Senior Identity Services Engineer

Shift:
Day (United States of America)

Description:

Senior Identity Services Engineer

At NewYork-Presbyterian Hospital, Information Technology is at the forefront of our patient experience. We are committed to excellence in patient care, research, education and community service. Innovative technology, such as telehealth, remote patient monitoring and robotics, drive our initiatives addressing large-scale challenges that will yield better outcomes for patients and their families. Join our team to develop your career while creating solutions and services that will improve the health and well-being of the communities we serve. Start your journey with us today!

Position Summary

Operates and maintains the Information Security team’s portfolio of access management an federation products. Responsible for application integration, implementation of access control systems, data analytics, report generation, incident investigation/remediation, server administration, and team mentorship. Performs extensive operational and strategic level duties with the ability to serve in an architectural capacity, providing the appropriate information and planning required for new technology and policy deployments.

Essential Job Duties

• Design, implement, and support enterprise SSO solutions (e.g., PingFederate, Azure AD, Okta)
• Maintain and enhance access management platforms and federation infrastructure
• Lead application integrations into existing SSO frameworks using SAML, OAuth2, and OIDC
• Implement and support Role-Based Access Control (RBAC) and modern authentication methods
• Support and improve authentication strategies across the organization
• Collaborate with information security, app owners, and infrastructure teams to deliver secure identity solutions
• Troubleshoot complex authentication and federation issues across multiple environments
• Participate in IAM roadmap planning and contribute to architectural decisions
• Provide mentorship and technical guidance to IAM engineers
• Support governance efforts related to authentication, authorization, and access control standards

“May require occasional on-site presence; therefore, should live within a commutable distance. No relocation assistance available.”

Required Qualifications

• 5+ years of Identity & Access Management experience with a strong focus on SSO and federation
• Deep technical knowledge of:
  • PingFederate, Azure AD, Okta, ADFS
  • Federation protocols including SAML, OIDC, and OAuth2
  • LDAP, Active Directory, SCIM
  
  
• Proficiency in scripting and development with PowerShell, Python, and Java
• Experience working with REST APIs for IAM services; familiarity with Postman or similar tools
• Familiarity with OGNL expression language for customizing PingFederate policies
• Front-end UX design and customization using HTML, CSS, and JavaScript
• Basic Linux administration skills for maintaining and managing IAM infrastructure
• Working knowledge of certificates and PKI (X.509, certificate chains, signing, encryption, keystore management)
• Strong troubleshooting and debugging skills across application, identity, and network layers

Understanding of modern identity concepts such as Zero Trust, adaptive authentication (risk-based, device/user signals), and conditional access

Preferred Qualifications

• Hands-on experience with the Ping Identity platform, particularly:
  • PingFederate, PingOne, PingID, PingDirectory
  
  
• Experience with MFA and Passwordless/FIDO2/WebAuthn authentication strategies
• Experience building and configuring enterprise SSO applications in Azure AD / Entra ID
• Exposure to IAM orchestration platforms such as PingOne DaVinci or similar tools
• Experience supporting cloud identity integrations (Azure, AWS, GCP)
• Familiarity with enterprise SSO in hybrid environments (on-prem and cloud-based apps)

• Strong documentation and communication skills
• Comfortable collaborating across technical and non-technical teams
• Ability to lead projects and mentor junior engineers

Join a healthcare system where employee engagement is at an all-time high. Here we foster a culture of respect, diversity, and inclusion. Enjoy comprehensive and competitive benefits that support you and your family in every aspect of life. Start your life-changing journey today.

Please note that all roles require on-site presence (variable by role). Therefore, all employees should live within a commutable distance to NYP.

NYP will not reimburse for travel expenses .

__________________

• 2024 “Great Place To Work Certified”
• 2024 “America’s Best Large Employers” – Forbes
• 2024 “Best Places to Work in IT” – Computerworld
• 2023 “Best Employers for Women” – Forbes
• 2023 “Workplace Well-being Platinum Winner” – Aetna
• 2023 “America’s Best-In-State Employers” – Forbes
• “Silver HCM Excellence Award for Learning & Development” – Brandon Hall Group

NewYork-Presbyterian Hospital is an equal opportunity employer.

Salary Range:

$97,000-$145,000/Annual

It all begins with you. Our amazing compensation packages start with competitive base pay and include recognition for your experience, education, and licensure. Then we add our amazing benefits, countless opportunities for personal and professional growth and a dynamic environment that embraces every person. Join our team and discover where amazing works.

Source ⇲