Privia Health is hiring an Identity Developer

Privia Health is hiring an Identity Developer to play a critical role in the design, implementation, and continuous development of our identity platforms. Reporting to the Director of Identity Management and Assurance, you will focus primarily on our customer identity and access management (CIAM) ecosystem built on Ping One Advanced Identity Cloud (ForgeRock), with secondary emphasis on SailPoint IdentityNow for workforce identity governance.

What You'll Do

• Manage and perform onboarding integrations within SailPoint IdentityNow, ensuring provisioning and governance across multi-tiered enterprise applications.
• Serve as the technical project manager for IGA and CIAM implementation and expansion, overseeing deployment, upgrades, and continuous improvements.
• Develop and implement identity lifecycle management automations using scripting languages and APIs to streamline access provisioning and deprovisioning.
• Provide technical leadership and mentor Junior IAM engineers and other colleagues to maintain and enhance the IGA platform, ensuring scalability and security.
• Lead the design, development, and implementation of the CIAM solution, namely Ping/ForgeRock, collaborating with other engineers to enhance authentication and access management for external identities.
• Create and maintain multi-tiered technical documentation for IGA/CIAM processes and integrations to ensure clarity and compliance.
• Work cross-functionally with Cybersecurity, Compliance, IT, and Enterprise Application teams to align IAM/IGA initiatives with organizational security and business goals.

What We're Looking For

• 5+ years of experience designing and building complex IAM/IGA/CIAM implementations.
• 5+ years of hands-on experience with Ping Identity/ForgeRock in a CIAM engineering or architecture capacity.
• 3+ years of hands-on experience with SailPoint IdentityNow, including configuration and management.
• 5+ years of experience in user provisioning and lifecycle management, with a strong engineering perspective on designing and automating identity solutions.
• Experience integrating Workday with IAM, CIAM, or IGA systems, including lifecycle event automation derived from Workday data.
• Strong security skills across CIAM, IAM, and IGA domains.
• Must adhere to all HIPAA rules and regulations.
• Experience with user provisioning in cloud environments such as Google Workspace and Google Identity.
• Strong understanding of access controls, authentication, and authorization models in cloud-based platforms.
• Experience working with Workday as a source of truth, including ingesting identity attributes, supporting hire/term data flows, and integrating Workday with an IGA platform.
• Understanding of securing a three-tier application architecture in the context of identity and access management.
• Knowledge of cloud-based security architecture, including multi-cloud environments and the differences between cloud-native applications and virtualized environments such as Citrix or VDI.
• Must have advanced experience with Ping Identity (ForgeRock) as a CIAM platform, including design, configuration, implementation, and integration.
• Familiarity with Workday business processes, organizational structure, and worker data models to enable accurate identity creation, attribute mapping, and downstream provisioning.
• Experience with automation and scripting tools such as GAM (Google Apps Manager), Google Apps Script, Python, PowerShell, JavaScript, and other relevant languages to support identity lifecycle management.
• Proficiency in REST and SCIM APIs for automating user provisioning, deprovisioning, and access management across IAM, IGA, and CIAM solutions.
• Strong focus on automation, streamlining IAM processes, and identifying integration opportunities to enhance security and efficiency.
• Expertise in designing and implementing Ping Identity (ForgeRock), including authentication flows, customer identity lifecycle management, consent, and federation.
• Extensive experience with Identity Governance and Administration platforms, particularly SailPoint IdentityNow, including RBAC, ABAC, access certifications, and automated provisioning workflows.
• Proven ability to integrate CIAM/IAM/IGA solutions with SSO protocols such as SAML, OAuth, and OpenID Connect.
• Strong background in defining and enforcing IAM policies, implementing fine-grained access controls, and managing identity lifecycle events (Joiner, Mover, Leaver) in enterprise environments.
• Skilled in leading IAM architecture discussions, providing strategic technical guidance, and driving best practices across complex SaaS and cloud ecosystems.

Nice to Have

• Bachelor's Degree in Computer Science or a related field.
• Familiarity with Google Cloud Platform.
• Experience with SailPoint IdentityNow strongly preferred as a supporting IGA platform for workforce lifecycle governance.
• Experience with application support for an EHR/EMR - athenaOne preferred.
• Knowledge in the creation, modification, and termination of user profiles within an EHR/EMR application.

Technical Stack

• Identity Platforms: Ping Identity/ForgeRock, SailPoint IdentityNow
• Cloud & HRIS: Google Workspace, Google Identity, Google Cloud Platform, Workday
• Automation & Scripting: GAM (Google Apps Manager), Google Apps Script, Python, PowerShell, JavaScript
• APIs & Protocols: REST APIs, SCIM APIs, SAML, OAuth, OpenID Connect
• Healthcare: athenaOne (EHR/EMR)

Team & Environment

You will report to the Director of Identity Management and Assurance.

Benefits & Compensation

• Compensation: $119,000.00 to $140,000.00
• Medical, dental, vision, life, and pet insurance
• 401K
• Paid time off
• Wellness programs
• Remote work expense reimbursement for internet costs

Work Mode

This is a remote position.

All your information will be kept confidential according to EEO guidelines.