Project description
One of the biggest UK rail network companies operating with rail infrastructure and asset management has a need to develop and support enterprise-level information systems.This portfolio is key to company's function as it covers all of the infrastructure and sites/services. The Portfolio has several critical projects required to be delivered during next 2 years.We are looking for a Solution Architect specialising in Single Sign On technologies. This will enable Users and systems to sign on to multiple systems locally and remotely without entering credentials each time.
Responsibilities
* Technical Direction to assigned projects
* Design assurance to all of NR Policies
* Design approval via the NR Design processes.
* SME for help when needed for infrastructure issues.
* Hybrid-based, covering various Office location as and when required, 3 days/week office attendance.
SKILLS
Must have
* SSO & IAM Expertise- Strong understanding of SSO protocols:- SAML 2.0, OAuth 2.0, OIDC (OpenID Connect)- Experience designing and implementing SSO architectures across enterprise applications- Deep knowledge of Identity Providers (IdPs) and Service Providers (SPs)Hands-on Experience with SSO Platforms (Azure AD / Entra ID, Okta etc).Experience with federation, multi-tenant SSO, and Just-in-Time (JIT) provisioningIntegration and Development- Ability to integrate SSO with cloud-based and on-prem applications- Knowledge of JWT, assertions, tokens, and claims transformation- Familiarity with SCIM for user provisioning/deprovisioningArchitecture & Security- Strong background in enterprise solution design- Experience with Zero Trust architecture and least privilege access- Understanding of compliance requirements (e.g., GDPR, HIPAA) related to identity- Cloud infrastructure knowledge (Azure, AWS, GCP) especially around IAM componentsKnowledge of CI/CD pipelines and how auth impacts DevSecOpsFamiliarity with mobile app SSO integration (deep linking, PKCE)Experience working with legacy apps that need modern auth retrofittedMulti-factor authentication (MFA) solutions and passwordless strategies
Nice to have
Strong stakeholder communication - explaining auth concepts to non-techsSecurity-minded but practical - balances user experience with riskExperience leading SSO migrations or consolidation projects
#J-18808-Ljbffr