Saltar al contenido

Información general

Location
Hyderabad, Telangana
Acuerdo de trabajo
Tiempo completo
Esquema de Trabajo
Híbrido
Asistencia de reubicación disponible
No
Fecha de publicación
25-Jun-2026
ID del trabajo
18731

Descripción y requisitos

Position Summary:

The Single Sign-On (SSO) /Ping /Directory services Architect is responsible for defining and driving enterprise-wide Identity and Access Management (IAM) strategy and architecture, leveraging platforms such as Ping Identity (PingFederate, PingAccess, Ping Directory) and Microsoft Entra ID. This role leads the design and standardization of secure, scalable, and resilient SSO solutions across the organization.
 This Senior role/Architect serves as a subject matter expert (SME), providing deep technical leadership across solution design, architecture governance, and technology roadmap planning. They are accountable for evaluating emerging technologies, establishing integration patterns, and ensuring alignment with enterprise security, compliance, and regulatory requirements.

This role requires strong collaboration with business stakeholders, application teams, infrastructure engineering, and security organizations to enable standardized customer identity models and seamless authentication experiences.
 

Now is an exciting time to be a part of MetLife – start your next career journey with us. In this role you will make an impact by standardizing customer directories/ SSO infrastructure, collaborating with business partners on common identities and exploring new technologies for the Single Sign-On (SSO).

 

  • Define and govern enterprise SSO & IAM architecture across Ping (Federate/Access/Directory), Entra ID, SiteMinder, and OUD.
  • Lead design for complex integrations across Ping and Entra ecosystems.
  • Establish reference architectures, reusable patterns, and best practices.
  • Drive modernization (SiteMinder → Ping/Entra and OUD → Ping Directory migration strategies)
  • Ensure compliance with security policies, audit requirements, and regulatory obligations
  • Evaluate and onboard emerging IAM technologies and capabilities (Zero Trust, passwordless, adaptive auth).
  • Act as escalation point for critical design and platform challenges.
  • Oversee incident management, change execution, and platform stability.
  • Ensure operational governance, SLA adherence, and audit compliance
  • Collaborate with architecture, security, infrastructure, and application teams.
  • Drive automation, monitoring, and continuous improvement across IAM operations.
  • Provide leadership visibility through executive reporting and stakeholder communication
  • Establish standard design patterns for SAML, OAuth2, and OIDC integrations.
  • Lead hybrid (on-prem + cloud) IAM solution design and modernization initiatives.
  • Architect solutions across Ping Identity stack & Entra ID (App registrations, Conditional Access, MFA), Directory services (LDAP, AD, Ping Directory, OUD).
  • Drive certificate lifecycle strategy (SSL, federation trust, encryption/signing of assertions/LDAP).
  • Defining and configuring password policies.
  • Creating custom LDIFs and ACLs for directory configurations.
  • Define vulnerability management and remediation strategies.
  • Define user directory mapping and identity flows for authentication & authorization.
  • Define monitoring strategy using Splunk / Elastic / OpenSearch.
  • Establish proactive alerting, dashboards, and health monitoring frameworks.
  • AI based Automation of recurring tasks and manual tasks.
  • Capacity tunings and design Infrastructure for high availability, DR, and performance optimization.


Job Responsibilities:

  • Define frameworks for Incident, Problem, and Change Management.
  • Provide architectural guidance during Critical incidents and platform escalations.
  • Strong understanding of Linux systems and infrastructure components.
  • Partner with security, infra, and application teams to standardize identity patterns.
  • Act as SME for complex IAM design decisions and escalations. 
  • Contribute to strategic discussions and technical solutioning and blueprint preparations. 
  • Drive IAM roadmap, innovation, and adoption of new technologies.
  • Owns end-to-end IAM architecture, strategy, and governance, ensuring scalable, secure, and future-ready SSO solutions across the enterprise.
  • Establish collaborative work environment. 
  • Provide ongoing Level 2 and Level 3 support for MetLife’s directory services, which includes: upgrades, tuning, monitoring, problem resolution and identification of root cause.
  • Support APAC/ EMEA / US regions in a 24x7 operating model. 


Education:
Bachelor’s degree in computer science, Information Systems, or related field.

Experience:

  • At least 14 years of overall experience in Cyber, SSO and IAM Domain.
  • At least 7+ years of experience and hands-on acumen in managing Directory services or architecting/solutioning Directory services (Ping Directory / LDAP). 
  • At least 7+ years of experience with setup and troubleshooting of inbound and outbound federations using SAML, OAuth and OIDC protocols including login and logout flows. Experience in configuring Azure SSO, OIDC protocols, Ping Federate and Ping access management. Deep understanding of Active Directory Federation Services. Experience of installation, configurations, onboarding and architecting SSO solutions like Ping Directory, Ping federate, Ping Access, SiteMinder, Entra ID. 
  • Extensive experience in People and Stakeholder management. 
  • Experience in end to end infrastructure setup for Directory solutions. 


Knowledge & Skills:

  • Prior experience with Identity and access management (IAM) /SSO/ Directory services tools like Ping Directory, SiteMinder, Ping (Federate/Access), Okta, Entra ID and Forge Rock.
  • Excellent communication and collaboration skills to partner with business and the users. 
  • Expert in SSO and Directory services, not only administration, but in-depth understanding of concepts and processing.
  • Architectural understanding of infra and capacity planning. 
  • Ability to troubleshoot complex SSO / Directory issues and in-depth understanding of tuning and available configuration settings
  • Working knowledge of HTTP protocol, cookies, headers, response codes, and how to troubleshoot.
  • Working knowledge of LDAP protocol; searches, responses, and how to troubleshoot
  • Excellent Linux and Windows system knowledge
  • Expert in application of authentication and authorization solutions to address business and security problems
  • Experience with enterprise-level support of business-critical services
  • Experience with technical documentation writing / knowledgebase article creation
  • Strong motivation to analyze and improve systems and infrastructure


Other Skills:

  • Linux Scripting, Power Shell, VB Script is a plus.
  • ITIL, Ping Expert, Directory Services/LDAP, SSO (SiteMinder/Ping/Entra ID/Okta) Certification will be preferred.
  • CISSP, CISM certification is a plus.
About MetLife

Recognized on Fortune magazine's list of the "World's Most Admired Companies" and Fortune World’s 25 Best Workplaces™, MetLife, through its subsidiaries and affiliates, is one of the world’s leading financial services companies; providing insurance, annuities, employee benefits and asset management to individual and institutional customers. With operations in more than 40 markets, we hold leading positions in the United States, Latin America, Asia, Europe, and the Middle East.

Our purpose is simple - to help our colleagues, customers, communities, and the world at large create a more confident future. United by purpose and guided by our core values - Win Together, Do the Right Thing, Deliver Impact Over Activity, and Think Ahead - we’re inspired to transform the next century in financial services. At MetLife, it’s #AllTogetherPossible. Join us!