Principal Engineer-

Location: London (2 days hybrid)
Duration: 6 months


About the Role

We are looking for a Senior IAM Engineer with deep ForgeRock and PingIdentity expertise to design and implement scalable, cloud-based Identity and Access Management (IAM) solutions for large-scale enterprises. If you have experience leading IAM deployments at scale (10M+ active users), along with a strong security and authentication background, we want to hear from you!

Key Responsibilities

• Architect, configure, and deploy ForgeRock-based IAM solutions (PingGateway, PingAM, PingIDM, PingDS) in high-scale corporate environments.

• Develop cloud-based, resilient, and scalable IAM solutions supporting millions of users.

• Implement OAuth2, OIDC, PKI, PSD2 SCA, WebAuthN, Passkey authentication, and integrate biometric authentication (on-device & server-side).

• Secure Java microservices using Java keystore providers, PKCS#11, HSM, CSM, symmetric & asymmetric encryption, token signing, verification, and mA-TLS.

• Conduct vulnerability scanning, security patching, and risk assessments for IAM platforms.

• Lead Agile/Scrum teams, ensuring high-quality delivery and mentoring AVP/VP-level engineers.

• Collaborate with security, compliance, and product teams to drive IAM best practices in DevSecOps.

Required Skills & Experience

✅ 5+ years of hands-on experience configuring and deploying ForgeRock COTS-based IAM solutions.
✅ Proven track record designing large-scale IAM architectures (10M+ users).
✅ Deep expertise in identity federation, SSO, authentication, authorization, and related security frameworks.
✅ Strong background in JavaScript, Java, Python for IAM scripting and integration.
✅ Hands-on experience with password policies, OTP algorithms, mobile authenticators, security tokens.
✅ Experience with HSM, CSM, PKCS#11, token signing, encryption, and TLS security.
✅ Strong understanding of OAuth2, OIDC, PKI, and PSD2 SCA.
✅ Agile/Scrum leadership experience, with a track record of mentoring teams.
✅ Open-source contributions are a plus.

Certifications & Training

• Certification or proof of completion of ForgeRock Deep-Dive “4xx” training courses preferred.