Role Summary
The PingFederate Engineer (UK Onshore) is responsible for the design, implementation, and operational support of enterprise grade federated identity and single sign on (SSO) solutions using PingFederate. The role is client facing, requiring close collaboration with UK based stakeholders, application teams, and security leadership to deliver secure, compliant authentication services across on premise, cloud, and hybrid environments.
This role operates within regulated UK environments (e.g. Financial Services, Insurance, Healthcare), ensuring adherence to UK security standards, data protection requirements, and audit expectations while enabling modern authentication using SAML, OAuth, and OpenID Connect.
________________________________________
Key Responsibilities
UK Onshore Delivery & Stakeholder Engagement
* Act as a UK onshore technical SME for PingFederate within client IAM programmes.
* Engage directly with UK business, application, and security stakeholders to gather requirements and explain federation designs in clear, non vendor language.
* Participate in design authorities, CABs, and security reviews, representing the identity federation domain.
* Support UK delivery governance, documentation standards, and change management processes.
________________________________________
Identity Federation & SSO Engineering
* Design, configure, and support PingFederate as an Identity Provider (IdP) and Service Provider (SP) for internal, partner, and customer applications.
* Implement and support SAML 2.0, OAuth 2.0, and OpenID Connect (OIDC) authentication flows.
* Deliver IdP initiated and SP initiated SSO integrations for web, mobile, and API based services.
* Integrate PingFederate with Active Directory / LDAP and external identity providers.
________________________________________
Platform Administration & Operations
* Perform installation, configuration, upgrade, and patching of PingFederate in line with UK enterprise standards.
* Configure high availability, clustering, and load balanced deployments suitable for regulated production environments.
* Manage SSL/TLS certificates, key rotation, trust stores, and federation metadata.
* Provide 3rd line support, root cause analysis, and incident resolution for authentication and federation issues.
* Support change, release, and incident processes aligned to ITIL practices.
________________________________________
Security, Risk & Compliance
* Ensure solutions comply with UK regulatory and security requirements, including:
o Data protection and privacy obligations (e.g. UK GDPR)
o Internal security policies and audit controls
* Implement MFA and adaptive authentication integrations (e.g. PingID or third party MFA).
* Apply Zero Trust and least privilege principles within federation and token designs.
* Support internal and external audits by providing technical evidence and documentation.
________________________________________
Customisation & Integration
* Develop or support custom PingFederate adapters, selectors, and token translators (Java based) where required.
* Integrate PingFederate with PingAccess, API gateways, CIAM platforms, and cloud identity services.
* Work with DevOps teams to support automation, environment consistency, and controlled deployments.
________________________________________
Required Skills & Experience
Essential Technical Skills
* Strong, hands on experience engineering and supporting PingFederate in enterprise environments.
* Deep understanding of:
o SAML 2.0
o OAuth 2.0
o OpenID Connect (OIDC)
* Experience integrating with Active Directory, LDAP, and identity stores.
* Solid understanding of PKI, certificates, encryption, and secure authentication flows.
* Ability to troubleshoot complex federation issues across multiple systems.
Experience
* Typically 4-8+ years in IAM / Access Management / Identity Federation roles.
* Proven experience working in UK regulated or compliance driven environments.
* Experience working onshore with UK clients or stakeholders.
* Exposure to cloud or hybrid identity architectures (Azure AD, AWS, GCP) is desirable.
________________________________________
Education & Certifications
* Degree in Computer Science, Information Security, or related discipline (or equivalent experience).
* Desirable (not mandatory):
o Ping Identity certifications
o Security or IAM certifications (CISSP, CISM, Security+, etc.)
________________________________________
Behavioural & Delivery Expectations (UK Onshore)
* Strong written and verbal communication skills suitable for UK client environments.
* Ability to explain complex IAM concepts to non technical stakeholders.
* Comfortable working within UK delivery governance, risk, and audit frameworks.
* Collaborative mindset with a strong focus on quality, stability, and compliance.
________________________________________
Nice to Have
* Experience delivering Financial Services or Insurance IAM programmes in the UK.
* CIAM (Customer Identity) exposure.
* Migration experience from ADFS, SiteMinder, or other legacy federation platforms to PingFederate.
* Familiarity with ServiceNow, JIRA, Confluence, and structured delivery models.
LA International is an award-winning partner of choice for many of the world's most influential companies and government organisations. Holding Enhanced Government Security Accreditation, we are recognised as the European market leader in the delivery of Security Cleared talent to organisations that demand the very highest levels of security, compliance and assurance.
A multiple award-winning organisation, having secured the prestigious Queens Award for Enterprise: International Trade over consecutive years. We are committed to fostering an inclusive, equitable and accessible workplace where everyone feels valued and supported. We welcome applications from all individuals, regardless of background or identity, and we encourage candidates who may not meet every listed requirement to still apply. If you require any adjustments or support during the recruitment process, please let us know and we will work with you to ensure a fair and accessible experience.
Please Note: If a high volume of applications is received, only candidates shortlisted will be contacted.
