Lead Identity Engineer - FR CIAM

About The Role

The Lead/Senior Identity Engineer will lead the design and implementation of Customer Identity and Access Management (CIAM) solutions for a large-scale banking transformation program.

This role focuses on delivering secure, scalable, and regulatory-compliant digital identity platforms supporting customer identities, digital banking channels, and API ecosystems. The engineer will drive end-to-end CIAM solution delivery, including architecture, design, build, integration, and deployment using PingOne Advanced Identity Cloud and ForgeRock platforms.

The role requires strong expertise in modern identity protocols, customer journey design, Zero Trust principles, and banking security frameworks.

What You’ll Do

• Design and implement end-to-end CIAM solutions using PingOne Advanced Identity Cloud and ForgeRock (AM, IDM, DS, IG)
• Translate business, security, and regulatory requirements into scalable IAM solution designs
• Define and implement authentication, authorization, and federation strategies (OAuth2, OIDC, SAML)
  
  

• Design and configure customer onboarding and authentication journeys, including digital onboarding, KYC integration, MFA, passwordless, and adaptive authentication
• Implement progressive profiling, consent management, and secure customer experience flows
  
  

• Integrate CIAM with banking applications, mobile/web platforms, APIs, and third-party services
• Develop secure integrations using REST APIs and modern identity standards (OAuth2, OIDC, SAML, SCIM)
• Implement API security and token-based access control mechanisms
  
  

• Design and implement customer identity lifecycle processes including registration, provisioning, and profile management
• Integrate with directory services such as Ping Directory, OpenDJ, and LDAP
• Define identity data models, roles, and entitlement structures
  
  

• Develop custom authentication logic, scripts, and extensions using Java / JavaScript
• Build microservices and reusable components supporting CIAM architecture
• Automate workflows and integrations using APIs and scripting
  
  

• Implement IAM solutions using CI/CD pipelines and Infrastructure as Code (IaC)
• Deploy solutions in containerized environments (Docker, Kubernetes)
• Manage multi-environment deployments (Dev, QA, Prod) with secure configuration practices
• Align implementations with Zero Trust and cloud-native architecture principles
  
  

• Ensure compliance with banking security and regulatory standards, including data privacy and strong customer authentication
• Implement risk-based authentication and fraud prevention controls
  
  

• Collaborate with architects, security teams, and application teams to deliver IAM solutions
• Participate in Agile delivery and CIAM transformation programs
• Produce high-quality technical documentation (HLD, LLD, integration specifications)
  
  

• 6–10+ years of IAM experience with strong CIAM focus
• 5+ years of hands-on experience with PingOne AIC / ForgeRock IAM
  
  

• OAuth 2.0, OpenID Connect (OIDC), SAML 2.0
• API security and identity federation
• Customer authentication journeys and CIAM workflows
• Identity lifecycle management and provisioning
  
  

• LDAP / directory services (Ping Directory, OpenDJ, AD)
• Java and scripting (JavaScript, Groovy)
• Cloud platforms: AWS / Azure / GCP
• DevOps tools: CI/CD, Git, Jenkins, ArgoCD
• Containers: Docker, Kubernetes
  
  

• MFA, SSO, adaptive authentication
• Zero Trust architecture
• Banking security and compliance frameworks
  
  

• Ping Identity / ForgeRock certifications
• Experience in digital banking or Customer 360 programs
• Exposure to fraud detection, behavioral analytics, and consent frameworks
• Experience with large-scale CIAM platforms and microservices architectures