Lead CIAM Authentication Engineer

Description and Requirements
Description and Requirements
Role Value Proposition:
MetLife is a leader in providing insurance and protection products to customers around the globe. MetLife has undertaken a digital transformation journey to deliver innovative and industry-leading digital solutions, employing innovative cloud and engineering technologies, and agile development practices. We are looking for an exceptional Lead Authentication Engineer with specialized focus on administration and management of modern LDAP directories (like Ping Directory, Radiant Logic etc.). You will be a critical member of the Authentication Services engineering team that owns and manages Customer IAM (CIAM) services across on-prem and in cloud. Presenting an opportunity to implement innovative identity solutions using modern authentication, cloud based IDP and directory technologies.
As a global company, you will collaborate with cross-functional teams including security, IT and business units across US, LATAM, EMEA and APAC regions to lead, drive and deliver global CIAM solutions. Working hours for this role are aligned to US EST.
How You'll Help Us Build a Confident Future
Key Responsibilities:

• Design and Implement scalable IAM solutions that follow a global, hybrid cloud architecture.

• Lead and implement seamless data migration efforts from legacy to modern LDAP directories.

• Work closely with IAM Architect to solution design and publish new CIAM Patterns.

• Conducts proof of concepts.

• Administration and Management of LDAP directories within CIAM portfolio. Implement proper security controls and policies (Schema, Password policies, ACI, Encryption, TLS).

• Provide domain expertise in Authentication/Directory services.

• Provide consultancy to global IT teams and business units on new integrations and best practice.

• Implement modern authentication using tools like Ping Federate or ForgeRock (SAML, OIDC, OAUTH, MFA and Access Gateway).

• Provide leadership in level 3 troubleshooting, perform RCA and implement mitigation plan.

• Showcase operational excellence and planning in implementing large scale projects.

• Educate and mentor junior team members by conducting demo/training sessions.

• Develop and publish runbooks, architecture documentation and diagrams for CIAM solutions.

• Conduct regular security audits, identity lifecycle management, and compliance assessments to ensure adherence to global standards such as GDPR, PCI, etc.

• Collaborate with security and compliance teams to maintain and improve the security posture and of our CIAM systems.

• Proactively identify gaps in technical and admin process and propose pragmatic solutions.

• Move projects towards architecture North Star and Security Standards.

Essential Business Experience and Technical Skills:
Required Skills:

• 7+ years of strong experience in designing and implementing LDAP directory services (like Ping Directory, OUD, ADLDS, Tivoli, CA Directory).

• 5+ years of strong experience in designing and implementing data sync (PingDataSync or using scripts) process to migrate data.

• 5+ years of experience with security architecture, including hands-on knowledge of SAML 2.0, OAuth, OpenID Connect, SSO, Multi-Factor Authentication, or Cloud Security, etc. and at least one of the following tools: Ping Identity, SiteMinder, or ForgeRock.

• Experience with Log analytics and SIEM tools such as Splunk, Elastic or QRadar.

• Experience with IDaaS, Web Access Management, API security and cloud services (Azure/AWS).

Preferred Skills

• Strong knowledge in Ping Directory, Ping DataSync, Ping DataProxy.
• Bachelor's degree in an engineering discipline (Computer Science, Information Technology, Math or other engineering equivalent).
• Experience with PingOne and PingOne Advanced Services (P1AS).
• Experience in leading and driving data migration project.
• Strategic thinking with the ability to lead large-scale IAM initiatives.
• Solid understanding of cloud security frameworks and zero-trust architecture.
• Agile and DevSecOps experience.
• Ping Identity Certification is a plus.

Benefits We Offer
Our U.S. benefits address holistic well-being with programs for physical and mental health, financial wellness, and support for families. We offer a comprehensive health plan that includes medical/prescription drug and vision, dental insurance, and no-cost short- and long-term disability. We also provide company-paid life insurance and legal services, a retirement pension funded entirely by MetLife and 401(k) with employer matching, group discounts on voluntary insurance products including auto and home, pet, critical illness, hospital indemnity, and accident insurance, as well as Employee Assistance Program (EAP) and digital mental health programs, parental leave, volunteer time off, tuition assistance and much more!
About MetLife
Recognized on Fortune magazine's list of the 2024 "World's Most Admired Companies" as well as the 2024 Fortune 100 Best Companies to Work For ®, MetLife , through its subsidiaries and affiliates, is one of the world's leading financial services companies; providing insurance, annuities, employee benefits and asset management to individual and institutional customers. With operations in more than 40 markets, we hold leading positions in the United States, Latin America, Asia, Europe, and the Middle East.
Our purpose is simple - to help our colleagues, customers, communities, and the world at large create a more confident future. United by purpose and guided by empathy, we're inspired to transform the next century in financial services. At MetLife, it's #AllTogetherPossible . Join us!
Equal Employment Opportunity/Disability/Veterans
If you need an accommodation due to a disability, please email us at [email protected]. This information will be held in confidence and used only to determine an appropriate accommodation for the application process.
MetLife maintains a drug-free workplace.
#BI-Hybrid