Lead Security Engineer - IAM

If you are motivated and believe in the credit union philosophy of "People Helping People," join our team!

Position Overview:

The Lead Security Engineer - IAM is a highly experienced technical leader responsible for shaping the vision, strategy, and execution of SECU’s Identity and Access Management (IAM) program.

This role serves as a trusted SME and thought leader, driving the design, implementation, and optimization of Privileged Access Management (PAM), Single Sign-On (SSO), Identity Governance and Administration (IGA), Multi-Factor Authentication (MFA), Active Directory (AD), Customer Identity and Access Management (CIAM), and other IAM technologies.

As a senior level engineer, this individual will develop scalable IAM solutions, integrate advanced automation capabilities, and ensure compliance with regulatory and security standards. They will collaborate closely with architecture, cybersecurity, IT, and business leaders to align IAM initiatives with enterprise security objectives, proactively identifying and mitigating identity-related risks.

Additionally, this role will be responsible for mentoring and guiding junior engineers, leading complex IAM projects, and influencing IAM policies and best practices to enhance the overall cybersecurity posture.

Responsibilities:

• (30%) Implement and manage Security solutions.  Drive planning, deployment, change management, documentation, and training to enhance SECU's security posture.
• (25%) Optimize Security tools and processes. Lead the configuration, tuning, and integration of security tools with enterprise systems while evaluating vendor offerings and new tools to improve responsiveness.
• (15%) Work cross-functionally with IT and business teams to enhance operations and efficiency.  Identify and recommend improvements for documentation, cost savings, service quality, and operational efficiency.
• (10%) Ensure governance and compliance. Oversee adherence to security standards and regulations by participating in assessments, remediation activities, and compliance initiatives.
• (10%) Participate in on-call rotation and serve as a resource for technical support of information security technologies, mentor junior engineers, and act as an escalation point for technical issues.

• (10%) Pursue and maintain additional skills and certifications commensurate with the role to remain current on advancing cyber security trends.

• Responsibilities will include participation in special assignments and cross-functional initiatives as required.

Required Education & Experience (Knowledge, Skills, & Abilities):

• Candidate must live in North Carolina or contiguous state.
• Bachelors degree in Computer Science, Information Technology, Cyber Security, or related field.
  • Additional 4 years of relevant experience can be considered in lieu of degree.
• Minimum 7 year of experience in related field.
• Primary IAM Solution Experience
  • Advanced skills implementing and supporting
• General IAM Solutions
  • Advanced skills for implementing and supporting three or more IAM solutions such as PAM, SSO, Directory Services, IGA, CIAM, and MFA
  • Experience in designing and implementing integrations between multiple IAM solutions.
  • Knowledge of cloud directories and experience with cloud directories such as Entra ID, AWS Directory Service, and Google Cloud Identity.
  • Knowledge of hybrid IAM environments and cloud-to-cloud identity integration.
  • Experience with APIs and understanding of how they are used to integrate IAM systems with other applications.
• Authentication and Authorization Protocols
  • Proficiency with authentication and authorization protocols such as OAuth2.0, OIDC (OpenID Connect), SAML (Security Assertion Markup Language), LDAP (Lightweight Directory Access Protocol), Kerberos, and XACML (eXtensible Access Control Markup Language).
• IAM Governance and Compliance
  • Familiarity with IAM governance frameworks and standards such as NIST, ISO 27001, SOX, and GDPR.
  • Experience with audit and compliance reporting.
• User Lifecycle Management
  • Proficient in provisioning and de-provisioning user accounts, including Joiner-Mover-Leaver (JML) processes.
  • Experience with automation of user lifecycle management using tools such as PowerShell, Python, or IAM orchestration tools.
  • Experience in implementation of Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC).
• Security and Risk Management
  • Understanding of IAM’s role in broader security frameworks and risk management.
  • Experience in threat modeling and risk assessment related to identity and access.
• Incident Response and Forensics
  • Ability to support IAM-related incident response efforts, including identifying and mitigating identity-based security incidents.
  • Experience with forensic analysis related to identity breaches.
• Automation and Scripting
  • Ability to leverage and understand scripting languages such as Python, PowerShell, or Bash for automating tasks.
• Collaboration and Leadership
  • Experience in participating in cross-functional teams in IAM initiatives.
  • Ability to collaborate with security, IT operations, developers, and business stakeholders to align IAM solutions with organizational goals.
• Problem-Solving and Analytical Skills
  • Proficient at problem-solving skills for troubleshooting to resolve IAM issues.
  • Analytical skills for identifying patterns and improving IAM processes.

Preferred Education & Experience (Knowledge, Skills, & Abilities):

• Bachelors degree in Computer Science, Information Technology, Cyber Security, or related field.
• Preferred 7+ direct years of experience.
• Professional certifications such as: CISSP, CISA, CISM, GIAC, CGEIT, CRISC, OSCE, or other relevant industry certification and/or desire to obtain such certifications.
• Experience working within a DevOps environment.
• Experience in managing IAM projects from inception to delivery.
• Experience with FFIEC audit guidelines for banking regulators       

Work Environment & Physical Requirements:

*Note: “Working Conditions” or “ADA” – open to other language

• Computer for prolonged periods

SECU provides equal employment opportunity to all qualified persons regardless of race, color, religion, age, sex, sexual orientation, gender identity, national origin, genetic information, disability, veteran status, or other classification protected by law.

Disclaimer

State Employees' Credit Union reserves the right to fill this role at a higher/lower level based on business need.