Principal Security Engineer - Identity & Access Management

How you will make an impact: 

• Develop, implement, and maintain Single Sign On solutions using federation protocols (e.g., SAML, OAuth, OIDC), multi-factor authentication (MFA), and Conditional Access Policies. 
• Design, implement, manage, and enforce next-generation Privileged Access Management solutions (e.g. CyberArk, Teleport, or StrongDM) that provide comprehensive access controls, auditing capabilities, and secure access across our IT environment including cloud services and on-prem data center. 
• Develop, refine, and document Identity Governance Access processes including user provisioning/ de-provisioning and providing users self-service capabilities. 
• Lead complex, sensitive, and critical IAM, IGA and PAM issue resolution and troubleshooting, working closely with cross-functional teams as needed. 
• Ensure successful implementation of a robust secrets management program that helps to securely encrypt and manage critical access keys, database and other sensitive credentials.  
• Ensure access to critical systems and accounts are secure and properly audited by collaborating with SOX auditors and compliance teams. 
• Collaborate with senior leadership to align IAM, IGA and PAM strategies with business goals. 
• Provide training and mentorship to others on the team and within Technology. 
• Evaluate and integrate new security technologies and solutions as needed for IAM and PAM.  

What we look for: 

• Minimum of 10 years of experience in increasingly complex, security-related roles 
• Expert-level knowledge of IAM, IGA and PAM concepts, technologies, and best practices. 
• Strong ability to effectively communicate with colleagues at all levels in the organization, including explaining complex issues and information in simple and actionable ways. 
• Advanced skills in scripting, automation, and integration (e.g., Python, PowerShell). 
• Strong leadership and strategic thinking skills. 
• Experience leading a highly technical and skilled team 
• Preferred experience working with Entra ID, Active Directory, DNS, SCIM, Saviynt, StrongDM, CyberArk  
• Certifications (optional but beneficial): GSEC- GIAC Security Essentials, CIAM-Certified Identity and Access Manager, CIMP- Certified Identity Management Professional, CISSP- Certified Information Systems Security Professional 

Behaviors of Successful Candidates: 

• Continuous Learning: Stays up to date with the information security management trends, threats, and technologies. 
• Certifications: Seeks to obtain relevant certifications to grow skills and knowledge.  
• Hands-on Experience: Desires gaining practical experience through lab environments, Proof of Concept or real-world scenarios.  
• Networking: Joins communities, attends conferences, and engages with peers for knowledge exchange. 
• Mentorship: Seeks mentorship from experienced professionals while also providing mentorship to other Security team members.