Identity and Access Management (IAM) Engineer - ForgeRock (L3)

At To.Scale, we help forward-thinking tech teams grow with the right people, fast. We’re currently hiring on behalf of a global enterprise client for a ForgeRock-focused IAM engineering role. If you thrive at the intersection of security, stability and systems engineering, read on.

This isn’t a junior support gig or a role where you just reset passwords. You’ll be the go-to person for everything ForgeRock: designing, maintaining, troubleshooting and evolving identity systems that need to stay secure, stable and scalable.

You’ll handle incidents when they happen (L3-level), but also work on the bigger picture: improving architecture, driving integrations and supporting long-term IAM strategy.

It’s a hands-on, high-impact role where security meets engineering, and no two days look the same.

What you will effectively be doing:

• Own and maintain all core components of the ForgeRock Identity Platform: AM, IDM, DS, and IG
• Lead and support integrations with external identity providers, internal apps, and developer tools
• Troubleshoot and resolve identity-related incidents (L3), digging into logs and root causes, not just symptoms
• Perform daily health checks and maintain platform stability through proactive monitoring
• Participate in architecture and roadmap discussions, contributing to long-term IAM evolution
• Coordinate changes across teams, and ensure smooth transitions between dev, staging, and production
• Build or tweak scripts (shell/Python/etc.) to automate routine tasks and improve resilience
• Generate and maintain system documentation, operational runbooks, and performance reports
• Work closely with infrastructure, cloud, and security teams to keep access secure and smooth
• Be flexible with shift work if required - sadly, the platform never sleeps

At To.Scale, we look at real, actionable talent. So instead of obsessing over how many years you have been doing it, we'll share the real world translation of "years of experience".

You’ve been doing IAM work long enough to:

- Know what can go wrong and how to fix it

- Know what needs to be designed and how to do it securely

- Be the person others rely on when SSO breaks, tokens time out or user onboarding fails

More specifically, here’s what we’re really looking for:

• Hands-on experience with the ForgeRock suite (AM, IDM, DS, IG) — or transferable skills from Ping, Okta, IBM Security Verify, or similar platforms
• Strong command of IAM protocols like SAML, OAuth2, OIDC
• Comfort working with LDAP, writing or debugging access policies, and analyzing logs for root causes
• Scripting skills (shell, Python, etc.) to handle config changes or automate repeat ops tasks
• Solid understanding of IAM architecture and secure integration best practices
• Familiarity with tools like ServiceNow, Jira, Splunk, or other monitoring and ticketing platforms
• Experience in high-availability environments where access issues = business stoppage
• A practical mindset: you document what matters, you explain things clearly, and you keep security and stability top of mind
  

Bonus points if you’ve led IAM projects or helped define access roadmaps. However, even if you’ve just been in the trenches, we want to hear from you!

Your daily rate is based on 220 working days per year.

This will be converted into a fixed monthly fee that already includes your paid time off, meaning you're not just paid for the days you log, but also for your vacation days and local bank holidays.

In case you work with us as a FTE (which might be a possibility for Greece and Portugal based talent), local company benefits will apply.