Security Engineer II

About The Position

Requirements

• Bachelor’s degree required in Computer Science, Cybersecurity, Engineering, or related field.
• 4-5 years of hands-on cybersecurity engineering experience with exposure to IAM.
• 4+ years of relevant work experience in security engineering, with a focus on concepts and technologies in Identity & Access Management (IAM) like SailPoint, Delinea, CyberArk, Entra ID, Ping Identities
• 2+ years of relevant work experience with Identity and Access Management solutions, including the implementation and configuration of solutions for Single Sign-On (SSO), Multifactor Authentication (MFA), and various identity integration protocols (SAML, OIDC).
• Experience building and maintaining SailPoint connectors, aggregation and provisioning jobs, roles/entitlements, and workflows for HR-driven JML processes.
• Experience administering Microsoft Entra ID, including users, groups, roles, app registrations, and enterprise applications.
• Working knowledge of solutions for Identity Governance and Administration, Privileged Access Management, and access control models such as RBAC, ABAC, PBAC, and FGAC
• Working knowledge of cloud-based Identity Providers, access controls, and hybrid federated IAM architectures.
• Experience in designing, configuring, and administering SailPoint Identity Security Cloud for identity lifecycle, access request, certifications, and policy/SoD controls.
• Strong knowledge and experience with Microsoft Active Directory (AD) Domain Services, management of AD users and security groups, and security best practices for configuring AD infrastructure, policies, group policy objects.
• Experience with implementing access control mechanisms, such as authentication policies, identity lifecycle management (provisioning, deprovisioning), and methods for authorization management.
• Strong skills in developing visual design documentation (Visio, Lucid), oral presentation skills, problem solving / critical thinking, and decision-making skills.
• Strong verbal and written communication skills.
• Ability to facilitate productive meetings and work comfortably in a team-oriented environment.
• Ability to work collaboratively with senior engineers, IT teams, and other stakeholders to achieve shared goals.
• Effective written and verbal communication skills, with the ability to explain technical concepts to non-technical audiences.
• Ability to leverage communication skills to ensure a strong commitment to customer service.
• Attention to detail and consideration of the non-technical components necessary for successfully executing projects and initiatives.
• Ability to balance multiple competing prioities in a fast-paced environment.
• Comfortable with executing workstreams independently with a positive and self-motivated drive.
• Exercise sound judgement in complex situations.
• Commitment to staying current with industry trends and pursuing relevant certifications and training.
• Willingness to travel occasionally

Nice To Haves

• Any Certified Information Systems Security Professional (CISSP), CompTIA Security+, Certified Identity and Access Manager (CIAM), or similar advanced cloud security certifications preferred.

Responsibilities

• Support enterprise IAM solutions that collectively deliver single sign-on (SSO), multifactor authentication (MFA), identity governance and administration, and privileged access management for all types of identities, including on-premises, hybrid, cloud-only, non-human (service accounts), and application-based credentials (API keys, tokens).
• Engineer and operate IGA capabilities, including joiner‑mover‑leaver workflows, access request and approval, automated provisioning/de‑provisioning, and role‑based access control (RBAC/ABAC)
• Implement and manage PAM platforms for privileged account onboarding, credential vaulting, password rotation, session monitoring/recording, and just‑in‑time (JIT) elevation.
• Design and implement identity and access controls for AI agents and non-human identities (service accounts, bots, APIs, workloads), including lifecycle management, secrets management, least-privilege roles, and monitoring of machine-to-machine access in alignment with Zero Trust principles.
• Monitor identity and privileged access activities, analyze logs and alerts, and support incident response and forensic investigations related to compromised identities or misuse of privilege.
• Support audit, compliance, and certification efforts by providing evidence, improving control design, and remediating findings related to IAM, IGA, and PAM.
• Troubleshoot complex IAM/IGA/PAM issues, perform root cause analysis, and drive continuous improvement and modernization of identity platforms.
• Collaborate with security architecture, infrastructure, application, and DevOps teams to embed identity security and Zero Trust principles in new solutions and strategic programs.
• Document architectures, standards, runbooks, and knowledge articles, and provide guidance and training to operations and application teams on identity security best practices
• Participate in Proof of Concepts and product evaluations of new and emerging Identity security services and technologies.
• May provide mentorship and support to various junior security engineers and security operations team members.

Benefits

• Medical
• Dental
• Vision coverage
• 401(k) Retirement Plan with a $1 for $1 Company Match up to 5%
• Paid Parental Leave
• Associate Assistance Plan
• Education Assistance Program
• up to $30,000 in Adoption Assistance
• up to three weeks of vacation annually
• Holiday Leave
• Sick Leave
• Personal Day policies
• New Hire Referral Bonus Program
• Home Purchase Discounts