SSO Technical Lead

Machinify, Inc.
La Grange, United States of America
4 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior
Compensation
$ 15K

Job location

La Grange, United States of America

Tech stack

Microsoft Access
Software Applications
User Authentication
Automation of Tests
Business Systems
Software as a Service
Computer Security
Information Systems
Multi-Factor Authentication
Identity and Access Management
Python
OAuth
OpenID
Oracle Applications
Ping (Networking Utility)
Powershell
Azure
Salesforce
Security Assertion Markup Language (SAML)
SAP Applications
Single Sign-On
Systems Integration
Workflow Management Systems
Enterprise Software Applications
Okta
Information Technology
Coupa Procurement
DocuSign
Workday
ServiceNow

Job description

Machinify is modernizing its enterprise systems landscape, and single sign-on (SSO) is at the core of our security and user experience strategy. We are looking for an SSO Technical Lead to drive the design, implementation, and enablement of SSO across all enterprise applications from HR and Finance to Sales and Operations.

This is a hands-on technical leadership role that requires strong problem-solving skills, cross-functional collaboration, and the ability to quickly learn and integrate new technologies. You will work closely with business system owners, IT security, and external partners to ensure consistent, secure, and seamless authentication experiences across the company, while aligning with NIST cybersecurity standards, layered defense principles, and least privilege access models.

What You'll Do

Lead the end-to-end implementationof SSO for all enterprise applications - including HR, Order Management, Operations, Sales, Service, Legal, and Procurement systems.

Design and configure identity integrationsusing Entra ID (Azure AD), Okta, or similar identity providers to enable SAML, OIDC, and OAuth-based authentication.

Implement layered security controlsthat align with theNIST and HITRUST particularly regarding protection of PHI ( Protected Health Information) and personally identifiable data.

Apply least privilege access principlesacross all SSO-enabled applications to ensure users and service accounts have the minimal required access for their roles.

Partner cross-functionallywith system owners, InfoSec, and application teams to assess requirements, plan integrations, and execute go-live with secure authentication flows.

Standardize and documentSSO integration patterns, metadata exchange, and token policies to ensure scalability, consistency, and auditability.

Collaborate with InfoSecto enforce MFA, conditional access, and continuous monitoring for privileged and non-privileged accounts.

Maintain and enhance existing SSO configurations, certificates, and policies to support business continuity and compliance with company security policies.

Evaluate and onboard new SaaS applications, ensuring that each integration adheres to layered security and least privilege principles.

Troubleshoot and resolve SSO integration issuesacross multiple identity providers and environments with a focus on security and operational resilience.

Provide mentorship and knowledge sharingwithin the IT Applications and Security teams on identity, access management, and cybersecurity best practices.

Requirements

Bachelor's degree in Computer Science, Information Systems, or related field.

5+ years of experience in IT Applications, Identity Management, or System Integration roles.

Proven experience implementing SSO usingMicrosoft Entra ID (Azure AD),Okta,Ping, or equivalent.

Strong understanding ofSAML 2.0, OAuth 2.0, OIDC, and SCIMstandards.

Experience integrating SSO with SaaS and on-premise applications (e.g., Workday, Paycom, Salesforce, SAP, Oracle, ServiceNow, Coupa, DocuSign).

Practical knowledge of theNIST Cybersecurity Framework, andHITRUST particularly as it applies to authentication, identity, and access control.

Solid understanding oflayered security architectureimplementing defense-in-depth controls across network, application, and identity layers.

Demonstrated experience enforcingleast privilege access, role-based permissions, and segregation of duties.

Strong troubleshooting skills in authentication flows, certificates, and federation services.

Ability to balance hands-on technical work with stakeholder communication, project management, and documentation.

Proven ability to work cross-functionally and influence teams in a fast-paced environment.

Preferred Skills

Familiarity withidentity governance and administration (IGA)frameworks and lifecycle automation.

Exposure toAPI-based integrations, automation scripts (PowerShell, Python), or workflow orchestration tools.

Experience in ahigh-tech or SaaS environmentsupporting enterprise business systems.

Security certifications (CISSP, CISM, or Microsoft Identity and Access certifications) are a plus.

Benefits & conditions

Tuition reimbursement

Competitive salary, 401(k) with company match

Unlimited PTO

Additional health and wellness benefits and perks

Flexible and trusting environment where you'll feel empowered to do your best work

Equal Employment Opportunity at Machinify

About the company

Machinify is a leading healthcare intelligence company with expertise across the payment continuum, delivering unmatched value, transparency, and efficiency to health plan clients across the country. Deployed by over 85 health plans, including many of the top 20, and representing more than 270 million lives, Machinify brings together a fully configurable and content-rich, AI-powered platform along with best-in-class expertise. We're constantly reimagining what's possible in our industry, creating disruptively simple, powerfully clear ways to maximize financial outcomes and drive down healthcare costs.

Apply for this position