Senior Identity Engineer (Ping)

About

Kforce has a client that is seeking a Senior Identity Engineer (Ping) in Tysons, VA. Summary: We are seeking a Senior Identity Engineer (Ping) to serve as a technical authority and hands-on leader for our enterprise Identity and Access Management (IAM) environment. This role plays a key part in delivering secure, scalable, and user-friendly identity solutions that support both internal workforce access and customer-facing identity use cases (CIAM). This is a hybrid role, requiring onsite work three days per week in San Antonio, TX or Tysons, VA, with flexibility for remote work the remaining days.

Responsibilities

• Serve as the technical lead for the design, evolution, and scaling of Ping Identity solutions supporting both workforce SSO and CIAM
• Architect and support identity solutions across hybrid environments, including on-prem, private cloud, and PingOne SaaS
• Hands-on implementation and support of Ping technologies, including PingFederate, PingID, Ping Directory, PingOne, and related CIAM services
• Design and support advanced identity workflows and user journeys using PingOne DaVinci or similar orchestration tools
• Lead the rollout and ongoing management of passwordless authentication, aligned with FIDO2/WebAuthn standards
• Act as technical lead across multiple IAM initiatives, driving architecture decisions, delivery milestones, and outcomes
• Provide advanced troubleshooting and root-cause analysis across the Ping platform
• Integrate Ping with the broader identity ecosystem, including Microsoft Entra ID (Azure AD) and other IdPs

Requirements

• 7+ years of experience in Identity & Access Management engineering and architecture
• 5+ years of hands-on experience implementing and supporting Ping Identity solutions in enterprise and/or CIAM environments
• Strong expertise across PingFederate, PingOne, Ping Directory, and related Ping products
• Proven experience leading large-scale IAM implementations or migrations
• Deep knowledge of identity protocols and standards: SAML, OAuth 2.0, OpenID Connect (OIDC), SCIM, LDAP
• The ideal candidate brings deep experience across the Ping Identity ecosystem, has led enterprise IAM initiatives end-to-end, and is comfortable owning complex authentication challenges-including modern, passwordless authentication approaches such as FIDO2 and passkeys
• Excellent communication skills with the ability to explain complex IAM concepts to both technical and business audiences

Preferred Skills

• Ping Identity certifications (PingFederate, PingDirectory, or PingOne)
• Experience with PingOne DaVinci for identity orchestration
• Strong background integrating Microsoft Entra ID (Azure AD)
• Scripting or automation skills (Python, PowerShell, Groovy)
• Exposure to Descope IAM or similar identity automation tools

Benefits

• Medical/dental/vision insurance
• HSA
• FSA
• 401(k)
• Life, disability & ADD insurance
• Paid time off (for salaried personnel)