Ping Engineer

This is a Non-Employee Contingent Worker Role providing services for TIAA’s family of companies and will be employed by TIAA's preferred 3rd Party Supplier. As a Non-Employee CW, perform a variety of moderately complex business planning, support, and project-related duties. Demonstrates an exceptional standard of quality and holds themselves accountable to achieving excellent results.

This role will sit onsite, likely in a hybrid capacity, at the location(s) listed in this posting.

The anticipated term of this engagement will be 12 months. This term could be extended based on company business needs.

CW-IT Applications Developer IV
Develops, implements and assesses specific new and emerging technologies, platforms, and services.

Key Responsibilities and Duties

• Assessing the technical viability of emerging products and technologies.
• Working with developers and infrastructure specialists to test and evaluate new technologies.
• Participating in the development of business cases and obtaining approvals for capital expenditures.
• Monitoring and analyzing new technology product performance and resolving issues regarding potential improvements or modifications to complex situations, as needed.

Educational Requirements

• University (Degree) Preferred

Work Experience

• 5+ Years Required; 7+ Years Preferred

Physical Requirements

• Physical Requirements: Sedentary Work

Career Level
8IC

Ping Engineer

About the Role

We are looking for an experienced and passionate Ping Engineer to join our Customer Identity and Access Management (CIAM) team. In this role, you will take end-to-end technical ownership of identity and access management solutions, working closely with architects, engineers, and business stakeholders to design, build, and maintain secure, scalable, and highly available identity platforms. You are someone who thrives in a collaborative environment, champions engineering best practices, and is energized by solving complex identity, security, and fraud challenges.

Key Responsibilities

As a Ping Engineer, you will serve as a subject matter expert in the Ping Identity suite, leading the design, implementation, and operational support of PingFederate, PingAccess, and Ping Directory across enterprise environments. You will architect and deliver identity solutions that leverage industry-standard security protocols including OAuth 2.x, SAML, and LDAP, ensuring they meet both functional and non-functional requirements for performance, security, and reliability.

Operational Excellence in CIAM and Fraud Engineering

You will own and drive operational excellence across CIAM and fraud engineering domains, ensuring that identity and fraud prevention platforms are highly available, resilient, and continuously improving. This includes establishing and monitoring key performance indicators and service level objectives for all CIAM services, proactively identifying risks and vulnerabilities, and leading efforts to remediate issues before they impact customers or the business.

You will lead level 3 incident management and response activities for CIAM and fraud-related events, serving as a technical escalation point during high-severity incidents. You will drive thorough post-incident reviews, ensuring root cause analysis is completed, corrective actions are tracked to closure, and learnings are shared broadly to strengthen the platform. You will maintain detailed runbooks, operational playbooks, and disaster recovery documentation to support rapid and consistent incident response.

You will establish and champion a culture of proactive platform health management, leveraging observability tools such as Dynatrace to build comprehensive dashboards, alerts, and automated remediation capabilities. You will define and enforce standards for logging, tracing, and monitoring across all CIAM and fraud engineering services to ensure full operational visibility.

You will drive continuous improvement initiatives across the CIAM and fraud engineering landscape, including capacity planning, performance tuning, platform hardening, and regular security assessments. You will collaborate with security, risk, and compliance teams to ensure that identity and fraud platforms meet regulatory requirements and internal control standards, including those related to data privacy, access governance, and audit logging.

Core Engineering Responsibilities

You will collaborate across technical disciplines — including application development, cloud infrastructure, security, and enterprise architecture — to integrate identity solutions seamlessly into the broader technology ecosystem. This includes working with containerized environments on OpenShift and AWS EKS, as well as supporting identity capabilities delivered through Transmit Security.

You will champion Agile software development methodologies, actively participating in sprint planning, backlog grooming, and iterative delivery. You will advocate strongly for unit testing, test-driven development, and automated testing practices, helping to establish and uphold quality standards across the team.

You will work within a modern cloud and DevOps environment, leveraging AWS services, infrastructure-as-code tooling such as Terraform, and observability platforms such as Dynatrace to ensure platform health and operational excellence. You will utilize automated build and deployment pipelines, Git-based source control, and Gradle for build automation as part of a mature CI/CD practice.

