards such as NIST and FedRAMP. The ForgeRock AM (Access Management) Engineer is a specialized Identity and Access Management (IAM) professional responsible for designing, implementing, and maintaining secure access management solutions using the ForgeRock Identity Platform (now PingOne Advanced Identity Cloud). This role is integral to the U.S. Department of Education's Federal Student Aid (FSA) Federal IAM program - a mission-critical platform securing digital assets and managing identity for millions of students, institutions, and federal stakeholders. The engineer focuses on delivering robust authentication, authorization, and Single Sign-On (SSO) strategies that align with federal security mandates including NIST SP 800-63, FICAM, FedRAMP, and Zero Trust Architecture (ZTA) principles. Working within an agile delivery environment, this role collaborates across engineering, security, architecture, and product teams to ensure the IAM platform remains secure, scalable, and compliant.
Key Responsibilities
- Design & Architecture: Translate business and security requirements into scalable IAM technical designs using ForgeRock/PingOne components - Access Management (AM/PingAM), Identity Management (IDM/PingIDM), Directory Services (DS/PingDS), and Identity Gateway (IG/PingGateway); lead design reviews, architecture workshops, and technical documentation.
- Implementation & Integration: Install, configure, and integrate ForgeRock AM solutions with enterprise applications, cloud services (AWS, Azure, GCP), and legacy systems; develop and maintain REST API integrations and federation configurations across hybrid and multi-cloud environments.
- Authentication & Authorization: Design and implement custom authentication trees/journeys, Multi-Factor Authentication (MFA) nodes, Risk-Based Authentication (RBA), and authorization policies to enforce secure, least-privilege user access; support phishing-resistant MFA including PIV/CAC card integration aligned with NIST Authenticator Assurance Levels (AAL1/AAL2/AAL3).
- Identity Lifecycle Management: Oversee automated user provisioning, de-provisioning, and role-based access control (RBAC) and attribute-based access control (ABAC) workflows; integrate with HR systems, LDAP/Active Directory, and downstream applications to support full identity lifecycle governance.
- Zero Trust Architecture Implementation: Implement Zero Trust principles per NIST SP 800-207 and federal Executive Order mandates; deploy authentication authority and authorization engines that enforce continuous verification across hybrid, multi-cloud environments.
- Federation & SSO: Configure and maintain identity federation hubs integrating with third-party authentication sources, diverse user directories, and existing ICAM systems; enable standards-based SSO across agency boundaries and mission partner environments using SAML 2.0, OAuth 2.0, and OIDC.
- Identity Governance & Administration (IGA): Streamline access request workflows, access reviews, and Segregation of Duties (SoD) enforcement to ensure correct permissions, prevent inappropriate access, and satisfy federal audit and compliance requirements.
- Automation & Scripting: Build and maintain scripts (Java, Groovy, JavaScript, Python, or Shell) to automate routine operational tasks, optimize system performance, and support CI/CD pipeline integration for IAM configuration management.
- Troubleshooting & L3 Support: Provide Level 3 support for identity-related incidents; perform root cause analysis, resolve complex platform issues, and ensure high system availability and uptime; serve as Subject Matter Expert (SME) for production escalations.
- Compliance & Audit Support: Ensure IAM configurations meet federal regulatory requirements (FISMA, FedRAMP, NIST, FICAM, CMMC); support security audits, continuous monitoring, and audit-ready reporting; maintain alignment with DoD 8570/8140 baseline requirements where applicable.
Qualifications
Required Qualifications:
- Bachelors degree and 5 years of experience or 9 years of experience and a HS diploma/equivalent
- 5+ years of IAM engineering experience
- Experience working with ForgeRock AM or PingOne
- Hands-on experience with MFA, SSO, and federation solutions
- Experience working in agile environments
- ForgeRock/Ping: AM, IDM, DS, IG (or equivalents)
- IAM Protocols: SAML 2.0, OAuth 2.0, OpenID Connect, JWT, LDAP, Kerberos, SCIM
- Programming/Scripting: Java, Groovy, JavaScript, Python, or Shell
- Directory Services: LDAP, Active Directory, Azure AD (Entra ID)
- Cloud/DevOps: AWS, Azure, or GCP; Docker, Kubernetes, CI/CD, Git
- Security: MFA, PKI, RBAC/ABAC, Zero Trust principles
- Compliance: Familiarity with NIST 800-63, NIST 800-207, FedRAMP, FISMA
- U.S. Citizenship required
- Ability to obtain and maintain the required agency clearance
Preferred Qualifications:
- Experience with IAM/IGA tools such as SailPoint, Saviynt, Okta, or CyberArk
- Familiarity with PingFederate, PingAccess, or PingDirectory
- Experience with PIV/CAC authentication and phishing-resistant MFA
- SIEM integration and IAM monitoring experience
- Prior federal government IAM experience (DoD, DHS, etc.)
