Specialist IDM IS Architect

Amgen harnesses the best of biology and technology to fight the world’s toughest diseases, and make people’s lives easier, fuller and longer. We discover, develop, manufacture and deliver innovative medicines to help millions of patients. Amgen helped establish the biotechnology industry more than 40 years ago and remains on the cutting-edge of innovation, using technology and human genetic data to push beyond what’s known today.

ABOUT THE ROLE

Role Description:

Amgen is seeking a Specialist IDM IS Architect to provide deep technical expertise in designing, implementing, and optimizing our Customer Identity and Access Management (CIAM) platform.The roleis responsible for developing and maintainingsecure, scalable and reliable identity solutions leveraging PingOne Advanced Identity Cloud and PingOne Protect, integrated with modern applications and cloud servicesof the organization. This role involves defining the architecture vision, creating roadmaps, and ensuring that IT strategies align with business goals. You will be working closely with stakeholders to understand requirements, develop architectural blueprints, and ensure that solutions are scalable, secure, and aligned with enterprise standards. Architects will be involved in defining the enterprise architecture strategy, guiding technology decisions, and ensuring that all IT projects adhere to established architectural principles.

The successful candidate will bring strong hands-on technical architecture skills, proven experience in identity platforms, and the ability to collaborate across IS, Security, and business teams to deliver advanced CIAM capabilities that protect our customers and elevate user experience.

This role focuses on solution architecture, integration, and technical execution across enterprise CIAM initiatives, ensuring adherence to compliance, performance, and security standards

Roles & Responsibilities:

• CIAM Solution Architecture: Design and deliver secure, scalable IAM/CIAM solutions using PingOne Advanced Identity Cloud and PingOne Protect, ensuring alignment with enterprise security and compliance requirements.

• IAM Policy Management: Configure and manage IAM policies within PingOne to control access securely, implementing role-based access control (RBAC) and least-privilege models.

• Authentication & MFA: Define and enforce robust authentication mechanisms, including Multi-Factor Authentication (MFA), adaptive authentication, and risk-based access to strengthen security posture.

• Identity Lifecycle Management: Lead end-to-end identity lifecycle governance, including provisioning, deprovisioning, role assignments, and access reviews. Establish scalable patterns for delegated administration, entitlement modeling, and policy-as-code.

• SSO & Federation: Develop and manage Single Sign-On (SSO) and federated identity configurations with PingOne for seamless access across internal, partner, and SaaS applications.

• Standards & Protocol Compliance: Ensure compliance with SAML 2.0, OAuth 2.0, and OpenID Connect (OIDC) for secure authentication and authorization.

• PingOne Protect Policy Integration: Create, tune, and maintain PingOne Protect risk/fraud policies and integrate them into PingOne Advanced Identity Cloud Journeys for adaptive experiences such as silent risk checks and step-up MFA.

• Threat Monitoring & Incident Response: Continuously monitor the PingOne environment for anomalies, unauthorized access attempts, and security threats. Define logging, telemetry, and alerting strategies; integrate with SIEM/SOAR for detection and response.

• Integration Architecture: Oversee integration patterns for PingOne APIs/SDKs, identity events, and CI/CD automation. Partner with product teams to onboard applications and standardize app registration, client lifecycle, and policy deployment.

• Security & Compliance: Ensure identity solutions comply with GDPR, CCPA, HIPAA, and industry best practices. Collaborate with InfoSec to enhance threat detection, fraud prevention, and account protection.

• Performance & Resilience: Define and enforce SLIs/SLOs, capacity planning, and resiliency patterns (HA/DR, retries, backoff). Lead troubleshooting and optimization for performance, reliability, and scalability.

• Documentation & Standards: Produce reference architectures, solution designs, and technical standards for CIAM implementations across regions.

• Agile Collaboration & Leadership: Partner with Product Owners, Scrum Masters, and business stakeholders in Agile ceremonies. Provide architecture oversight and mentorship to engineering teams for consistent, high-quality delivery.

• Vendor & Technology Engagement: Collaborate with Ping Identity and cloud providers; track roadmaps and emerging features and recommend enhancements to Amgen’s CIAM platform.

Basic Qualifications and Experience:

GCF Level 5A

• Master’s degree with 4 - 6 years of experience in Computer Science, IT or related field OR

• Bachelor’s degree with 6 - 8 years of experience in Computer Science, IT or related field  OR

• Diploma with 10 - 12 years of experience in Computer Science, IT or related field 

Functional Skills:

Must-Have Skills (Not more than 3 to 4)

IDM Architect

• PingOne Advanced Identity Cloud & PingOne Protect – Hands-on experience configuring IAM policies, journeys, and risk-based authentication.

• Authentication & Authorization Protocols – Deep knowledge of OAuth 2.0, OpenID Connect (OIDC), and SAML 2.0.

• Identity Lifecycle Management – Proven ability to design and govern provisioning, deprovisioning, and RBAC models.

• Multi-Factor Authentication (MFA) & Adaptive Security – Expertise in implementing MFA and risk-based access controls.

Good-to-Have Skills:

• Single Sign-On (SSO) & Federation – Experience integrating PingOne with enterprise and SaaS applications.

• PingOne Protect Policy Integration – Ability to create and embed fraud/risk policies into PingOne journeys.

• Knowledge of security monitoring and incident response workflows.

• Experience with identity synchronization and provisioning standards.

• Understanding of GDPR, CCPA, HIPAA in identity security contexts.

• Experience building adaptive/risk-based authentication flows and embedding Protect policies within PingOne Journeys.

• Integration experience across web and mobile apps (e.g., React/Node.js) and secure backend services via APIs; familiarity with AWS serverless (Lambda, API Gateway, DynamoDB, S3, CloudWatch) is a plus.

• Performance & Resiliency Design – Skills in HA/DR, capacity planning, and scalability for identity systems.

• Strong solution design and problem-solving skillsincluding 

• Strong understanding of technology, function, or platform

• Experience in developing differentiated and deliverable solutions

• Ability to analyze client requirements and translate them into solutions

Professional Certifications (please mention if the certification is preferred or mandatory for the role):

• PingOne Advanced Identity Cloud Professional(preferred)

• PingOne Protect Specialist (preferred)

Soft Skills:

• Excellent critical-thinking and problem-solving skills with ability to explain complex identity concepts to technical and non-technical stakeholders.

• Strong communication and collaboration skills to work effectively with Product Owners, InfoSec, and engineering teams in Agile environments.

• Analytical approach to troubleshooting,demonstrated optimizing IAM solutionsand function in a team setting

• Demonstrated awarenessby staying current with IAM trends, Ping Identity roadmap, and emerging security models including presentation skills