Serve as technical lead for workforce identity platforms, with Okta as the primary IdP and integrations to complementary platforms (e.g., Ping/Entra Identity).
Own end‑to‑end identity architecture, including authentication flows, federation, directory integrations, and token issuance.
Lead design reviews and decisions for IdP resiliency, failover, and supplier‑risk mitigation strategies.
Document existing and new architecture and act as a hands‑on engineer while also setting technical direction, patterns, and standards.
Strong communication, influence, and stakeholder‑management skills, with the ability to distill complex identity and security architectures into clear and concise messaging
Design and troubleshoot identity flows using OAuth 2.0 / OIDC SAML 2.0 SCIM JWT / token‑based auth
Ensure token parity, claim consistency, and issuer abstraction across identity providers to minimize application impact.
Partner with application teams to enable modern authentication without app re‑architecture.
Engineer and maintain directory integrations across Active Directory, Okta UD, and cloud directories (e.g., Ping Directory).
Design attribute models, lifecycle management, and group strategies at enterprise scale (thousands of groups, large population sizes).
Support directory deployments in cloud‑native environments (AWS/GCP, containers, Kubernetes).
Build and operate identity infrastructure in AWS/GCP/Azure, using: Infrastructure & Policy as Code (Terraform / CloudFormation) Kubernetes & containerized identity services
Automate provisioning, deployment, monitoring, and drift detection for identity platforms.
Support SRE‑style operational maturity: SLIs/SLOs, alerting, incident response, and runbooks for identity services.
Design identity controls aligned to Zero Trust principles and enterprise security policies.
Partner with CSOC, audit, and risk teams on: Control validation Incident response Regulatory and audit requirements (SOX, SOC, internal controls)
Contribute to risk assessments related to supplier dependency, SPOFs, and identity outages.
Work closely with security architecture, infrastructure, application engineering, IAM operations, and vendors.
Influence roadmap decisions through clear technical reasoning and executive‑ready communication.
Mentor senior and mid‑level engineers and raise overall identity engineering maturity.
Qualifications
Undergraduate degree in a related field or the equivalent combination of training and experience.
12+ years of experience in Identity & Access Management engineering.
Skilled in using DevOps tools and experience in Policy as code.
Deep hands‑on expertise with Okta (Workforce Identity, MFA, SSO, policies, lifecycle).
Strong working knowledge of Ping Identity products (PingFederate, PingOne, Ping Directory) or equivalent platforms.
Expert understanding of identity standards: OAuth 2.0, OIDC, SAML Federation and token‑based security
Proven experience with directory services & LDAP (AD, cloud directories).
Experience building identity platforms in AWS/GCP, including containerized/Kubernetes deployments.
Strong troubleshooting skills for complex authentication and federation failures.
Ability to operate in high‑visibility, high‑impact environments.
Special Factors
Sponsorship
Vanguard is offering visa sponsorship for this position.About Vanguard
At Vanguard, we don't just have a mission—we're on a mission.
To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients' lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne, our mission drives us forward and inspires us to be our best.
How We Work
Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.