- Knowledge of post-quantum cryptography concepts
- Agile/SAFe experience
Certifications (Preferred):
- ForgeRock or Ping Identity certifications
- CISSP, CISM, or CompTIA Security+
- AWS or Azure security certifications
Key skills/competency
- ForgeRock IAM Engineer
- Identity and Access Management (IAM)
- ForgeRock AM
- PingOne Advanced Identity Cloud
- Single Sign-On (SSO)
- Multi-Factor Authentication (MFA)
- Zero Trust Architecture (ZTA)
- NIST SP 800-63
- FedRAMP
- Federation Protocols (SAML, OAuth, OIDC)
Skills & topics
- ForgeRock
- IAM
- Identity and Access Management
- Engineer
- Peraton
- PingOne
- SSO
- MFA
- Zero Trust
- NIST
- FedRAMP
- Security
- Federal IAM
- Access Management
- Federation
How to get hired
- Tailor your resume: Highlight your ForgeRock/PingOne, MFA, SSO, and federal compliance experience.
- Showcase federal expertise: Emphasize familiarity with NIST, FedRAMP, and Zero Trust principles.
- Demonstrate technical skills: Detail your experience with IAM protocols and scripting languages.
- Prepare for interviews: Be ready to discuss your approach to IAM architecture and troubleshooting.
- Understand the mission: Show alignment with Peraton's national security focus.
Technical preparation
Behavioral questions
Frequently asked questions
- What are the key responsibilities for a ForgeRock IAM Engineer at Peraton?
- As a ForgeRock IAM Engineer at Peraton, your key responsibilities will include designing and implementing secure access management solutions using ForgeRock/PingOne, focusing on authentication, SSO, and Zero Trust principles. You'll integrate these solutions with enterprise applications and cloud services, manage identity lifecycles, and provide Level 3 support, ensuring compliance with federal standards like NIST and FedRAMP.
- What specific ForgeRock or PingOne components are important for this role?
- This role requires hands-on experience with ForgeRock/PingOne components such as Access Management (AM/PingAM), Identity Management (IDM/PingIDM), Directory Services (DS/PingDS), and Identity Gateway (IG/PingGateway). Familiarity with PingFederate, PingAccess, or PingDirectory is also beneficial.
- What federal security standards and principles are crucial for this ForgeRock IAM Engineer position?
- Crucial federal security standards and principles for this role include NIST SP 800-63, FICAM, FedRAMP, FISMA, and Zero Trust Architecture (ZTA) per NIST SP 800-207. You'll also need to align with DoD 8570/8140 baseline requirements and support phishing-resistant MFA aligned with NIST Authenticator Assurance Levels (AAL1/AAL2/AAL3).
- What programming or scripting languages are commonly used by a ForgeRock IAM Engineer at Peraton?
- ForgeRock IAM Engineers at Peraton often use programming and scripting languages such as Java, Groovy, JavaScript, Python, or Shell to automate tasks, optimize performance, and support CI/CD pipelines for IAM configuration management.
- Does Peraton offer opportunities for professional development for ForgeRock IAM Engineers?
- While not explicitly detailed, Peraton emphasizes a culture of solving complex challenges. Given the preferred qualifications include ForgeRock or Ping Identity certifications and security certifications like CISSP or CompTIA Security+, it's highly probable that Peraton supports professional development and certifications for its IAM engineers.
- What is the typical salary range for a ForgeRock IAM Engineer at Peraton?
- The target salary range for this ForgeRock IAM Engineer position at Peraton is between $80,000 and $128,000 annually. Salary is determined by various factors including experience, education, skills, and location.
- What kind of clearance is required for the ForgeRock IAM Engineer role at Peraton?