Cambium Learning GroupRemote
Principal Security Engineer Identity & Access Management
United States of America
Full Time
15 hours ago
H1B Sponsor Likely
Key skills
PythonPowerShellAzureIAMAPI GatewayAzure ADEntra IDOktaSAMLLDAPSSOSalesforceWorkdayZero Trust
About this role
Cambium Learning Group is seeking a Principal Security Engineer for Identity & Access Management. In this role, you will be the principal technical leader responsible for architecting scalable identity solutions and ensuring secure access across various platforms while adhering to data privacy regulations.
Responsibilities:
- Architect and maintain the target-state architecture for internal workforce identity and help redesign customer-facing (CIAM) as appropriate
- Architect secure, modern authentication protocols (SAML, OAuth2, OIDC, FIDO2) and fortify phishing-resistant MFA
- Collaborate with IAM team to design automated provisioning, maintenance, and deprovisioning processes (SCIM) to handle high-volume user onboarding/offboarding
- Drive the integration of our privileged identity platform with brand Active Directories, Cloud and on-prem based platforms, and third-party applications such as SalesForce and Workday, as well as the architecture of an API gateway
- Define RBAC (Role-Based Access Control) and ABAC (Attribute-Based Access Control) models to ensure compliance with student data privacy laws (e.g., FERPA, GDPR)
- Act as a subject matter expert and mentor engineers on identity-first security best practices
Requirements:
- 7+ years in IT/Security, with at least 4+ years focusing on Identity and Access Management (IAM) architecture
- Deep hands-on experience with modern IDP & PAM solutions (e.g., Okta, Ping Identity, Microsoft Entra ID/Azure AD, CyberArk, BeyondTrust, etc.)
- Proficiency in directory services (LDAP, AD) and scripting languages (PowerShell, Python) for automation
- Exceptional understanding of TLS, SSO, Federation, SAML, OAuth2, and OIDC protocols
- Bachelor's degree in Computer Science, Information Technology, or equivalent experience
- Familiarity with student data privacy regulations (FERPA, COPPA)
- Experience implementing Zero Trust architecture principals
- CAIM, CAMS, CISSP, CISM, or vendor-specific certifications (e.g., Okta Certified Architect)