Principal Security Engineer Identity & Access Management
Cambium Learning Group
1d•Remote
About The Position
The Principal Security Engineer, you will be the principal technical leader defining how users interact with our platforms. You will architect scalable solutions to manage the identity lifecycle for a diverse user base (Employees, contingent workers, and customers) across our on premise and SaaS applications. Your goal is to architect standards for a secure, frictionless experience—such as Single Sign-On (SSO), passwordless, API authentication—while adhering to strict data privacy regulations (FERPA, GDPR, COPPA).
Requirements
- Experience: 7+ years in IT/Security, with at least 4+ years focusing on Identity and Access Management (IAM) architecture.
- Platform Expertise: Deep hands-on experience with modern IDP & PAM solutions (e.g., Okta, Ping Identity, Microsoft Entra ID/Azure AD, CyberArk, BeyondTrust, etc.).
- Technical Skills: Proficiency in directory services (LDAP, AD) and scripting languages (PowerShell, Python) for automation.
- Protocol Knowledge: Exceptional understanding of TLS, SSO, Federation, SAML, OAuth2, and OIDC protocols.
- Education: Bachelor’s degree in Computer Science, Information Technology, or equivalent experience.
Nice To Haves
- Compliance: Familiarity with student data privacy regulations (FERPA, COPPA).
- Zero Trust: Experience implementing Zero Trust architecture principals.
- Certifications: CAIM, CAMS, CISSP, CISM, or vendor-specific certifications (e.g., Okta Certified Architect).
Responsibilities
- Identity Strategy & Architecture: Architect and maintain the target-state architecture for internal workforce identity and help redesign customer-facing (CIAM) as appropriate.
- Secure Access & Authentication: Architect secure, modern authentication protocols (SAML, OAuth2, OIDC, FIDO2) and fortify phishing-resistant MFA.
- Identity Lifecycle Automation: Collaborate with IAM team to design automated provisioning, maintenance, and deprovisioning processes (SCIM) to handle high-volume user onboarding/offboarding.
- Integration: Drive the integration of our privileged identity platform with brand Active Directories, Cloud and on-prem based platforms, and third-party applications such as SalesForce and Workday, as well as the architecture of an API gateway.
- Governance & Compliance: Define RBAC (Role-Based Access Control) and ABAC (Attribute-Based Access Control) models to ensure compliance with student data privacy laws (e.g., FERPA, GDPR).
- Mentorship: Act as a subject matter expert and mentor engineers on identity-first security best practices.
Benefits
- Remote First approach gives employees the flexibility and trust they need to effectively balance work with life.
- Cambium offers reimbursement to help cover the cost of setting up your home or remote office.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
Upload and Match Resume
What This Job Offers
Job Type
Full-time
Career Level
Principal
Number of Employees
1-10 employees
