[Hiring] Identity Developer @Privia Health

Role Description

Reporting to the Director of Identity Management and Assurance, the IAM Engineer plays a critical role in the design, implementation, and continuous development of Privia’s identity platforms, with primary emphasis on our customer identity and access management (CIAM) ecosystem built on Ping One Advanced Identity Cloud (ForgeRock) and secondary emphasis on SailPoint IdentityNow for workforce identity governance.

• Ensures the CIAM and IGA platforms meet Privia’s identity, security, and compliance needs.
• Develops and maintains processes for authentication, authorization, governance, maintenance, and termination of user access for both workforce and non-workforce identities.
• Collaborates across departments to identify security gaps, optimize user lifecycle workflows, and strengthen overall identity posture.
• Integrates the identity stack with systems such as Google Workspace, Workday, and other mission- and business-critical applications.
• Works with technical teams and business stakeholders to ensure identity workflows comply with security policies, industry standards, and best practices.
• Manages and performs onboarding integrations within SailPoint IdentityNow, ensuring provisioning and governance across multi-tiered enterprise applications.
• Serves as the technical project manager for IGA and CIAM implementation and expansion, overseeing deployment, upgrades, and continuous improvements.
• Develops and implements identity lifecycle management automations using scripting languages and APIs to streamline access provisioning and deprovisioning.
• Provides technical leadership and mentors Junior IAM engineers and other colleagues to maintain and enhance the IGA platform, ensuring scalability and security.
• Leads the design, development, and implementation of CIAM solution, namely Ping/Forgerock, collaborating with other engineers to enhance authentication and access management for external identities.
• Creates and maintains multi-tiered technical documentation for IGA/CIAM processes and integrations to ensure clarity and compliance.
• Works cross-functionally with Cybersecurity, Compliance, IT, and Enterprise Application teams to align IAM/IGA initiatives with organizational security and business goals.

Qualifications

• 5+ years of experience designing and building complex IAM/IGA/CIAM implementations.
• 5+ years of hands-on experience with Ping Identity/ForgeRock in a CIAM engineering or architecture capacity.
• 3+ years of hands-on experience with SailPoint IdentityNow, including configuration and management.
• 5+ years of experience in user provisioning and lifecycle management, with a strong engineering perspective on designing and automating identity solutions.
• Experience integrating Workday with IAM, CIAM, or IGA systems, including lifecycle event automation derived from Workday data.
• Strong security skills across CIAM, IAM, and IGA domains.
• Must adhere to all HIPAA rules and regulations.
• Bachelor's Degree in Computer Science or a related field preferred.
• Experience with user provisioning in cloud environments such as Google Workspace and Google Identity; familiarity with Google Cloud Platform is preferred.
• Strong understanding of access controls, authentication, and authorization models in cloud-based platforms.
• Experience working with Workday as a source of truth, including ingesting identity attributes, supporting hire/term data flows, and integrating Workday with an IGA platform for automated lifecycle management.

Requirements

• Understanding of securing a three-tier application architecture in the context of identity and access management.
• Knowledge of cloud-based security architecture, including multi-cloud environments and the differences between cloud-native applications and virtualized environments such as Citrix or VDI.
• Must have advanced experience with Ping Identity (ForgeRock) as a CIAM platform, including design, configuration, implementation, and integration.
• Experience with SailPoint IdentityNow strongly preferred as a supporting IGA platform for workforce lifecycle governance.
• Familiarity with Workday business processes, organizational structure, and worker data models to enable accurate identity creation, attribute mapping, and downstream provisioning.
• Experience with automation and scripting tools such as GAM (Google Apps Manager), Google Apps Script, Python, PowerShell, JavaScript, and other relevant languages to support identity lifecycle management.
• Proficiency in REST and SCIM APIs for automating user provisioning, deprovisioning, and access management across IAM, IGA, and CIAM solutions.
• Strong focus on automation, streamlining IAM processes, and identifying integration opportunities to enhance security and efficiency.
• Must have expertise in designing and implementing Ping Identity (ForgeRock), including authentication flows, customer identity lifecycle management, consent, and federation.
• Extensive experience with Identity Governance and Administration platforms, particularly SailPoint IdentityNow, including RBAC, ABAC, access certifications, and automated provisioning workflows.
• Proven ability to integrate CIAM/IAM/IGA solutions with SSO protocols such as SAML, OAuth, and OpenID Connect to enhance security while improving user experience.
• Strong background in defining and enforcing IAM policies, implementing fine-grained access controls, and managing identity lifecycle events (Joiner, Mover, Leaver) in enterprise environments.
• Skilled in leading IAM architecture discussions, providing strategic technical guidance, and driving best practices across complex SaaS and cloud ecosystems.

Benefits

• The salary range for this role is $120,000.00 to $140,000.00 in base pay and exclusive of any bonuses or benefits (medical, dental, vision, life, and pet insurance, 401K, paid time off, and other wellness programs).
• This role is also eligible for an annual bonus targeted at 15%.
• The base pay offered will be determined based on relevant factors such as experience, education, and geographic location.