Job Description

Responsibilities

We are seeking a ForgeRock Identity Gateway (IG)/PingGateway, Engineer to support a federal Identity and Access Management (IAM) program for the U.S. Department of Education Federal Student Aid (FSA). This role is responsible for designing and operating identity-aware reverse proxy and gateway solutions that secure applications, APIs, and microservices across a Zero Trust architecture. The engineer will serve as a key Policy Enforcement Point (PEP) architect, ensuring consistent identity and access control enforcement across legacy, cloud, and hybrid systems in alignment with federal security standards such as NIST, FICAM, FedRAMP, and Zero Trust principles.

Key Responsibilities:

Identity Gateway & Reverse Proxy Engineering

• Design, configure, and maintain PingGateway (ForgeRock IG) as an identity-aware reverse proxy
• Manage HTTP/S traffic routing, TLS termination, and load balancer integrations
• Enforce identity and access policies at the network edge

Policy & Route Development

• Develop and maintain JSON-based route configurations and gateway policies
• Implement filters, handlers, and scripts for request/response transformation
• Support credential replay, token injections, and header manipulation for legacy apps

API & Microservices Security

• Secure APIs using PingGateway microgateway capabilities
• Implement OAuth 2.0 resource server patterns and token validation
• Integrate with external authorization systems (e.g., PingAuthorize)

Authentication & Federation

• Implement SSO, MFA, and federated identity flows
• Configure OAuth 2.0, OpenID Connect (OIDC), and SAML integrations
• Support migration of legacy identity protocols to PingOne Advanced Identity Cloud

Zero Trust Enforcement

• Implement gateway-based Policy Enforcement Points (PEP) within a Zero Trust architecture
• Enforce adaptive authentication and risk-based access controls

Scripting & Customization

• Develop Groovy and JavaScript scripts for custom gateway behavior
• Build custom authentication, token handling, and audit logging logic

Observability & Monitoring

• Configure logging, metrics, and audit trails for gateway traffic
• Integrate with enterprise SIEM and monitoring tools (e.g., Prometheus, OpenTelemetry)

DevOps & Deployment

• Deploy PingGateway in Docker and Kubernetes environments
• Support CI/CD pipelines and infrastructure-as-code practices
• Work with hardened container environments for federal systems

Integration & Platform Support

• Integrate PingGateway with ForgeRock components (AM, IDM, DS)
• Support identity flows across hybrid and cloud environments

Troubleshooting & Support

• Provide L3 support for production incidents
• Perform root cause analysis and resolve complex identity and routing issues
• Ensure high availability and performance of gateway services

Compliance & Security

• Ensure compliance with FISMA, FedRAMP, NIST, and federal IAM standards
• Support audits, security assessments, and continuous monitoring requirements
• Participate in design reviews and agile ceremonies

Qualifications

Required Qualifications:

• Bachelor’s degree and 5 years of experience or 9 years with a HS diploma/equivalent
• 5+ years in Identity and Access Management (IAM)
• Hands-on experience with ForgeRock IG / PingGateway or similar API gateway/IAM reverse proxy solutions
• Experience in enterprise or federal environments
• Experience working in Agile/Scrum teams
• ForgeRock IG / PingGateway (route configuration, scripting, policy design) experience
• Familiarity in OAuth 2.0, OpenID Connect, SAML 2.0, JWT, LDAP
• Groovy and JavaScript scripting experience
• Experience in REST APIs and microservices security
• Familiarity in Kubernetes, Docker, and CI/CD pipelines
• LDAP/Active Directory integration experience
• Understanding of Zero Trust architecture (NIST SP 800-207)
• Familiarity with cloud platforms (AWS, Azure, or GCP)
• U.S. Citizenship required
• Must be able to obtain and maintain the required agency clearance

Preferred Qualifications:

• ForgeRock or Ping Identity certifications
• CISSP, Security+, or similar cybersecurity certifications
• Experience with PingAuthorize or externalized authorization models
• Experience with federal IAM programs (FSA, DHS, DoD, etc.)
• Knowledge of observability tools (Prometheus, OpenTelemetry)
• Experience with SailPoint, Okta, or CyberArk
• Familiarity with advanced security topics (mTLS, FAPI, PKI, or post-quantum crypto)
• Agile/SAFe certifications

Peraton Overview

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world’s leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can’t be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we’re keeping people around the world safe and secure.

Target Salary Range

$80,000 - $128,000. This represents the typical salary range for this position. Salary is determined by various factors, including but not limited to, the scope and responsibilities of the position, the individual’s experience, education, knowledge, skills, and competencies, as well as geographic location and business and contract considerations. Depending on the position, employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay.

EEO

EEO: Equal opportunity employer, including disability and protected veterans, or other characteristics protected by law.