IAM Architect

What makes Cognizant a unique place to work? The combination of rapid growth and an international and innovative environment! This is creating many opportunities for people like YOU - people with an entrepreneurial spirit who want to make a difference in this world.

At Cognizant, together with your colleagues from all around the world, you will collaborate on creating solutions for the world's leading companies and help them become more flexible, more innovative, and successful. Moreover, this is your chance to be part of the success story.

Position Summary:
This position requires a highly skilled Cybersecurity Architect - Customer Identity & Access Management (CIAM) with deep expertise in the ForgeRock Identity Platform (OpenAM, OpenIDM, OpenDS/OpenDJ/OpenIG), PingOne Advanced Identity Cloud including PingOne Protect, and Microsoft ADFS. The role involves architecting and delivering secure, scalable CIAM solutions across customer-facing channels covering authentication, authorization, consent governance, and identity lifecycle management. It requires strong architectural design capability, hands-on engineering expertise, and experience leading CIAM modernization aligned with security, compliance, and user experience requirements.

Key Responsibilities for the Position:
Customer Identity & Access Management - ForgeRock Platform:
•Architect and implement OpenAM for customer authentication, SSO, authorization, federation, adaptive risk, OAuth2/OIDC, and SAML.
•Develop OpenIDM workflows, provisioning logic, reconciliation jobs, and REST-based integrations.
•Administer OpenDS/OpenDJ including schema design, replication, performance tuning, and secure identity storage.
•Implement OpenIG for API gateway policies, reverse proxy flows, token validation, and secure integration with customer applications.
•Design customer onboarding, progressive profiling, consent/privacy workflows, and self-service capabilities.
•Integrate ForgeRock CIAM with web/mobile apps, CRM systems, API gateways, and cloud platforms.
•Design and develop customized workflows, scripts, and authentication journeys based on solution requirements.
PingOne Advanced Identity Cloud + PingOne Protect
•Implement CIAM capabilities including identity flows, MFA, authentication policies, and social logins.
•Configure PingOne Protect for risk-based authentication, bot detection, behavioral analytics, and fraud scoring.
•Design adaptive access and threat mitigation policies across customer environments.
•Integrate PingOne with external identity platform
Microsoft ADFS
•Configure ADFS for claims-based authentication, federation, certificates, and trust relationships.
•Develop claims rules and onboard applications using OAuth2, SAML, and OIDC.

Mandatory Skills:
ForgeRock CIAM - OpenAM, OpenIDM, OpenDS/OpenDJ/OpenIG:
•Strong understanding of CIAM concepts including customer lifecycle, authentication journeys, risk-based access, and consent/privacy management.
•Advanced skills in OpenAM authentication trees, adaptive risk, and federation.
•Expertise in building OpenIDM workflows, identity synchronization, and provisioning logic.
•Hands-on experience with OpenIG for routing, gateway policies, and secure application integration.
•Strong knowledge of directory modelling and optimization in OpenDS/OpenDJ.
•Experience integrating CIAM platforms with cloud, enterprise, and API ecosystems.
PingOne Cloud & PingOne Protect
•Strong experience with identity flows, MFA, conditional access, and social authentication.
•Hands-on with PingOne Protect for behavioral analytics, bot defense, risk scoring, and fraud mitigation.
•Ability to design adaptive authentication, risk policies, and continuous identity assurance.
Microsoft ADFS
•Experience configuring relying party trusts, certificates, claims rules, and SSO for enterprise and customer apps.
•Proficiency in OAuth2, OIDC, SAML, JWT, and modern federation standards.

Duties and Responsibilities:

1)CIAM Architecture - ForgeRock Suite
•Design customer identity lifecycle processes including registration, verification, profiling, and account recovery.
•Implement authentication journeys using node-based flows, adaptive policies, and contextual risk evaluation.
•Develop provisioning workflows and reconciliation jobs in OpenIDM.
•Manage directory replication, tuning, schema governance, and secure identity storage.
•Ensure HA/DR, capacity planning, monitoring, and platform stability across CIAM components.
•Maintain audit readiness, logs, consent evidence, and compliance reporting (GDPR/PII).
2) CIAM Security & Risk - PingOne Protect + Cloud
•Implement risk-based authentication using behavioral signals, anomaly detection, and real-time scoring.
•Configure bot defense, attack mitigation, and transaction risk controls.
•Integrate PingOne with applications and cloud identity services.
3) Federation & Access Management - PingOne & ADFS
•Implement SSO and federation using SAML, OAuth2, OIDC, and JWT for customer-facing applications.
•Manage ADFS claims, certificates, and partner onboarding.

Qualifications & Certifications (Optional):
•Certifications in tools like ForgeRock (AM/IDM), PingOne AIC, Microsoft ADFS, Okta etc.

Salary Range: >$100,000
Date of Posting: 12-Mar-26

Next Steps: If you feel this opportunity suits you, or Cognizant is the type of organization you would like to join, we want to have a conversation with you! Please apply directly with us.
For a complete list of open opportunities with Cognizant, visit http://www.cognizant.com/careers. Cognizant is committed to providing Equal Employment Opportunities. Successful candidates will be required to undergo a background check.