Principal Security Engineer - IAM

If you are motivated and believe in the credit union philosophy of "People Helping People," join our team!

Position Overview:

The Principal Security Engineer - IAM is a strategic and technical authority responsible for driving the vision, design, and evolution of SECU’s Identity and Access Management (IAM) program.

This role serves as a distinguished SME and advisor, leading enterprise-wide initiatives to enhance Privileged Access Management (PAM), Single Sign-On (SSO), Identity Governance and Administration (IGA), Multi-Factor Authentication (MFA), Active Directory (AD), Customer Identity and Access Management (CIAM), and other IAM solutions.

As a principal engineer, this individual will design and implement cutting-edge IAM frameworks, develop automation strategies, and ensure alignment with security, compliance, and regulatory requirements. They will partner with architects, senior leadership, security teams, and business units to help define IAM roadmaps, mitigate identity risks, and drive innovation in identity security.

This role will also provide technical mentorship, thought leadership, and influence across the organization, ensuring IAM best practices are embedded in enterprise security strategy. The Principal Cyber Security Engineer will lead cross-functional IAM initiatives, collaborate with industry peers, and contribute to the long-term cybersecurity resilience.

The principal engineer may be required, based on the overall size and available competencies within the IAM team, to assume responsibility for certain functions that would normally be addressed by other roles in larger enterprises.

Responsibilities:

• (30%) Facilitate and lead efforts to design, plan, enhance, and test all IAM technologies used throughout SECU. Including capacity planning for future systems requirements and new technology.

• (30%) Drive collaboration with cross-functional teams and leadership to ensure technology security solutions are in alignment with organizational strategic goals.

• (10%) Lead governance and compliance initiatives to develop and maintain security standards in compliance with regulations and best practices. 

• (10%) Stay abreast of emerging trends, technologies, and best practices in cybersecurity. Evaluate new tools and methodologies, pilot innovative solutions, and drive continuous improvement initiatives within cybersecurity.

• (10%) Serve as an escalation resource for technical support of information security technologies providing expert problem analysis and resolution.

• (10%) Provide mentorship, coaching, and guidance to junior and mid-level cybersecurity engineers including certification guidance. Foster a culture of collaboration, knowledge sharing, and continuous improvement within the cybersecurity team.

• Responsibilities will include participation in special assignments and cross-functional initiatives as required.

Required Education & Experience (Knowledge, Skills, & Abilities):

• Candidate must live in North Carolina or contiguous state.
• Bachelors degree in Computer Science, Information Technology, Cyber Security, or related field.
  • Additional 5 years of relevant experience can be considered in lieu of degree.
• Minimum 10 year of experience in related field.
• IAM Solutions
  • Mastery of three or more IAM solutions such as PAM, SSO, Directory Services, IGA, CIAM, and MFA.
  • Experience in designing and implementing advanced integrations between multiple IAM solutions.
  • Knowledge and experience with cloud directories such as Entra ID, AWS Directory Service, and Google Cloud Identity.
  • Experience with hybrid IAM environments and cloud-to-cloud identity integration.
  • Advanced experience with APIs and understanding of how they are used to integrate IAM systems with other applications.
• Authentication and Authorization Protocols
  • Mastery of authentication and authorization protocols such as OAuth2.0, OIDC (OpenID Connect), SAML (Security Assertion Markup Language), LDAP (Lightweight Directory Access Protocol), Kerberos, and XACML (eXtensible Access Control Markup Language).
• IAM Governance and Compliance
  • Experience with and implementation of IAM governance frameworks and standards such as NIST, ISO 27001, SOX, and GDPR.
  • Experience with audit and compliance reporting.
• User Lifecycle Management
  • Experience in designing and implementing provisioning and de-provisioning processes for user accounts, including Joiner-Mover-Leaver (JML) processes.
  • Experience with designing and automation of user lifecycle management using tools such as PowerShell, Python, or IAM orchestration tools.
  • Experience in designing and implementation of Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC).
• Security and Risk Management
  • Understanding of IAM’s role in broader security frameworks and risk management.
  • Experience in threat modeling and risk assessment related to identity and access.
• Incident Response and Forensics
  • Ability to support IAM-related incident response efforts, including identifying and mitigating identity-based security incidents.
  • Experience with forensic analysis related to identity breaches.
• Automation and Scripting
  • Ability to leverage and understand scripting languages such as Python, PowerShell, or Bash for automating tasks.
  • Knowledge of Infrastructure as Code (IaC) tools such as Ansible, Azure Resource Manager, Terraform for IAM automation.
• Collaboration and Leadership
  • Experience in participating in cross-functional teams in IAM initiatives.
  • Ability to collaborate with security, IT operations, developers, and business stakeholders to align IAM solutions with organizational goals.
  • Experience facilitating engineering design and deployment of IAM solutions across multiple technologies and functional areas.
• Problem-Solving and Analytical Skills
  • Advanced problem-solving skills for troubleshooting and resolving IAM issues.
  • Analytical skills for identifying patterns and improving IAM processes.

Preferred Education & Experience (Knowledge, Skills, & Abilities):

• Bachelors degree in Computer Science, Information Technology, Cyber Security, or related field.
• Preferred 10+ direct years of experience.

• Professional certifications such as: CISSP, CISA, CISM, GIAC, CGEIT, CRISC, OSCE, or other relevant industry certification and/or desire to obtain such certifications.
• Experience working within a DevOps environment.

• Experience in managing IAM projects from inception to delivery.
• Experience of FFIEC audit guidelines for banking regulators

Work Environment & Physical Requirements:

*Note: “Working Conditions” or “ADA” – open to other language

• Computer for prolonged periods

SECU provides equal employment opportunity to all qualified persons regardless of race, color, religion, age, sex, sexual orientation, gender identity, national origin, genetic information, disability, veteran status, or other classification protected by law.

Disclaimer

State Employees' Credit Union reserves the right to fill this role at a higher/lower level based on business need.