Key Responsibilities

Identity Platform Engineering & Leadership

• Serve as technical lead for workforce identity platforms, with Okta as the primary IdP and integrations to complementary platforms (e.g., Ping/Entra Identity).
• Own end‑to‑end identity architecture, including authentication flows, federation, directory integrations, and token issuance.
• Lead design reviews and decisions for IdP resiliency, failover, and supplier‑risk mitigation strategies.
• Document existing and new architecture and act as a hands‑on engineer while also setting technical direction, patterns, and standards.
• Strong communication, influence, and stakeholder‑management skills, with the ability to distill complex identity and security architectures into clear and concise messaging
  
  
  

Standards‑Based Identity & Federation

• Design and troubleshoot identity flows using OAuth 2.0 / OIDC SAML 2.0 SCIM JWT / token‑based auth
• Ensure token parity, claim consistency, and issuer abstraction across identity providers to minimize application impact.
• Partner with application teams to enable modern authentication without app re‑architecture.
  
  
  

Directory & Identity Data Architecture

• Engineer and maintain directory integrations across Active Directory, Okta UD, and cloud directories (e.g., Ping Directory).
• Design attribute models, lifecycle management, and group strategies at enterprise scale (thousands of groups, large population sizes).
• Support directory deployments in cloud‑native environments (AWS/GCP, containers, Kubernetes).
  
  
  

Cloud, Automation & Reliability

• Build and operate identity infrastructure in AWS/GCP/Azure, using: Infrastructure & Policy as Code (Terraform / CloudFormation) Kubernetes & containerized identity services
• Automate provisioning, deployment, monitoring, and drift detection for identity platforms.
• Support SRE‑style operational maturity: SLIs/SLOs, alerting, incident response, and runbooks for identity services.
  
  
  

Security, Risk & Compliance

• Design identity controls aligned to Zero Trust principles and enterprise security policies.
• Partner with CSOC, audit, and risk teams on: Control validation Incident response Regulatory and audit requirements (SOX, SOC, internal controls)
• Contribute to risk assessments related to supplier dependency, SPOFs, and identity outages.
  
  
  

Collaboration & Influence

• Work closely with security architecture, infrastructure, application engineering, IAM operations, and vendors.
• Influence roadmap decisions through clear technical reasoning and executive‑ready communication.
• Mentor senior and mid‑level engineers and raise overall identity engineering maturity.
  
  
  

Qualifications

• Undergraduate degree in a related field or the equivalent combination of training and experience.
• 12+ years of experience in Identity & Access Management engineering.
• Skilled in using DevOps tools and experience in Policy as code.
• Deep hands‑on expertise with Okta (Workforce Identity, MFA, SSO, policies, lifecycle).
• Strong working knowledge of Ping Identity products (PingFederate, PingOne, Ping Directory) or equivalent platforms.
• Expert understanding of identity standards: OAuth 2.0, OIDC, SAML Federation and token‑based security
• Proven experience with directory services & LDAP (AD, cloud directories).
• Experience building identity platforms in AWS/GCP, including containerized/Kubernetes deployments.
• Strong troubleshooting skills for complex authentication and federation failures.
• Ability to operate in high‑visibility, high‑impact environments.
  
  
  

Special Factors

Sponsorship

Vanguard is offering visa sponsorship for this position.

About Vanguard

At Vanguard, we don't just have a mission—we're on a mission.

To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients' lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne, our mission drives us forward and inspires us to be our best.

How We Work

Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.