Principal Authentication Services Engineer

About The Position

Requirements

• Bachelor’s degree or higher (completed and verified prior to start)
• Eight (8) years of experience designing, deploying, and managing enterprise Identity and Access Management (IAM) authentication solutions (e.g., Entra ID, Ping Identity, Active Directory) in a private, public, government or military environment
• Five (5) years of experience working with modern authentication protocols, including SAML, OAuth 2.0, OpenID Connect (OIDC), and FIDO2 in a private, public, government or military environment
• Five (5) years of experience leading complex architectural initiatives, conditional access hardening, or Zero Trust security programs in a private, public, government or military environment
• Must be legally authorized to work in the country of employment without sponsorship for employment visa status (e.g., H1B)

Responsibilities

• Own the engineering design, implementation, and operational health of Microsoft Entra ID, Active Directory, and federated identity services across the enterprise
• Architect and maintain SSO integrations (SAML, OIDC, OAuth 2.0) across SaaS, on-prem, and hybrid application portfolios
• Engineer and manage MFA policies, authentication method configurations, and phishing-resistant credential adoption (FIDO2, Windows Hello for Business, certificate-based auth)
• Lead Conditional Access policy development, testing, and lifecycle governance
• Define authentication standards, patterns, and reference architectures for new and existing applications -- and own keeping them current
• Evaluate emerging authentication technologies and drive proof-of-concept efforts that inform roadmap decisions
• Maintain technical documentation including architecture diagrams, decision records, and runbooks
• Partner with Security Architecture to align authentication controls with Zero Trust principles and enterprise security policy
• Support audit and compliance activities by providing technical evidence, control narratives, and remediation guidance
• Identify gaps in authentication posture and lead engineering remediation efforts
• Serve as escalation point for complex authentication incidents and engineering challenges
• Mentor and uplift mid-level engineers on the Authentication Services team
• Engage with application teams, infrastructure engineering, and security operations as a trusted IAM authority.
• Responsibilities of this position include that corporate policies, procedures and security standards are complied with while performing assigned duties.
• Safety is a core value at 3M. All employees are expected to contribute to a strong Environmental Health and Safety (EHS) culture by following safety policies, identifying hazards, and engaging in continuous improvement.

Benefits

• Medical, Dental & Vision
• Health Savings Accounts
• Health Care & Dependent Care Flexible Spending Accounts
• Disability Benefits
• Life Insurance
• Voluntary Benefits
• Paid Absences
• Retirement Benefits