The Candidate would need to live in the following states NY, PA, CT, NJ May require occasional on-site presence; therefore, should live within a commutable distance. No relocation assistance available.
At NewYork-Presbyterian Hospital, Information Technology is at the forefront of our patient experience. We are committed to excellence in patient care, research, education and community service. Innovative technology, such as telehealth, remote patient monitoring and robotics, drive our initiatives addressing large-scale challenges that will yield better outcomes for patients and their families. Join our team to develop your career while creating solutions and services that will improve the health and well-being of the communities we serve. Start your journey with us today!
Position Summary
Operates and maintains the Information Security team s portfolio of access management and federation products. Responsible for application integration, implementation of access control systems, data analytics, report generation, incident investigation/remediation, server administration, and team mentorship. Performs extensive operational and strategic level duties with the ability to serve in an architectural capacity, providing the appropriate information and planning required for new technology and policy deployments.
Essential Job Duties
- Design, implement, and support enterprise SSO solutions (e.g., PingFederate, Azure AD, Okta)
- Maintain and enhance access management platforms and federation infrastructure
- Lead application integrations into existing SSO frameworks using SAML, OAuth2, and OIDC
- Implement and support Role-Based Access Control (RBAC) and modern authentication methods
- Support and improve authentication strategies across the organization
- Collaborate with information security, app owners, and infrastructure teams to deliver secure identity solutions
- Troubleshoot complex authentication and federation issues across multiple environments
- Participate in IAM roadmap planning and contribute to architectural decisions
- Provide mentorship and technical guidance to IAM engineers
- Support governance efforts related to authentication, authorization, and access control standards
Required Qualifications
- 5+ years of Identity & Access Management experience with a strong focus on SSO and federation
- Deep technical knowledge of:
- PingFederate, Azure AD, Okta, ADFS
- Federation protocols including SAML, OIDC, and OAuth2
- LDAP, Active Directory, SCIM
- Proficiency in scripting and development with PowerShell, Python, and Java
- Experience working with REST APIs for IAM services; familiarity with Postman or similar tools
- Familiarity with OGNL expression language for customizing PingFederate policies
- Front-end UX design and customization using HTML, CSS, and JavaScript
- Basic Linux administration skills for maintaining and managing IAM infrastructure
- Working knowledge of certificates and PKI (X.509, certificate chains, signing, encryption, keystore management)
- Strong troubleshooting and debugging skills across application, identity, and network layers
Understanding of modern identity concepts such as Zero Trust, adaptive authentication (risk-based, device/user signals), and conditional access
Preferred Qualifications
- Hands-on experience with the Ping Identity platform, particularly:
- PingFederate, PingOne, PingID, PingDirectory
- Experience with MFA and Passwordless/FIDO2/WebAuthn authentication strategies
- Experience building and configuring enterprise SSO applications in Azure AD / Entra ID
- Exposure to IAM orchestration platforms such as PingOne DaVinci or similar tools
- Experience supporting cloud identity integrations (Azure, AWS, GCP)
- Familiarity with enterprise SSO in hybrid environments (on-prem and cloud-based apps)
- Strong documentation and communication skills
- Comfortable collaborating across technical and non-technical teams
- Ability to lead projects and mentor junior engineers