What makes Cognizant a unique place to work? The combination of rapid growth and an international and innovative environment! This is creating many opportunities for people like YOU — people with an entrepreneurial spirit who want to make a difference in this world.

At Cognizant, together with your colleagues from all around the world, you will collaborate on creating solutions for the world's leading companies and help them become more flexible, more innovative, and successful. Moreover, this is your chance to be part of the success story.

Position Summary:
This position requires a highly skilled Cybersecurity Architect – Customer Identity & Access Management (CIAM) with deep expertise in the ForgeRock Identity Platform (OpenAM, OpenIDM, OpenDS/OpenDJ/OpenIG), PingOne Advanced Identity Cloud including PingOne Protect, and Microsoft ADFS & Entra ID. The role involves architecting and delivering secure, scalable CIAM solutions across customer-facing channels covering authentication, authorization, consent governance, and identity lifecycle management. It requires strong architectural design capability, hands-on engineering expertise, and experience leading CIAM modernization aligned with security, compliance, and user experience requirements.

Key Responsibilities for the Position:
Customer Identity & Access Management – ForgeRock Platform

Architect and implement OpenAM for customer authentication, SSO, authorization, federation, adaptive risk, OAuth2/OIDC, and SAML.

Develop OpenIDM workflows, provisioning logic, reconciliation jobs, and REST-based integrations.

Perform ticket resolution — own, triage, and resolve support tickets raised by end users and stakeholders within agreed SLAs.

Conduct root cause analysis (RCA) and troubleshoot issues related to authentication flows, identity sync, directory services, and gateway routing.

Administer OpenDS/OpenDJ including schema design, replication, performance tuning, and secure identity storage.

Implement OpenIG for API gateway policies, reverse proxy flows, token validation, and secure integration with customer applications.

Design customer onboarding, progressive profiling, consent/privacy workflows, and self-service capabilities.

Integrate ForgeRock CIAM with web/mobile apps, CRM systems, API gateways, and cloud platforms.

Design and develop customized workflows, scripts, and authentication journeys based on solution requirements.

Implement CIAM capabilities including identity flows, MFA, authentication policies, and social logins.

Configure PingOne Protect for risk-based authentication, bot detection, behavioral analytics, and fraud scoring.

Design adaptive access and threat mitigation policies across customer environments.

Integrate PingOne with external identity platform

Configure ADFS for claims-based authentication, federation, certificates, and trust relationships.

Develop custom claims rules and onboard applications using OAuth2, SAML, and OIDC.

Mandatory Skills:

Proven hands-on experience with the Ping\ForgeRock product suite: Ping AM, Ping IDM, Ping DS ,Ping Protect and Ping Gateway

Strong understanding of OAuth2, OIDC, SAML, and identity federation concepts.

Strong experience with identity flows, MFA, conditional access, and social authentication.

Experience providing L2/L3 application support in a production IAM environment.

Ability to perform incident triage, troubleshooting, and root cause analysis across IAM components.

Proficiency in Java, Groovy, or JavaScript for custom development and scripting.

Experience with CI/CD tools such as Jenkins, Git, and automation scripting.

Familiarity with Agile methodologies and tools like Jira and Confluence.

Experience working in cloud environments (e.g., AWS, Azure, GCP).

Desirable

Experience with PingOne Advanced Identity Cloud.

Knowledge of containerization technologies (Docker, Kubernetes, OpenShift).

Exposure to secure software development and security standards (e.g., OWASP).

Experience with monitoring and logging tools (e.g., Splunk, Grafana, Dynatrace) for IAM platform observability.

Hands-on with PingOne Protect for behavioral analytics, bot defence, risk scoring, and fraud mitigation.

Ability to design adaptive authentication, risk policies, and continuous identity assurance.

Experience configuring relying party trusts, certificates, claims rules, and SSO for enterprise and customer apps.

Duties and Responsibilities:

Design customer identity lifecycle processes including registration, verification, profiling, and account recovery.

Implement authentication journeys using node-based flows, adaptive policies, and contextual risk evaluation.

Develop provisioning workflows and reconciliation jobs in OpenIDM.

Manage directory replication, tuning, schema governance, and secure identity storage.

Ensure HA/DR, capacity planning, monitoring, and platform stability across CIAM components.

Maintain audit readiness, logs, consent evidence, and compliance reporting (GDPR/PII).

Implement risk-based authentication using behavioral signals, anomaly detection, and real-time scoring.

Configure bot defence, attack mitigation, and transaction risk controls.

Integrate PingOne with applications and cloud identity services.

Implement SSO and federation using SAML, OAuth2, OIDC, and JWT for customer-facing applications.

Qualifications & Certifications (Optional):

Certifications in tools ForgeRock (AM/IDM), Microsoft ADFS

Salary Range:>$100,000
Date of Posting: 2-Apr-26

Next Steps: If you feel this opportunity suits you, or Cognizant is the type of organization you would like to join, we want to have a conversation with you! Please apply directly with us.

For a complete list of open opportunities with Cognizant, visit http://www.cognizant.com/careers. Cognizant is committed to providing Equal Employment Opportunities. Successful candidates will be required to undergo a background check.

IAM Architect