Working with Us Challenging. Meaningful. Life-changing. Those aren’t words that are usually associated with a job. But working at Bristol Myers Squibb is anything but usual. Here, uniquely interesting work happens every day, in every department. From optimizing a production line to the latest breakthroughs in cell therapy, this is work that transforms the lives of patients, and the careers of those who do it. You’ll get the chance to grow and thrive through opportunities uncommon in scale and scope, alongside high-achieving teams. Take your career farther than you thought possible.

Bristol Myers Squibb recognizes the importance of balance and flexibility in our work environment. We offer a wide variety of competitive benefits, services and programs that provide our employees with the resources to pursue their goals, both at work and in their personal lives. Read more: careers.bms.com/working-with-us.

BMS is seeking a highly skilled Senior Identity and Access Management Engineer to design, implement, and support enterprise-grade IAM platforms. This is a hands-on technical role within a highly collaborative IAM engineering team, responsible for delivering secure, scalable, and highly available authentication and authorization services across the enterprise.

The ideal candidate brings deep expertise in Forge Rock/Ping and Site Minder ecosystems, strong protocol knowledge (SAML, OAuth2, OIDC), and the ability to lead complex technical initiatives while mentoring junior engineers.

Key Responsibilities:

• Design, develop, implement, and support authentication, authorization, Web SSO, and federation services using – Forge Rock/Ping Access Management (AM), Forge Rock/Ping Identity Gateway (IG), Forge Rock/Ping Directory Services (DS)
• Support and maintain Broadcom Site Minder components including Policy Servers, Secure Proxy Servers, Web Agents, Auth Az Web Services, Advanced Authentication, Symantec VIP Gateway
• Configure, integrate, and troubleshoot SAML 2.0, OAuth 2.0, and OpenID Connect (OIDC) based solutions.
• Design and implement Multi-Factor Authentication (MFA) integrations for internal and external applications, including adaptive and risk-based authentication using Ping One Protect.
• Implement and integrate identity proofing and verification capabilities using Ping One Verify to ensure secure onboarding, high-risk transaction validation, and fraud mitigation by confirming users’ identities against government-issued IDs and biometric checks
• Develop and deploy custom authentication nodes and journeys within Forge Rock/Ping Access Management.
• Lead IAM architecture design including
• High availability and fault tolerance, Disaster recovery (DR) and failover strategies, Network and security architecture.
• Produce and maintain technical documentation such as
• Architecture diagrams, Design specifications, Implementation and rollout plans, Upgrade, rollback, and recovery procedures.
• Ensure IAM platforms meet security, performance, and compliance requirements.
• Deploy and support IAM solutions in AWS-based DevOps environments.
• Automate IAM operations including deployments, configuration, monitoring, and health checks.
• Strong understanding and preferred practical experience working with infrastructure, cloud, and networking teams on load balancers, DNS, TLS certificates, and firewall/security controls.
• Configure and support monitoring, alerting, and proactive health checks for authentication services.
• Plan and execute Forge Rock/Ping and Site Minder upgrades and patching activities.
• Lead platform lifecycle initiatives to keep IAM services secure and current.
• Act as a senior escalation point for complex IAM incidents and problems.
• Drive root cause analysis and permanent remediation.
• On need basis, participate in an after-hours support scheduled maintenance and deployments.
• Mentor and provide technical guidance to junior IAM engineers.
• Partner with internal infrastructure, application, and business teams to understand access requirements.
• Translate business needs into secure, scalable IAM solutions.
• Provide consultation and technical leadership across IAM initiatives.
• Nice to have skill - good knowledge, with preferred hands-on experience, in Agentic AI concepts and frameworks for building autonomous or AI-assisted workflows to enhance identity, security, or operational automation.

Required Qualifications

• 5+ years of hands-on experience designing, implementing, and supporting SSO and Federation platforms using Forge Rock/Ping and/or Site Minder.
• 3+ years of experience implementing SAML, OAuth 2.0, OpenID Connect (OIDC), and MFA solutions in enterprise environments.
• Proven experience deploying highly available Forge Rock/Ping Access Management (AM) and Identity Gateway (IG) solutions in an AWS-based DevOps environment.
• Strong understanding of authentication and authorization concepts.
• Proficiency in one or more scripting or programming languages, including Java, JavaScript, Python, and Perl.
• Strong troubleshooting skills across IAM platforms, networking (DNS, load balancers, TLS), and web and application integrations.
• Self-directed with the ability to independently drive complex initiatives to completion.
• Strong written and verbal communication skills, with demonstrated ability to produce high-quality technical documentation.
• Experience mentoring junior engineers and contributing to team growth.
• Bachelor’s degree (or equivalent experience) in Computer Science, Information Technology, Computer Engineering, or a related technical field.

If you come across a role that intrigues you but doesn’t perfectly line up with your resume, we encourage you to apply anyway. You could be one step away from work that will transform your life and career.

Uniquely Interesting Work, Life-changing Careers With a single vision as inspiring as “Transforming patients’ lives through science™ ”, every BMS employee plays an integral role in work that goes far beyond ordinary. Each of us is empowered to apply our individual talents and unique perspectives in a supportive culture, promoting global participation in clinical trials, while our shared values of passion, innovation, urgency, accountability, inclusion and integrity bring out the highest potential of each of our colleagues.

On-site Protocol

BMS has an occupancy structure that determines where an employee is required to conduct their work. This structure includes site-essential, site-by-design, field-based and remote-by-design jobs. The occupancy type that you are assigned is determined by the nature and responsibilities of your role:

Site-essential roles require 100% of shifts onsite at your assigned facility. Site-by-design roles may be eligible for a hybrid work model with at least 50% onsite at your assigned facility. For these roles, onsite presence is considered an essential job function and is critical to collaboration, innovation, productivity, and a positive Company culture. For field-based and remote-by-design roles the ability to physically travel to visit customers, patients or business partners and to attend meetings on behalf of BMS as directed is an essential job function.

Supporting People with Disabilities

BMS is dedicated to ensuring that people with disabilities can excel through a transparent recruitment process, reasonable workplace accommodations/adjustments and ongoing support in their roles. Applicants can request a reasonable workplace accommodation/adjustment prior to accepting a job offer. If you require reasonable accommodations/adjustments in completing this application, or in any part of the recruitment process, direct your inquiries to adastaffingsupport@bms.com. Visit careers.bms.com/eeo-accessibility to access our complete Equal Employment Opportunity statement.

Candidate Rights

BMS will consider for employment qualified applicants with arrest and conviction records, pursuant to applicable laws in your area.

If you live in or expect to work from Los Angeles County if hired for this position, please visit this page for important additional information: https://careers.bms.com/california-residents/

Data Protection

We will never request payments, financial information, or social security numbers during our application or recruitment process. Learn more about protecting yourself at https://careers.bms.com/fraud-protection.

Any data processed in connection with role applications will be treated in accordance with applicable data privacy policies and regulations.

If you believe that the job posting is missing information required by local law or incorrect in any way, please contact BMS at TAEnablement@bms.com. Please provide the Job Title and Requisition number so we can review. Communications related to your application should not be sent to this email and you will not receive a response. Inquiries related to the status of your application should be directed to Chat with Ripley.

R1598530 : Senior Engineer, Identity Access Management