Security Engineer – IAM

If you are motivated and believe in the credit union philosophy of "People Helping People," join our team!

Position Overview:

The Security Engineer – IAM is a mid-level role responsible for enhancing and evolving SECU’s IAM practices, processes, and solutions.

This individual will serve as a key technical resource, providing operational support, management, implementation, and strategic development of IAM solutions, including Privileged Access Management (PAM), Single Sign-On (SSO), Identity Governance and Administration (IGA), Multi-Factor Authentication (MFA), Active Directory (AD), Customer Identity and Access Management (CIAM), and other IAM technologies.

The engineer will provide input and have some responsibility with designing and optimizing IAM frameworks, driving automation, and ensuring alignment with security best practices and compliance requirements.

Additionally, they will actively collaborate with cross-functional teams, mentor junior engineers, and work closely with key stakeholders to strengthen the adoption of IAM controls and solutions while contributing to the overall cybersecurity strategy.

Responsibilities:

• (30%) Perform operational support and maintenance of technical security solutions to enhance SECU’s security posture.
• (20%) Assist in the configuration and tuning of security tools and integrations with enterprise controls and tools.
• (20%) Participate in identification of service quality, documentation, and operational efficiency and improvement opportunities.
• (10%) Participate in on-call rotation and serve as a resource for technical support of information security technologies.
• (10%) Mentor and collaborate with junior engineers.

• (10%) Pursue and maintain additional skills and certifications commensurate with the role to remain current on advancing cyber security trends.

• Responsibilities will include participation in special assignments and cross-functional initiatives as required.

Required Education & Experience (Knowledge, Skills, & Abilities):

• Candidate must live in North Carolina or contiguous state.
• Bachelors degree in Computer Science, Information Technology, Cyber Security, or related field.
  • Additional 2 years of relevant experience can be considered in lieu of degree.
• Minimum 2 year of experience in related field.
• Primary IAM Solution Experience Required - CyberArk or comparable PAM solution
  • Experience implementing and configuring CyberArk components including PVWA, CPM, PSM, and Vaults
  • Basic troubleshooting of common end user issues including account onboarding/offboarding issues
  • Experience with user provisioning, onboarding, and password management
  • Knowledge of how to develop and maintain PAM policies and manage safes.
  • Knowledge of how to integrate CyberArk with SIEM integration and IAM solutions like SSO, Directory Services, and IGA.
  • Experience with reviewing CyberArk logs (Vault, CPM, PSM)
  • Understanding of integration with Active Directory for authentication
• General IAM Solutions
  • Experience supporting one or more IAM solutions such as PAM, SSO, Directory Services, IGA, CIAM, and MFA
• Understanding of IAM Concepts
  • Demonstrated experience and understanding of core IAM principles, such as authentication, authorization, provisioning, and access control.
  • Demonstrated experience and understanding of identity lifecycle management (creation, modification, and deletion of user accounts).
• Basic Programming/Scripting Skills
  • Ability to leverage and understand scripting languages such as Python, PowerShell, or Bash for automating tasks.
• User and Role Management
  • Experience in managing user accounts, groups, roles, and permissions within an IAM system.
• Security Awareness
  • Understanding of security principles, including least privilege, segregation of duties, and access reviews.
• Incident Response and Troubleshooting
  • Ability to investigate and resolve access-related issues and incidents.
  • Experience with IAM-related logs and monitoring tools for diagnosing and fixing issues.
  • Ability to identify discrepancies or potential security risks in access control settings.
• Communication Skills
  • Ability to document processes, policies, and procedures clearly and concisely.
  • Skills in communicating technical concepts to non-technical stakeholders.

Preferred Education & Experience (Knowledge, Skills, & Abilities):

• Bachelors degree in Computer Science, Information Technology, Cyber Security, or related field.
• Preferred 2-5 direct years of experience.
• Ability to manage role-based access control (RBAC) policies.
• Experience working in cross-functional teams, including IT, security, and compliance.
• Ability to collaborate with stakeholders to understand access requirements and implement them effectively.
• Experience working within a DevOps environment.
• Professional certifications such as: CISSP, CISA, CISM, GIAC, CGEIT, CRISC, OSCE, or other relevant industry certification and/or desire to obtain such certifications.

Work Environment & Physical Requirements:

*Note: “Working Conditions” or “ADA” – open to other language

• Computer for prolonged periods

SECU provides equal employment opportunity to all qualified persons regardless of race, color, religion, age, sex, sexual orientation, gender identity, national origin, genetic information, disability, veteran status, or other classification protected by law.

Disclaimer

State Employees' Credit Union reserves the right to fill this role at a higher/lower level based on business need.