Description and RequirementsRole Value Proposition: MetLife is a leader in providing insurance and protection products to customers around the globe. MetLife has undertaken a digital transformation journey to deliver innovative and industry-leading digital solutions, employing innovative cloud and engineering technologies, and agile development practices.We are looking for an exceptional lead engineer with specialized focus on implementation and management of modern authentication access management tools.You will be a SME & critical member of the Authentication Services engineering team that owns and manages Customer IAM (CIAM) services across on-prem and in cloud. Presenting an opportunity to implement innovative identity solutions using modern authentication, cloud based IDP and directory technologies. As a global company, you will collaborate with cross-functional teams including security, IT and business units across US, LATAM, EMEA and APAC regions to lead, drive and deliver global CIAM solutions. Working hours for this role are aligned to US EST time zone.We prefer the location of this position to be hybrid in Cary, NC, but this is open to the consideration of virtual candidates located in the U.S.How You’ll Help Us Build a Confident FutureKey Responsibilities:
Design and Implement scalable IAM solutions that follow a global, hybrid cloud architecture.
Lead and implement seamless application migration efforts from legacy to modern IDP solutions.
Work closely with enterprise, IAM architects to solution design and publish new CIAM Patterns.
Conducts proof of concepts for new requirements and feature enhancements.
Administration and management of authentication services within CIAM portfolio. Implement proper security controls and policies (Roles, Groups, Permissions, Certificates, Encryption, TLS).
Provide domain expertise in authentication & access management services and consultancy to global IT teams and business units on new integrations and best practice.
Implement modern authentication using tools like Ping Federate, Ping Access and Ping One (SAML, OIDC, OAUTH, MFA and Access Gateway).
Partner with app teams to understand their requirements and onboard apps within timelines.
Provide leadership in level 3 support, troubleshooting, perform RCA and implement mitigation plan.
Showcase operational excellence and planning in implementing large scale projects.
Educate and mentor junior team members by conducting demo/training sessions.
Develop and publish runbooks, architecture documentation and diagrams for CIAM solution.
Conduct regular security audits, identity lifecycle management, and compliance assessments to ensure adherence to global standards such as GDPR, PCI, etc.
Collaborate with security and compliance teams to maintain and improve the security posture and of our CIAM systems.
Proactively identify gaps in technical and admin process and propose pragmatic solutions.
Move projects towards architecture North Star and Security Standards.
Essential Business Experience and Technical Skills:Required Skills:
6 - 8+ years of strong experience in designing and implementing authentication access management solution using tools like Ping Federate, Ping Access, Ping One with proficiency and hands-on knowledge of SAML 2.0, OAuth, OpenID Connect, SSO, Web Access Management, Cloud Security, or API Security.
Strong knowledge in Ping Federate, Ping Access, Ping One MFA, or PingOne Advanced Services (P1AS).
5+ years of strong experience in designing and implementing MFA using factors like Email, SMS, Voice OTP, Mobile App or FIDO2 Biometrics/Security Keys.
Led large scale IAM migration projects and experience with CIAM use cases including user self-service registration and password reset flows.
Experience with Log analytics and SIEM tools such as Splunk, Elastic or QRadar.
Preferred Skills:
Bachelor’s degree in an engineering discipline (Computer Science, Information Technology, Math or other engineering equivalent).
Strategic thinking with the ability to lead large-scale IAM initiatives.
5+ years of good experience with LDAP directory services (like Ping Directory, AD, ADLDS, CA Directory).
Solid understanding of cloud security frameworks and zero-trust architecture.
Ping Identity Certification is a plus.
Ability to code and write custom scripts is a plus.
Agile and DevSecOps experience.
Equal Employment Opportunity/Disability/VeteransIf you need an accommodation due to a disability, please email us at accommodations@metlife.com. This information will be held in confidence and used only to determine an appropriate accommodation for the application process.MetLife maintains a drug-free workplace.