We are seeking a highly skilled WSO2 Identity & Access Management (IAM) Expert to design, implement, and optimize enterprise-grade IAM solutions for a global SaaS platform used within the banking and financial sector. This is a mission-critical role requiring deep technical expertise in WSO2 Identity Server, identity federation, SSO, entitlement management, and secure integrations.

The ideal candidate has strong experience in modern authentication protocols, enterprise identity systems, and secure cloud-native architectures. You will collaborate with engineering, security, architecture, and compliance teams to ensure a world-class IAM framework aligned with industry standards such as PCI-DSS, FFIEC, SOX, and Zero Trust principles.

Key Responsibilities :

- Architect and implement end-to-end IAM solutions leveraging WSO2 Identity Server for authentication, authorization, and user provisioning.

- Design and configure SSO workflows using OAuth2, OpenID Connect, JWT, SAML 2.0, and SCIM.

- Set up multi-tenant and multi-environment IAM frameworks for large-scale SaaS platforms.

- Implement high-availability and disaster recovery strategies for IAM components.

- Integrate multiple external identity providers, including :

- Ping Identity (federation, adaptive authentication, risk-based authentication)

- Google Workspace

- Microsoft Active Directory / Azure AD

- Configure SSO flows, identity mediation, Just-in-Time provisioning, and directory synchronization.

- Implement authorization and access control for distributed microservices using :

- API tokens

- OAuth2/OIDC flows

- JWT-based session management

- Fine-grained and coarse-grained entitlement policies (XACML)

- Configure WSO2 API Security, throttling, and multi-layered protection patterns.

- Configure role-based access control (RBAC), attribute-based access control (ABAC), and externalized policy engines.

- Manage identity lifecycle policies : user onboarding, offboarding, password management, MFA, and session policies.

- Customize user stores, SCIM-based provisioning, and identity claims mapping for application needs.

- Integrate IAM solutions with AWS services including :

- AWS Cognito (user pools, identity pools)

- AWS IAM roles & trust relationships

- API Gateway security (JWT authorizers, custom authorizers)

- Lambda authentication flows and event-driven IAM processes

- Ensure secure cloud-based identity federation and access control patterns.

- Implement IAM solutions aligned with banking/financial-grade security standards.

- Ensure compliance with regulatory frameworks (e.g., PCI-DSS, FFIEC, SOX, GDPR).

- Conduct security risk assessments and maintain IAM policies, audit logs, and identity governance procedures.

- Work with InfoSec teams to ensure enforcement of Zero Trust security principles.

- Work closely with clients during live technical assessments, demonstrating practical IAM solution development.

- Collaborate with engineering, DevOps, platform architecture, and compliance teams to ensure seamless integration.

- Provide technical recommendations, architectural documentation, and best practice guidelines.

- Lead troubleshooting, performance tuning, and root-cause analysis for identity-related issues.

Mandatory Skills & Experience :

Expert-level hands-on experience with WSO2 Identity Server, including :

- SSO & Federation

- OAuth2, OIDC, SAML

- JWT, SCIM

- User stores, multi-tenancy

- XACML / Entitlement Server

- Strong experience integrating and managing Ping Identity (SSO, federation, adaptive auth).

- Solid working knowledge of AWS IAM, Cognito, API Gateway authentication, Lambda, and general cloud security patterns.

- Proficient in user identity management, entitlement policies, claims mapping, and role-based + attribute-based access control.

- Experience integrating enterprise directories : Active Directory, Azure AD, Google Workspace.

- Hands-on experience with microservices and API security in distributed environments.

- Prior experience in Banking / Financial Services / FinTech is highly preferred.