Principal Security Engineer, IAM

Job#: 3019282

Job Description:

Location: This role is open to remote work for candidates based in the United States.

About the opportunity:

We are seeking a Security Engineer with strong expertise inIdentity and Access Management (IAM)to support and secure aFedRAMP ATO-authorized environment. The ideal candidate has hands-on experience designing, implementing, and operating Privileged Access Management (PAM)andIdentity Governance & Administration (IGA)solutions while ensuring compliance withNIST 800-53 Moderate controls.

This role requires deep technical skills in Delinea PAM, One Identity IGA, Microsoft Entra ID, Azure Automation and automation using PowerShell, calling API's and modern scripting languages to support secure, scalable, and compliant cloud environments.

Key Responsibilities:

Identity & Access Management

• Design, implement, and maintain Delinea PAM solutions for privileged account discovery, credential vaulting, session management, and just-in-time access.
• Implement and support One Identity IGA for identity lifecycle management, access requests, approvals, certifications, and role-based access control.
• Design, develop, and maintain API integrations between IAM platforms (Delinea PAM, One Identity IGA, Microsoft Entra ID) and non-identity systems, including ServiceNow, SIEM/SOAR platforms, and other enterprise applications.
• Manage and secure identities in Microsoft Entra ID (Azure AD), including:
  • Conditional Access policies
  • MFA and passwordless authentication
  • Privileged Identity Management (PIM)
  • External and workforce identities

Security Engineering & Automation

• Develop and maintain PowerShell automation for IAM, PAM, and compliance workflows.
• Create scripts and tools using Python, Bash, or other modern languages to integrate security platforms and automate controls.
• Integrate IAM solutions with cloud platforms, SaaS applications, and on-prem systems.
• Support secure API integrations and identity federation (SAML, OAuth 2.0, OIDC).
• Automate identity lifecycle, access requests, approvals, provisioning, and deprovisioning workflows using REST APIs, webhooks, and scripted integrations.

FedRAMP & Compliance

• Implement and operate security controls aligned with NIST 800-53 Moderate.
• Support FedRAMP ATO audits, assessments, and continuous monitoring activities.
• Produce and maintain technical documentation, SOPs, and evidence artifacts.
• Participate in vulnerability remediation, access reviews, and incident response related to identity security.
• Ability to obtain and maintain Public Trust clearance

Skills and experience we value:

5+ years engineering experience with IAM capabilities / technologies such as IGA,

PAM, and IAM

Familiarity with Proofpoint email security platforms, including identity-based threat

protection and user risk signals.

Experience implementing and managing FIDO2 / hardware security keys (e.g.,

YubiKeys) for phishing-resistant authentication.

Expert knowledge and hands-on technical experience with MS Entra,

Onprem Delinea PAM, IAM, and One Identity IGA solutions

Expert knowledge and hands-on technical experience with automation calling API's

Expert knowledge of SSO, MFA, RBAC, MS Entra PIM

Highly proficient in automation scripting languages such as PowerShell

Superior communication skills (written and verbal) with an ability to articulate

complex topics in a business understandable manner at all levels in an enterprise

Ability to prioritize workload and consistently meet deadlines in a fast-paced

environment

Certifications such as CISSP, Cloud Security (CCSP, CCSK, AZ-305, AZ-500) are

highly desirable

Bachelor's degree is a plus

Apex Systems is a world-class IT services company that serves thousands of clients across the globe. When you join Apex, you become part of a team that values innovation, collaboration, and continuous learning. We offer quality career resources, training, certifications, development opportunities, and a comprehensive benefits package. Our commitment to excellence is reflected in many awards, including ClearlyRated's Best of Staffing in Talent Satisfaction in the United States and Great Place to Work in the United Kingdom and Mexico. Apex uses a virtual recruiter as part of the application process. Click for more details.

Apex Benefits Overview: Apex offers a range of supplemental benefits, including medical, dental, vision, life, disability, and other insurance plans that offer an optional layer of financial protection. We offer an ESPP (employee stock purchase program) and a 401K program which allows you to contribute typically within 30 days of starting, with a company match after 12 months of tenure. Apex also offers a HSA (Health Savings Account on the HDHP plan), a SupportLinc Employee Assistance Program (EAP) with up to 8 free counseling sessions, a corporate discount savings program and other discounts. In terms of professional development, Apex hosts an on-demand training program, provides access to certification prep and a library of technical and leadership courses/books/seminars once you have 6+ months of tenure, and certification discounts and other perks to associations that include CompTIA and IIBA. Apex has a dedicated customer service team for our Consultants that can address questions around benefits and other resources, as well as a certified Career Coach. You can access a full list of our benefits, programs, support teams and resources within our 'Welcome Packet' as well, which an Apex team member can provide.