# ForgeRock Identity Engineer / Architect

**Company:** [Qode](http://jobs.workable.com/companies/d9Gs4Q7pnWjZVXU2mK6CGd.md)
**Location:** Texas, United States
**Workplace:** on site
**Employment type:** Full-time

[Apply for this job](http://jobs.workable.com/view/d94a472d-b5e3-4cee-a6f7-43e71bdb4bb0)

## Description

**Role: ForgeRock Identity Engineer / Architect**

**Location:** **VA, NJ, TX, Atlanta, Colorado, Tampa**

  

**About the Role**

Join a high-impact POD building a self-service federated SSO platform. You’ll be the hands-on ForgeRock expert designing and engineering a scalable identity broker integrating with Okta, Microsoft Entra ID, PingIdentity, and more. This is a build-from-scratch, code-heavy role—not admin/config.

  

**Key Responsibilities**

-   Design multi-tenant ForgeRock AM federation architecture
-   Build REST APIs for programmatic SAML SP connection lifecycle (create/validate/activate)
-   Implement SAML/OIDC flows, assertion validation, and secure session management across apps
-   Develop scripted authentication (Groovy/JS) and automate certificate lifecycle (monitoring & rotation)
-   Enable break-glass fallback, ensure high availability, and prepare SCIM-ready architecture
-   Migrate existing manual SP connections to automated framework

  

**Must Have**

-   4+ years hands-on ForgeRock Access Manager (AM)
-   Strong SAML 2.0 (debugging raw assertions), OIDC/OAuth 2.0
-   Experience with ForgeRock REST APIs, scripted nodes, and keystore/X.509 management
-   API design & integrations, LDAP, secrets management (AWS/Vault)
-   Coding: Java/Groovy + CI/CD, API testing, SAML debugging tools

  

**Nice to Have**

-   ForgeRock IDM, SCIM 2.0, cloud (AWS/Azure/GCP)
-   Experience with Okta / Entra / Ping as IDP
-   Migration of manual SP setups to programmatic model

  

**Why This Role?**

You’ll define the identity architecture powering hundreds of future customers—owning critical decisions, building automation, and solving complex, real-world federation challenges.
