PingFederate Engineer

Job Title: PingFederate Engineer
Location: Pimlico - 3 days per week (with occasional travel to Bracknell)
Salary/Rate: Up to £481 per day inside IR35
Start Date: 07/04/2026
Job Type: Contract - 6 months

Company Introduction
We have an exciting opportunity now available with one of our sector-leading retail clients! They are currently looking for a skilled PingFederate Engineer to join their team for a six-month contract.

Job Responsibilities/Objectives

The PingFederate Engineer is responsible for the design, implementation, and operational support of enterprise-grade federated identity and single sign-on (SSO) solutions using PingFederate. The role is client-facing, requiring close collaboration with UK-based stakeholders, application teams, and security leadership to deliver secure, compliant authentication services across on-premise, cloud, and hybrid environments.

This role operates within regulated UK environments ensuring adherence to UK security standards, data protection requirements, and audit expectations while enabling modern authentication using SAML, OAuth, and OpenID Connect.

• Act as a UK onshore technical SME for PingFederate within client IAM programmes.
• Engage directly with UK business, application, and security stakeholders to gather requirements and explain federation designs in clear, non-vendor language.
• Participate in design authorities, CABs, and security reviews, representing the identity federation domain.
• Support UK delivery governance, documentation standards, and change management processes.
• Design, configure, and support PingFederate as an Identity Provider (IdP) and Service Provider (SP) for internal, partner, and customer applications.
• Implement and support SAML 2.0, OAuth 2.0, and OpenID Connect (OIDC) authentication flows.
• Deliver IdP-initiated and SP-initiated SSO integrations for web, mobile, and API-based services.
• Integrate PingFederate with Active Directory/LDAP and external identity providers.
• Perform installation, configuration, upgrade, and patching of PingFederate in line with UK enterprise standards.
• Configure high availability, clustering, and load-balanced deployments suitable for regulated production environments.
• Manage SSL/TLS certificates, key rotation, trust stores, and federation metadata.
• Provide 3rd-line support, root-cause analysis, and incident resolution for authentication and federation issues.
• Support change, release, and incident processes aligned to ITIL practices.
• Ensure solutions comply with UK regulatory and security requirements, including:
• Data protection and privacy obligations (eg UK GDPR)
• Implement MFA and adaptive authentication integrations (eg PingID or third-party MFA).
• Apply Zero Trust and least-privilege principles within federation and token designs.
• Support internal and external audits by providing technical evidence and documentation.
• Develop or support custom PingFederate adapters, selectors, and token translators (Java-based) where required.
• Integrate PingFederate with PingAccess, API gateways, CIAM platforms, and cloud identity services.
• Work with DevOps teams to support automation, environment consistency, and controlled deployments.

Required Skills/Experience
The ideal candidate will have the following:

• Strong, hands-on experience engineering and supporting PingFederate in enterprise environments.
• Deep understanding of:
• SAML 2.0
• OAuth 2.0
• OpenID Connect (OIDC)
• Experience integrating with Active Directory, LDAP, and identity stores.
• Solid understanding of PKI, certificates, encryption, and secure authentication flows.
• Ability to troubleshoot complex federation issues across multiple systems.
• Strong experience in IAM/Access Management/Identity Federation roles.
• Proven experience working in UK-regulated or compliance-driven environments.
• Experience working onshore with UK clients or stakeholders.
• Exposure to cloud or hybrid identity architectures (Azure AD, AWS, GCP) is desirable.

Desirable Skills/Experience
Although not essential, the following skills are desired by the client:

• Experience delivering Financial Services or Insurance IAM programmes in the UK.
• CIAM (Customer Identity) exposure.
• Migration experience from ADFS, SiteMinder, or other Legacy federation platforms to PingFederate.
• Familiarity with ServiceNow, JIRA, Confluence, and structured delivery models.

If you are interested in this opportunity, please apply now with your updated CV in Microsoft Word/PDF format.

Disclaimer
Notwithstanding any guidelines given to level of experience sought, we will consider candidates from outside this range if they can demonstrate the necessary competencies.
Square One is acting as both an employment agency and an employment business, and is an equal opportunities recruitment business. Square One embraces diversity and will treat everyone equally. Please see our website for our full diversity statement.