We are seeking a Senior Lead Identity Engineer to provide technical leadership for our workforce identity platform, with deep expertise in Okta and strong proficiency in standardsbased identity and access management technologies. This role is responsible for designing, operating, and evolving enterprisescale identity platforms that support high availability, regulatory compliance, and longterm resiliencyincluding multiIdP and directory strategies. The ideal candidate brings 12+ years of identity engineering experience, understands identity as architecturenot just product configuration, and can operate comfortably across engineering, security, infrastructure, and executive stakeholders.

Key Responsibilities

Identity Platform Engineering & Leadership

• Serve as technical lead for workforce identity platforms, with Okta as the primary IdP and integrations to complementary platforms (e.g., Ping/Entra Identity).

• Own endtoend identity architecture, including authentication flows, federation, directory integrations, and token issuance.

• Lead design reviews and decisions for IdP resiliency, failover, and supplierrisk mitigation strategies.

• Document existing and new architecture and act as a handson engineer while also setting technical direction, patterns, and standards.

• Strong communication, influence, and stakeholdermanagement skills, with the ability to distill complex identity and security architectures into clear and concise messaging

StandardsBased Identity & Federation

• Design and troubleshoot identity flows using OAuth 2.0 / OIDC SAML 2.0 SCIM JWT / tokenbased auth

• Ensure token parity, claim consistency, and issuer abstraction across identity providers to minimize application impact.

• Partner with application teams to enable modern authentication without app rearchitecture.

Directory & Identity Data Architecture

• Engineer and maintain directory integrations across Active Directory, Okta UD, and cloud directories (e.g., Ping Directory).

• Design attribute models, lifecycle management, and group strategies at enterprise scale (thousands of groups, large population sizes).

• Support directory deployments in cloudnative environments (AWS/GCP, containers, Kubernetes).

Cloud, Automation & Reliability

• Build and operate identity infrastructure in AWS/GCP/Azure, using: Infrastructure & Policy as Code (Terraform / CloudFormation) Kubernetes & containerized identity services

• Automate provisioning, deployment, monitoring, and drift detection for identity platforms.

• Support SREstyle operational maturity: SLIs/SLOs, alerting, incident response, and runbooks for identity services.

Security, Risk & Compliance

• Design identity controls aligned to Zero Trust principles and enterprise security policies.

• Partner with CSOC, audit, and risk teams on: Control validation Incident response Regulatory and audit requirements (SOX, SOC, internal controls)

• Contribute to risk assessments related to supplier dependency, SPOFs, and identity outages.

Collaboration & Influence

• Work closely with security architecture, infrastructure, application engineering, IAM operations, and vendors.

• Influence roadmap decisions through clear technical reasoning and executiveready communication.

• Mentor senior and midlevel engineers and raise overall identity engineering maturity.

Qualifications

• Undergraduate degree in a related field or the equivalent combination of training and experience.

• 12+ years of experience in Identity & Access Management engineering.

• Skilled in using DevOps tools and experience in Policy as code.

• Deep handson expertise with Okta (Workforce Identity, MFA, SSO, policies, lifecycle).

• Strong working knowledge of Ping Identity products (PingFederate, PingOne, Ping Directory) or equivalent platforms.

• Expert understanding of identity standards: OAuth 2.0, OIDC, SAML Federation and tokenbased security

• Proven experience with directory services & LDAP (AD, cloud directories).

• Experience building identity platforms in AWS/GCP, including containerized/Kubernetes deployments.

• Strong troubleshooting skills for complex authentication and federation failures.

• Ability to operate in highvisibility, highimpact environments.

Special Factors

Sponsorship

Vanguard is offering visa sponsorship for this position.

About Vanguard

At Vanguard, we don't just have a missionwe're on a mission.

To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients' lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne, our mission drives us forward and inspires us to be our best.

How We Work

Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.