Required Qualifications

To be successful in this role, you will bring deep hands-on experience with the Ping Identity suite, specifically PingFederate, PingAccess, and Ping Directory, along with a strong command of OAuth 2.x, SAML, and LDAP security protocols. You will have a solid background in Java development and the Spring Framework ecosystem, and be comfortable working with RESTful APIs, OpenAPI specifications, and data formats including JSON, XML, XSD, and XSLT.

You will have demonstrated experience driving operational excellence within a CIAM or identity engineering context, including incident management, SLO/SLA ownership, observability, and platform reliability engineering. Experience collaborating with or working within fraud engineering teams to build identity-aware fraud detection and prevention capabilities is highly valued.

You will have experience working in containerized environments using OpenShift or Amazon EKS, and familiarity with cloud platforms including AWS. Experience with relational and NoSQL databases, including Oracle, PL/SQL, and MongoDB, is expected.

You will demonstrate strong leadership and interpersonal skills, with the ability to communicate complex technical concepts clearly to both technical and non-technical audiences. You are analytical, detail-oriented, and bring a genuine passion for technology and solving real-world problems through innovative engineering solutions.

Preferred Qualifications

Experience with Transmit Security is strongly preferred. Familiarity with risk-based authentication, behavioral biometrics, and fraud signal integration is a strong plus. Prior experience in financial services or a highly regulated industry is advantageous, particularly where identity and fraud controls are subject to rigorous compliance and audit requirements.

Technical Skills Summary

Identity & Security: PingFederate, PingAccess, Ping Directory, Transmit Security, OAuth 2.x, SAML, LDAP

Fraud & Risk: Risk-Based Authentication, Adaptive Access Controls, Behavioral Analytics, Account Takeover Prevention, Credential Stuffing Detection, Fraud Signal Integration

Languages & Frameworks: Java, Spring Boot, Spring Security, Spring MVC, Spring Batch, REST, OpenAPI

Cloud & Infrastructure: AWS, GCP, OpenShift, EKS, Terraform, Dynatrace

Data & Integration: Oracle, PL/SQL, MongoDB, JSON, XML, XSD, XSLT, JAXB

Front End: HTML, JavaScript, JQuery, React, AngularJS

DevOps & Tooling: Git, Gradle, jUnit, Mocking Frameworks, CI/CD Pipelines

Operational Excellence: SLO/SLA Management, Incident Response, Runbook Development, Observability, Platform Reliability Engineering, Capacity Planning, Security Assessments

Start Date: 06-Jul-2026

End Date: 06-Jul-2027

Travel Required: No

Anticipated Posting End Date:

2026-06-12

Base Pay Range: $53.18/hr - $85.57/hr

Actual base salary may vary based upon, but not limited to, relevant experience, time in role, base salary of internal peers, prior performance, business sector, and geographic location.

_____________________________________________________________________________________________________

Equal Opportunity

We are an Equal Opportunity Employer. TIAA does not discriminate against any candidate or employee on the basis of age, race, color, national origin, sex, religion, veteran status, disability, sexual orientation, gender identity, or any other legally protected status.

Our full EEO & Non-Discrimination statement is on our careers home page, and you can read more about your rights and view government notices here.

Accessibility Support

TIAA offers support for those who need assistance with our online application process to provide an equal employment opportunity to all job seekers, including individuals with disabilities. 

If you are a U.S. applicant and desire a reasonable accommodation to complete a job application please use one of the below options to contact our accessibility support team: 

Phone: (800) 842-2755

Email: accessibility.support@tiaa.org

Drug and Smoking Policy

TIAA maintains a drug-free and smoke/free workplace.

Privacy Notices

For Applicants of TIAA, Nuveen and Affiliates residing in US (other than California), click here.

For Applicants of TIAA, Nuveen and Affiliates residing in California, please click here.

For Applicants of TIAA Global Capabilities, click here.

For Applicants of Nuveen residing in Europe and , please click here.