Principal Authentication Services Engineer

About The Position

Requirements

• Bachelor’s degree or higher (completed and verified prior to start)
• Eight (8) years of experience designing, deploying, and managing enterprise Identity and Access Management (IAM) authentication solutions (e.g., Entra ID, Ping Identity, Active Directory) in a private, public, government or military environment
• Five (5) years of experience working with modern authentication protocols, including SAML, OAuth 2.0, OpenID Connect (OIDC), and FIDO2 in a private, public, government or military environment
• Five (5) years of experience leading complex architectural initiatives, conditional access hardening, or Zero Trust security programs in a private, public, government or military environment
• Must be legally authorized to work in the country of employment without sponsorship for employment visa status (e.g., H1B)
• All US-based 3M full time employees will need to sign an employee agreement as a condition of employment with 3M
• Provide education and work history, either by uploading a resume, or entering the information into the application fields directly

Responsibilities

• Own the engineering design, implementation, and operational health of Microsoft Entra ID, Active Directory, and federated identity services across the enterprise
• Architect and maintain SSO integrations (SAML, OIDC, OAuth 2.0) across SaaS, on-prem, and hybrid application portfolios
• Engineer and manage MFA policies, authentication method configurations, and phishing-resistant credential adoption (FIDO2, Windows Hello for Business, certificate-based auth)
• Lead Conditional Access policy development, testing, and lifecycle governance
• Define authentication standards, patterns, and reference architectures for new and existing applications -- and own keeping them current
• Evaluate emerging authentication technologies and drive proof-of-concept efforts that inform roadmap decisions
• Maintain technical documentation including architecture diagrams, decision records, and runbooks
• Partner with Security Architecture to align authentication controls with Zero Trust principles and enterprise security policy
• Support audit and compliance activities by providing technical evidence, control narratives, and remediation guidance
• Identify gaps in authentication posture and lead engineering remediation efforts
• Serve as escalation point for complex authentication incidents and engineering challenges
• Mentor and uplift mid-level engineers on the Authentication Services team
• Engage with application teams, infrastructure engineering, and security operations as a trusted IAM authority
• Comply with corporate policies, procedures and security standards while performing assigned duties
• Contribute to a strong Environmental Health and Safety (EHS) culture by following safety policies, identifying hazards, and engaging in continuous improvement

Benefits

• Many programs to help you live your best life – both physically and financially
• Competitive pay and benefits (benchmarked with other companies that are comparable in size and scope)
• Medical
• Dental & Vision
• Health Savings Accounts
• Health Care & Dependent Care Flexible Spending Accounts
• Disability Benefits
• Life Insurance
• Voluntary Benefits
• Paid Absences
• Retirement Benefits
• Relocation Assistance (May be authorized)