Infrastructure Security Engineer Sr - IAM

About The Position

Requirements

• Bachelor's Degree Information Technology, Information Security or relevant field of study Required
• 4+ 4+ years of experience designing, implementing, and supporting Enterprise or Customer Identity Access Management, implementing identity protocols and technologies, and designing, implementing, and supporting certificate-based authentication (Required)
• Knowledge of Enterprise or Customer Identity Access Management such as Single Sign On - SSO, Multi-Factor Authentication - MFA, Privileged Access Management - PAM, Conditional Access, and Identity Governance & Administration concepts - IGA.
• Experience with identity protocols and technologies such as OpenID Connect - OIDC, OAuth, SAML, AD-Fed, API Gateways, SCIM, and platforms such as Ping Identity, Okta, Microsoft Entra ID, and ForgeRock
• Understanding of certificate-based authentication such as PKI, FIDO2, phishing-resistant multi-factor methods, multi-tenant configuration, B2B collaboration, identity fraud prevention and detection, identity spoofing and identity verification technologies.
• Understanding of policies that reflect enterprise system security objectives.
• Ability to determine how a security system operates, including resilience and reliability, and how changes in environment or operations affect outcomes.
• Understanding of at least one IAM/PAM platform such as Delinea Secret Server, CyberArk Access Manager, SailPoint, or Saviynt.
• Experience designing and implementing access control models including RBAC, ABAC, and least-privilege access strategies.
• Ability to troubleshoot complex identity and authentication issues across enterprise systems and integrated platforms.
• Analytical and problem-solving skills with the ability to diagnose and resolve technical issues.
• Written and verbal communication skills with the ability to document technical processes and collaborate across teams.
• Ability to work independently and manage multiple priorities in a fast-paced environment.
• Understanding of privileged groups and AdminSDHolder process in Active Directory
• Understanding of the impacts of permissions inheritance
• Understanding of PKI escalations and how to defend against them, e.g., Certificate Managers/Enrollment Agents

Nice To Haves

• 1+ Years' experience with modern software lifecycle development and automated cloud infrastructure deployment (Infrastructure as Code) (Preferred)
• Experience with modern software development lifecycles and automated cloud infrastructure deployment practices.
• Security+, SC 900/SC 300, CISSP/CCSP, GIAC (as relevant), SailPoint Identity Security Engineering Certification (Preferred)

Responsibilities

• Design & Implement: Design and implement IAM solutions including RBAC, ABAC, and identity governance integrations with HR systems, directories, applications, and cloud platforms.
• Engineer and support Privileged Access Management (PAM) platforms (e. g. , Delinea) including credential vaulting, session management, least-privilege, and break-glass access.
• Architect and secure Active Directory Domain Services (AD DS) including group policy design, privileged group protection, permission inheritance, and forest recovery from compromise scenarios.
• Implement and manage cloud identity platforms including PIM, Conditional Access Policies, MFA, and passwordless authentication (Windows Hello for Business, FIDO2).
• Design and manage Active Directory Certificate Services (AD CS) and PKI infrastructure including certificate templates, enrollment permissions, and lifecycle management.
• Build and automate identity workflows and integrations using APIs, scripting, and infrastructure-as-code (PowerShell, Python, IaC/PaC).
• Embed security-by-design into identity architecture, configuration baselines, and change management processes.
• Partner with engineering, platform teams, and Risk & Compliance to ensure IAM solutions meet security, regulatory, and audit requirements.
• Operations: Respond to Level 2 support requests including incidents, outages, bugs, and feature requests across development, QA, and production environments.
• Monitor IAM platforms and support change management processes across Digital Technology environments.
• Maintain IAM policies, standards, and procedures.
• Troubleshoot and resolve complex identity and access issues across the identity technology stack.
• Coordinate with Cybersecurity Operations to respond to identity-related security events and support incident response and post-incident improvements.
• Execute user lifecycle operations including onboarding, offboarding, and access request fulfillment.
• Research: Stay current on identity technologies, risks and threats and participate in roadmap creation through organic releases and/or from business stakeholders Research, develop, and understand authentication factors, associated risks and benefits, and the impact on user experience Research, evaluate, recommend and implement new technologies/capabilities Maintain up-to-date industry knowledge relative to Identity Security, IAM, PAM technologies and methodologies, risks and threats through courses, webinars, books, and self-study.
• Recommend changes to leadership based on this knowledge.
• Bank Secrecy Act: Remains cognizant of and adheres to Wings policies and procedures, and regulations pertaining to the Bank Secrecy Act.

Benefits

• Generous 401(k) match
• 401k Discretionary Profit Sharing
• Health Insurance
• Dental Insurance
• Vision Insurance
• Life Insurance
• Short Term and Long Term Disability
• Health Savings Account with company contribution
• Employee Assistance Program
• Paid Vacation, Sick, Floating Holidays and Volunteer Time Off
• Paid Holidays
• Tuition Reimbursement
• Paid Parental Leave