View All Jobs 142099

CIAM Principal Engineer

Lead the development of a global, zero-trust customer identity management platform
Rolling Meadows, Illinois, United States
Expert
10 hours agoBe an early applicant
Arthur J Gallagher & Co

Arthur J Gallagher & Co

Provides insurance brokerage, risk management, and consulting services to businesses, organizations, and individuals worldwide.
56 Similar Jobs at Arthur J Gallagher & Co

CIAM Principal Engineer (Ping Identity)

The CIAM Principal Engineer (Ping Identity) serves as the senior technical authority responsible for designing, building, and optimizing secure and scalable customer identity solutions leveraging the Ping Identity platform. This role combines deep technical expertise in Ping products with strategic architecture leadership, enabling frictionless, secure customer experiences across web, mobile, and API ecosystems.

The Principal Engineer partners with enterprise architects, product teams, and cybersecurity leaders to deliver a modern, standards-based CIAM ecosystem aligned with business growth, regulatory requirements, and Zero Trust principles.

Key Responsibilities

  • Architecture & Design
  • Lead the architecture and engineering of enterprise-grade CIAM solutions using the Ping Identity suite.
  • Define reference architectures, design blueprints, and integration patterns for customer authentication, authorization, and identity lifecycle management.
  • Architect and implement federated identity solutions and single sign-on (SSO) leveraging OAuth 2.0, OpenID Connect (OIDC), SAML 2.0, SCIM, and FIDO2, in partnership with Cyber Architecture Team.
  • Design for multi-region scalability, high availability, and fault tolerance across hybrid or multi-cloud environments.
  • Ensure architectures align with Zero Trust principles, privacy-by-design, and global data protection regulations (GDPR, CCPA, etc.).
  • Engineering & Implementation
  • Lead hands-on development and integration of Ping Identity components within customer-facing applications and APIs.
  • Configure and extend PingFederate for token services, authentication policies, and adapter integrations.
  • Implement PingAccess for API and web session management, policy enforcement, and adaptive access control.
  • Deploy and tune PingDirectory for large-scale customer identity storage and replication.
  • Automate CIAM deployment pipelines using PingCentral, Terraform, and CI/CD tools (Jenkins, GitLab CI).
  • Integrate Ping Identity solutions with customer portals, mobile apps, CRM systems, and marketing platforms.
  • Develop custom adapters, plugins, and scripts to extend Ping capabilities where required.
  • Security, Governance & Compliance
  • Define and enforce identity security standards for authentication flows, token handling, session management, and encryption.
  • Partner with cybersecurity teams to embed Ping Identity telemetry into SIEM and behavioral analytics systems.
  • Conduct threat modeling and architecture reviews for all customer identity initiatives.
  • Maintain compliance with industry and privacy frameworks (NIST CSF, ISO 27001, GDPR, PCI DSS).
  • Implement adaptive authentication, risk-based access, and fraud detection integrations with Ping's Intelligent Identity features or third-party tools.
  • Leadership & Collaboration
  • Act as the technical lead and subject matter expert (SME) for all Ping-based CIAM initiatives.
  • Mentor CIAM engineers and developers in Ping Identity best practices and secure identity design.
  • Collaborate with enterprise and cyber security architects, DevOps, and application teams to embed security-by-design into customer solutions.
  • Work with vendors and Ping Identity professional services to influence roadmap alignment and solution optimization.
  • Represent the CIAM team in technical design reviews, architecture boards, and security governance forums.
  • Innovation & Continuous Improvement
  • Drive innovation in passwordless authentication, FIDO2/WebAuthn, and decentralized identity using PingOne capabilities.
  • Evaluate and pilot new Ping Identity cloud-native offerings (e.g., PingOne Advanced Identity Cloud, PingOne Risk, PingOne DaVinci).
  • Optimize existing Ping deployments for performance, scalability, and maintainability.
  • Develop a multi-year CIAM technology roadmap that aligns Ping Identity solutions with evolving business and security needs.

About You

Required:

  • Typically requires a University Degree and minimum 10 years of prior relevant experience, or equivalent experience.
  • Preferred: Experience 10+ years in Identity and Access Management (IAM), including 5+ years specializing in CIAM.
  • 5+ years of direct, hands-on experience implementing Ping Identity solutions in customer-facing environments.
  • Proven experience designing and deploying PingFederate, PingAccess, and PingDirectory in hybrid or cloud environments.
  • Expertise in OAuth 2.0, OIDC, SAML, SCIM, FIDO2, and JWT-based identity flows.
  • Strong understanding of cloud architectures (AWS, Azure, or GCP) and container orchestration (Kubernetes, Docker).
  • Demonstrated success leading large-scale identity transformation projects or migrations to Ping Identity.

Technical Skills:

  • PingFederate / PingAccess / PingDirectory / PingOne / PingCentral
  • REST / GraphQL API design and security
  • SSO and federation standards
  • Directory services (LDAP, Active Directory, cloud directories)
  • Application integration using SDKs, APIs, and adapters
  • Infrastructure-as-Code (Terraform, CloudFormation)
  • CI/CD tools (Jenkins, GitLab CI/CD, ArgoCD)
  • Scripting languages: Python, Java, PowerShell, or Groovy
  • TLS, PKI, and token-based encryption management

Soft Skills:

  • Excellent communication and stakeholder management skills.
  • Ability to translate complex identity concepts into business-friendly terms.
  • Strong leadership, mentoring, and influencing abilities across technical teams.
  • Detail-oriented with a focus on resilience, scalability, and usability.
  • Passionate about customer experience and continuous improvement.

Certifications (Preferred):

  • Ping Identity Certified Professional / PingFederate Specialist
  • CISSP, CISM, or CIAM Professional
  • Cloud Security certifications (AWS Security Specialty, Azure Security Engineer, etc.)
  • FIDO2 / WebAuthn implementation experience

Success Metrics

  • Secure, seamless customer login and registration experiences.
  • Measurable reduction in authentication friction and abandonment rates.
  • Increased adoption of strong authentication (MFA, passwordless).
  • Improved CIAM uptime, performance, and scalability.
  • Compliance with data protection and privacy regulations.
  • Accelerated delivery of identity capabilities through automation and CI/CD integration.

Compensation and benefits:

We offer a competitive and comprehensive compensation package. The base salary range represents the anticipated low end and high end of the range for this position. The actual compensation will be influenced by a wide range of factors including, but not limited to, previous experience, education, pay market/geography, complexity or scope, specialized skill set, lines of business/practice area, supply/demand, and scheduled hours. On top of a competitive salary, great teams and exciting career opportunities, we also offer a wide range of benefits. Below are the minimum core benefits you'll get:

  • Medical/dental/vision plans, which start from day one!
  • Life and accident insurance
  • 401(K) and Roth options
  • Tax-advantaged accounts (HSA, FSA)
  • Educational expense reimbursement
  • Paid parental leave

Other benefits include:

  • Digital mental health services (Talkspace)
  • Flexible work hours (availability varies by office and job function)
  • Training programs
  • Gallagher Thrive program – elevating your health through challenges, workshops and digital fitness programs for your overall wellbeing
  • Charitable matching gift program
  • And more...

**The benefits summary above applies to fulltime positions. If you are not applying for a fulltime position, details about benefits will be provided during the selection process.

We value inclusion and diversity. Gallagher embraces our employees

+ Show Original Job Post
Suggest a correction
























CIAM Principal Engineer
Rolling Meadows, Illinois, United States
Engineering
Apply to job
About Arthur J Gallagher & Co
Provides insurance brokerage, risk management, and consulting services to businesses, organizations, and individuals worldwide.