• IAM Security Java Architect (Remote EST/CST)

    Insight Global (Woonsocket, RI)


    Job Description

    A large healthcare company is seeking an experienced IAM Development Architect to join its enterprise security team. This role is not requiring much coding, less than 10%, 90% solution architecting using Java to derive IAM solutions to build secure code. The client is over $370Bn in revenue and operates over 9,000 locations. They are dedicated to putting people first from their customers to their employees, engaging with customer feedback to further innovate to provide the best care possible, simplifying processes for care, creating a trusting environment, and to creating the safest and highest quality of care to keep patients protected. The client is dedicated to giving back to those around them. They have stared a Foundation to provide financial support to the communities to help with areas such as maternal health, mental health, scholarships, free health services/screenings, etc.

     

    We are seeking a seasoned Senior IAM Architect to lead the design and implementation of enterprise-wide identity and access management solutions. This role will focus on architecting secure APIs and Java-based self-service portals that integrate with IAM platforms such as Ping Identity, SailPoint, and CyberArk. The ideal candidate will possess deep technical expertise, strategic vision, and hands-on experience in building scalable IAM frameworks and developer-facing tools. The environment is Springboot for microservices, Java, multithreading, service integration, MongoDB on backend, MySQL , SQL server, Kubernetes/docker, Jenkins CI/CD pipeline, rest APIs, development self service portal, spring mcv front end, backend microservices, LDAP protocol, all data stored in AD and Azure AD, Ping Identity, microservices and expose to internal clients, tuebora for identity management (access now) moving onto new product. The ideal candidate should have extensive solution-building experience in Java and API integrations. They will be responsible for roadmaps and enabling the next-gen solution and work with stakeholders acting as the SME to deliver IAM Authentication & Access Management solution design per their business requirements including POC and documentation. This resource will be strong in MFA, IAM protocols (SAML, OIDC, OAuth), garbage collection, building secure code etc. It is ideal that this architect has a background implementing solutions that leverage vendor products APIs. The architect will have security knowledge of various technology & protocols - FIDO, PKI, Mobile MFA, OTP, FIDO key, Biometric authentication, behavior & risk-based authentication and session management.

    Key Responsibilities:

    IAM Architecture & Strategy

    Design and oversee the implementation of IAM solutions including user provisioning, RBAC/ABAC, authentication mechanisms (OAuth2, SAML, OIDC), and access governance.

    Develop IAM roadmaps aligned with business objectives and security requirements.

    Evaluate and select IAM products and vendors; lead integration efforts across legacy and modern systems.

    Ensure compliance with regulatory frameworks (SOX, HIPAA, GDPR) and internal security policies.

    API Architecture & Engineering

    Lead the development of an enterprise-level API framework for IAM services.

    Define API standards, lifecycle management, and documentation practices (e.g., Swagger, Postman).

    Architect RESTful and GraphQL APIs for secure identity transactions and provisioning workflows.

    Collaborate with DevSecOps teams to embed observability, CI/CD pipelines, and automated testing into API delivery.

    Java-Based Portal Design

    Architect and develop Java-based self-service portals for identity management, access requests, and credential updates.

    Build front-end interfaces using JSP, HTML, CSS, JavaScript, and frameworks like Angular or React.

    Develop backend services using Spring Boot, Hibernate, and microservices architecture.

    Integrate IAM platforms (PingID, SailPoint, CyberArk) into portal workflows for seamless user experiences.

    Ensure secure communication using digital certificates, JWT, and secure handshakes.

    Compensation:

    $66/hr to $73/hr.

     

    Exact compensation may vary based on several factors, including skills, experience, and education.

     

    Employees in this role will enjoy a comprehensive benefits package starting on day one of employment, including options for medical, dental, and vision insurance. Eligibility to enroll in the 401(k) retirement plan begins after 90 days of employment. Additionally, employees in this role will have access to paid sick leave and other paid time off benefits as required under the applicable law of the worksite location.

     

    We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to [email protected] learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.

     

    Skills and Requirements

     

    -7-15+ years of hands-on working experience in Java and JavaScript, Python or other OOP language

     

    - experience with IAM products Ping Identity, Sailpoint and CyberArk

     

    - background in architecting API development solutions

     

    - Rest APIs, API gateway (Apigee preferred, Kong, etc) and related API Security

     

    -Able to understand and gather business requirements, translate them to technical requirements and design the solution to meet the tactical and strategic approaches

    -Able to produce architectural patterns and solution design documents

    -2+ years in authentication & access (MFA, SAML, OpenID Connect (OIDC), and OAuth 2.0)

     

    - Familiar with OWASP Top 10

     

    -REST API development (Client and Server) experience

     

    -Experience with various DevOps tools such as GitHub, Jenkins, etc for deploying solutions -Kubernetes and other docker container technology knowledge.

     

    - Ping Security Products

     

    -Azure and GCP cloud experience