Ping Identity / LDAP Administrator

JOB SUMMARY:

• The Ping Identity / LDAP Administrator is responsible for the design, implementation, maintenance, and support of the organization’s Identity and Access
• Management (IAM) infrastructure running on Amazon Web Services (AWS).

KEY RESPONSIBILITIES:

1. Architecture & Administration

* Directory Operations: Configure, tune, and maintain LDAP infrastructure (e.g., PingDirectory) hosted on Amazon EC2 or containers, optimizing for replication performance across AWS regions.

* Access Management: Administer PingFederate and PingAccess policies, custom adapters, and federation setups ($SAML$, $OAuth$, $OIDC$) hosted in the Cloud.

* Policy Management: Design and maintain access control policies, authentication schemes, and authorization rules.

* Data Synchronization: Oversee data replication, synchronization, and integrity across multiple directory instances and environments.

* Migration: Lead or support lift-and-shift or refactoring initiatives to migrate legacy LDAP and Ping architectures to AWS.

2. Integration & Support

* SSO Federation: Configure and troubleshoot Single Sign-On (SSO) integrations using protocols such as SAML 2.0, OAuth 2.0, OIDC (OpenID Connect), and WS-Federation.

* Application Onboarding: Partner with internal application teams to integrate custom and third-party SaaS applications into the identity platform.

* API Security: Implement and secure API gateways using PingAccess or similar tools.

* Troubleshooting: Provide technical support for complex identity, authentication, and directory service issues.

3. Security & Compliance

* Cloud Security: Implement AWS security best practices utilizing AWS IAM, Security Groups, VPC ACLs, and AWS Secrets Manager to protect directory data and API keys.

* Audit & Logging: Monitor system logs and audit trails to detect potential security breaches or operational anomalies.

* Certificates: Manage the lifecycle of SSL/TLS and signing certificates used within the IAM infrastructure.

REQUIRED SKILLS & QUALIFICATIONS:

Technical Skills:

* Directory Expertise: Deep understanding of LDAP schemas, object classes, attributes, tree structures, and ACIs (Access Control Instructions).

* IAM Tools: Proven hands-on experience with PingFederate, PingDirectory, and PingAccess.

* Protocols: Strong knowledge of federation protocols (SAML, OAuth, OIDC) and network protocols (TCP/IP, DHCP, DNS).

* Scripting: Proficiency in scripting languages (e.g., Python, PowerShell, Bash, or Shell) for automating administrative tasks.

* Operating Systems: Comfortable navigating and administering both Linux/Unix and Windows Server environments.