Identity & Access Management (Iam) Consultant

Leverage your Career within the greatest Identity Security Community #Champion Identity and Access Management Join our team as a Senior Identity & Access Management (IAM) Consultant (m/f/d) - Ping Identity - either on-site at our locations in Madrid or Barcelona or flexibly remote from within Spain. iC Consult is a global Identity Security consultancy and a true People Business: a close-knit community of Identity Security enthusiasts who combine agility, direct impact, and strong leadership with global delivery excellence - jointly optimizing people desirability, technology feasibility, and sustainable business viability. Within this environment, you will work in a local team setup that is part of our multimatrix organization - meaning your local team, your project team, and your reporting line may differ, giving you broad exposure, flexibility, and diverse collaboration opportunities. Your Responsibilities: Architect Modern Authentication: Design and implement robust authentication architectures for web, mobile, and native applications, ensuring seamless user journeys across distributed systems. Master Identity Standards: Architect and govern complex OAuth 2.0 and OpenID Connect (OIDC) flows, including the implementation of PKCE, secure token lifecycles, and rotation strategies. Drive Passwordless Innovation: Lead the strategy and design for Passkeys (WebAuthn) and passwordless authentication to eliminate credential-based risks. Platform Orchestration: Serve as the subject matter expert for the PingIdentity (formerly ForgeRock) suite, including PingAM, PingIDM, and PingDirectory, to build scalable identity solutions. Cloud & Microservices Integration: Integrate identity services into cloud-native environments (AWS/Azure/GCP) and microservices architectures, applying hardening and risk mitigation best practices.

Your Experience: Expert IAM Background: Proven track record in IAM architecture with the ability to translate complex security requirements into scalable technical designs. Deep Protocol Knowledge: In-depth technical mastery of OAuth 2.0, OIDC 1.0, and modern authentication patterns in both web and native environments. Passkey Proficiency: Hands-on experience implementing Passkeys/WebAuthn and a clear understanding of the underlying security mechanics. PingIdentity/ForgeRock Ecosystem: Advanced experience configuring and deploying PingAM, PingIDM, and PingDS (formerly ForgeRock) in enterprise environments. Security & Infrastructure: Strong grasp of cloud security, Kubernetes (EKS), and the ability to apply security hardening within CI/CD pipelines. Bonus Points: Familiarity with European identity standards ( eIDAS 2.0 , LoA, and electronic signatures like AdES/QES). Experience with PSD2/SCA compliance , orchestrated MFA, and continuous authentication. Expertise in managing complex B2C/B2B identity lifecycles and device-binding strategies. What we offer: 30 days of vacation (plus public holidays) as well as a flextime model and the option to work from your home office, promoting your life balance High-quality equipment of your choice including company mobile phone - whether Apple or Windows, you decide which top equipment you prefer to work with iC Consult University - our comprehensive onboarding program accompanies you on your individual induction path with training modules, mentoring programs and events and a 3-day onsite bootcamp for your new start with us, in which you will be trained around representing iC Consult and IAM Through our iC Consult Academy you have access to internal and external trainings tailored to your needs - 10 days a year are dedicated to your personal and professional development Further Benefit like a personal coach, language training platforms, food vouchers, health insurance and employee discounts on products and services from well-known suppliers Regular team and company events