Responsibilities
- Monitor platform health across the ForgeRock software suite including Access Management (AM), Identity Management (IDM), Directory Services (DS), and Identity Gateway (IG)
- Manage system upgrades, critical security patches, and hotfix deployments with minimal disruption to business operations
- Maintain directory integrations ensuring steady synchronization between ForgeRock components and connected enterprise systems like Active Directory, Azure AD/Entra ID, and HR systems
- Optimize system capacity by tuning JVM, database connectors, and LDAP server performances to meet service level agreements (SLAs)
- Provide L3 technical support to resolve complex identity federation, single sign-on (SSO), and authentication routing incidents
- Conduct root cause analysis on system failures, application performance drops, or certificate expirations, implementing permanent remediation steps
- Oversee backup and disaster recovery protocols, verifying snapshot integrity for all identity data and configurations
- Maintain technical documentation including operational standard operating procedures (SOPs), runbooks, and environment architecture diagrams
- Build custom authentication scripts and logic plugins utilizing Java, JavaScript, or Groovy to address advanced access use cases
- Configure authentication journeys incorporating multi-factor authentication (MFA), risk-based conditional access, and Zero Trust validation policies
- Develop JSON-based route profiles within ForgeRock Identity Gateway to enforce policy controls for legacy applications and microservice APIs
- Automate deployment workflows using CI/CD pipelines and infrastructure-as-code blueprints within Docker or Kubernetes container environments
Requirements
- 6+ years of dedicated professional experience in Identity & Access Management (IAM), with at least 2+ years specialized in the ForgeRock ecosystem
- Proven mastery of ForgeRock AM, IDM, DS, and IG components, configuration files, and properties
- Deep understanding of core identity security standards including OAuth 2.0, OpenID Connect (OIDC), SAML 2.0, and LDAP
- Proficiency writing production-grade scripts in Groovy, JavaScript, or Java
- Comfortable operating within Linux Server ecosystems, command-line interfaces, and shell scripting
Nice to Have
- ForgeRock Certified Access Management Specialist, Identity Management Specialist, or Ping Identity equivalent certifications
- Hands-on familiarity using Git version control, Jenkins, Docker, or Kubernetes clusters