Lead IAM Engineer

Description and Requirements
Role Value Proposition:
We are looking for an exceptional lead engineer with specialized focus on implementation and management of modern authentication access management tools.
You will be a SME & critical member of the Authentication Services engineering team that owns and manages Customer IAM (CIAM) services across on-prem and in cloud. Presenting an opportunity to implement innovative identity solutions using modern authentication, cloud based IDP, ID verification and directory technologies.
As a global company, you will collaborate with cross-functional teams including security, IT and business units across US, LATAM, EMEA and APAC regions to lead, drive and deliver global CIAM solutions. Working hours for this role are aligned to US EST time zone.
Key Responsibilities:
• Lead CIAM engineering initiatives across hybrid cloud environments supporting millions of customer identities.
• Work closely with IAM Architect to solution design and publish new CIAM Patterns
• Design and implement customer-facing identity flows including registration, login, MFA, and account recovery.
• Administration and Management of LDAP directories within CIAM portfolio. Implement proper security controls and policies (Schema, Password policies, ACI, Encryption, TLS)
• Provide domain expertise in Authentication/Directory services, consult global IT teams and business units on new integrations and best practice
• Support CIAM tech stack integration with web and mobile applications using SAML, OAuth, and OpenID Connect protocols.
• Implement fraud detection and mitigation strategies using ID proofing services
• Conduct CIAM platform upgrades, patching, and performance tuning to ensure high availability and scalability.
• Provide leadership in level 3 support, troubleshooting and perform RCA
• Showcase operational excellence, planning & ability to drive large scale projects
• Implement CIAM analytics and monitoring using tools like Splunk and Elastic to track authentication trends and anomalies
• Provided mentorship and technical leadership to other team members
• Develop and maintain CIAM architecture documentation, runbooks, and operational playbooks.
• Undergo regular security audits, identity lifecycle management, and compliance assessments to ensure adherence to global standards such as GDPR, PCI, etc.
Essential Business Experience and Technical Skills:
Required Skills:

• 8+ years of strong experience in designing and implementing LDAP directory services (like Ping Directory, OUD, ADLDS, Tivoli, CA Directory).
• 5+ years of strong experience in designing and implementing data sync solutions (PingDataSync or using scripts).
• 5+ years of experience with tools like SiteMinder, Ping Federate, Ping Access, Ping One with hands-on knowledge of SAML 2.0, OAuth, OpenID Connect, SSO, Web Access Management, Cloud Security, API Security.
• Experience implementing fraud detection and mitigation strategies during identity onboarding and verification using ID proofing services (e.g., IDDataWeb, 1Kosmos, ID.me, LexisNexis) into CIAM workflows.
• Self-starter attitude, ability to drive efforts to closure. Possess good verbal and written communication skills with focused attention to detail.

Preferred:

• Strong knowledge in Ping Directory, Ping DataSync, Ping Directory Proxy, Ping Federate, Ping Access.
• Experience implementing fraud detection and mitigation strategies during identity onboarding and verification using ID proofing services (e.g., IDDataWeb, 1Kosmos, ID.me, LexisNexis) into CIAM workflows.
• Experience implementing ID Proofing services.
• Strategic thinking with the ability to lead large-scale IAM initiatives.
• Solid understanding of cloud security frameworks and zero-trust architecture.
• Agile and DevSecOps experience.
• Ping Identity Certification is a plus.

The expected salary range for this position is $120,000 - $160,000. This role may also be eligible for annual short-term incentive compensation. All incentives and benefits are subject to the applicable plan terms.
Benefits We Offer
Our U.S. benefits address holistic well-being with programs for physical and mental health, financial wellness, and support for families. We offer a comprehensive health plan that includes medical/prescription drug and vision, dental insurance, and no-cost short- and long-term disability. We also provide company-paid life insurance and legal services, a retirement pension funded entirely by MetLife and 401(k) with employer matching, group discounts on voluntary insurance products including auto and home, pet, critical illness, hospital indemnity, and accident insurance, as well as Employee Assistance Program (EAP) and digital mental health programs, parental leave, volunteer time off, tuition assistance and much more!
About MetLife
Recognized on Fortune magazine's list of the "World's Most Admired Companies", Fortune World's 25 Best Workplaces™, as well as the Fortune 100 Best Companies to Work For®, MetLife, through its subsidiaries and affiliates, is one of the world's leading financial services companies; providing insurance, annuities, employee benefits and asset management to individual and institutional customers. With operations in more than 40 markets, we hold leading positions in the United States, Latin America, Asia, Europe, and the Middle East.
Our purpose is simple - to help our colleagues, customers, communities, and the world at large create a more confident future. United by purpose and guided by our core values - Win Together, Do the Right Thing, Deliver Impact Over Activity, and Think Ahead - we're inspired to transform the next century in financial services. At MetLife, it's #AllTogetherPossible . Join us!
MetLife is an Equal Opportunity Employer. All employment decisions are made without regards to race, color, national origin, religion, creed, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity or expression, age, disability, marital or domestic/civil partnership status, genetic information, citizenship status (although applicants and employees must be legally authorized to work in the United States), uniformed service member or veteran status, or any other characteristic protected by applicable federal, state, or local law ("protected characteristics").
If you need an accommodation due to a disability, please email us at [email protected]. This information will be held in confidence and used only to determine an appropriate accommodation for the application process.
MetLife maintains a drug-free workplace.
It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liabilities.
$120,000 - $160,000