Security Engineer Identity & Access Management

Cambium Learning Group
Dallas, United States of America
yesterday

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Intermediate

Job location

Remote
Dallas, United States of America

Tech stack

Computing Platforms
User Authentication
Authentication Protocols
Cloud Computing
Identity and Access Management
Python
Lightweight Directory Access Protocols (LDAP)
OAuth
OpenID
Ping (Networking Utility)
Powershell
Role-Based Access Control
Azure
Phishing
Zero Trust Network Access
Salesforce
Security Assertion Markup Language (SAML)
Scripting (Bash/Python/Go/Ruby)
Okta
Cyberark
Customer Identity Access Management
Information Technology
Api Gateway
Workday

Job description

  • Identity Strategy & Architecture: Architect and maintain the target-state architecture for internal workforce identity and help redesign customer-facing (CIAM) as appropriate.
  • Secure Access & Authentication: Architect secure, modern authentication protocols (SAML, OAuth2, OIDC, FIDO2) and fortify phishing-resistant MFA.
  • Identity Lifecycle Automation: Collaborate with IAM team to design automated provisioning, maintenance, and deprovisioning processes (SCIM) to handle high-volume user onboarding/offboarding.
  • Integration: Drive the integration of our privileged identity platform with brand Active Directories, Cloud and on-prem based platforms, and third-party applications such as SalesForce and Workday, as well as the architecture of an API gateway.
  • Governance & Compliance: Define RBAC (Role-Based Access Control) and ABAC (Attribute-Based Access Control) models to ensure compliance with student data privacy laws (e.g., FERPA, GDPR).
  • Mentorship: Act as a subject matter expert and mentor engineers on identity-first security best practices.

Requirements

  • Experience: 7+ years in IT/Security, with at least 4+ years focusing on Identity and Access Management (IAM) architecture.
  • Platform Expertise: Deep hands-on experience with modern IDP & PAM solutions (e.g., Okta, Ping Identity, Microsoft Entra ID/Azure AD, CyberArk, BeyondTrust, etc.).
  • Technical Skills: Proficiency in directory services (LDAP, AD) and scripting languages (PowerShell, Python) for automation.
  • Protocol Knowledge: Exceptional understanding of TLS, SSO, Federation, SAML, OAuth2, and OIDC protocols.
  • Education: Bachelor's degree in Computer Science, Information Technology, or equivalent experience.

Preferred Qualifications:

  • Compliance: Familiarity with student data privacy regulations (FERPA, COPPA).
  • Zero Trust: Experience implementing Zero Trust architecture principals.
  • Certifications: CAIM, CAMS, CISSP, CISM, or vendor-specific certifications (e.g., Okta Certified Architect)., If you will be working remotely, either occasionally or on a permanent basis, you must have a reliable internet connection through a cable or fiber-optic broadband service with minimum speeds of 10 Mbps download and 5 Mbps upload.

Apply for this position