Principal Engineer, Identity Services

Principal Engineer, Identity Services - Direct-Hire/FTE - Remote (US)

Title: Principal Engineer, Identity Services
Location: Remote (US)
Compensation: $200-240K Annual Salary
Work Requirements: , Holders or Authorized to Work in the U.S.

JOB DESCRIPTION: Principal Engineer, Identity Services Location: US Remote Division: Tech Ops Line Manager: Manager, Identity Services

THE TEAM:
The Identity Services team is responsible for all things Identity and Access Management (IAM) within the company, with a core focus on enabling appropriate administrative access to production and production-adjacent services. The scope of responsibility includes Active Directory, ADFS, Okta, Adaxes, bastion and jumpbox implementations, multi-factor authentication, security keys, and various other access solutions. As part of the organization's broader security transformation initiative, this team plays a critical role in implementing Zero Trust principles and securing our digital ecosystem, with particular emphasis on protecting privileged access pathways and ensuring that production access follows least privilege principles.

THE JOB:
As a Principal Security Engineer on the Identity Services team, you will report directly to the Identity Services Manager with a dotted line to the Director of Infrastructure Security Engineering. This role is critical to the organization's security transformation initiative. While maintaining operational excellence of identity services, you will drive security-first architecture decisions, implement Zero Trust principles, and serve as the identity security subject matter expert for the enterprise.
Your role is to lead the formation of technical strategy and assist in both planning and implementing work related to IAM services supported by the team, with particular emphasis on securing and managing administrative access to production systems. You will lead overall identity strategy improvements with a focus on security, functionality, features, and ease of use for production access workflows. You will be responsible for designing, implementing, and maintaining robust identity and access management (IAM) solutions that ensure appropriate administrative access to production and production-adjacent services while applying least privilege principles and maintaining operational efficiency.
The ideal candidate will have deep experience with identity and access management frameworks, hands-on experience with IAM technologies, and a strong understanding of security protocols, compliance standards, and cloud environments. You are an IAM guru who will be supporting a high-volume 24x7 production environment while driving strategic security improvements. You will provide technical mentorship and guidance to junior team members, write tools to automate routine and complex tasks, and troubleshoot application and infrastructure issues. The position includes collaboration with various teams to design a scalable and supportable service-oriented architecture.

WHAT YOU WILL BE DOING
Work Distribution:

• Tactical Work (15%): Critical operations support, incident response, and implementation of urgent security fixes. This includes hands-on coding, debugging, and deploying fixes when necessary.
• Security Architecture (35%): Design architectures that enable seamless integration and consumption of secure identity services. Conduct security reviews, implement Zero Trust design patterns, and lead PAM implementation. This involves creating documentation, diagrams, and proof-of-concepts.
• Strategic Work (50%): Participate in planning sessions, roadmap discussions, and architecture reviews. Lead identity security transformation initiatives and establish enterprise identity strategy aligned with business objectives.

• Design and implement Zero Trust identity architecture for production access, aligned with enterprise security strategy
• Develop identity security roadmap for production and administrative access aligned with TM Security Program objectives
• Lead privileged access management (PAM) strategy and implementation for production systems
• Establish security metrics and KPIs for production access and privileged identity services
• Lead threat modeling exercises for production access pathways and identity infrastructure
• Design break-glass procedures and secure emergency access patterns for production incidents.
• Implement just-in-time access controls and temporary privilege escalation workflows

• Design and implement secure production access patterns including just-in-time access and privilege escalation workflows
• Conduct security reviews of authentication/authorization patterns across production systems, and propose improved patterns
• Plan implementation of authorization patterns aligned to Infrastructure Architecture and Security, with emphasis on production access controls
• Develop and maintain bastion host and jumpbox architectures for secure production access
• Implement automation & IaC solutions with security-first principles for production access management
• Design robust highly scalable architecture for IAM solutions supporting 24x7 production operations

• Partner with Infrastructure Security Engineering team on identity-based security controls
• Work closely with Infrastructure Security Engineering team on security initiatives
• Drive remediation of identity-related security findings from audits and assessments
• Collaborate with the organization's InfoSec on enterprise identity requirements

• Support security incident response with identity expertise
• Implement preventative measures to reduce identity-related security incidents
• Develop and maintain incident response runbooks for identity services
• Conduct tabletop exercises for identity-related security scenarios
• Proactively identify and address stability, capacity, and performance concerns

• Provide subject matter expertise for IAM technologies
• Exercise independent judgment in methods, techniques, and evaluation criteria for obtaining results
• Provide mentorship and coaching to junior team members
• Complete assigned project related work from Jira tickets following Scaled Agile Framework (SAFe) methodology
• Check in code for infrastructure build, automation, & tests to version control repository (GitLab)
• Support PCI / security compliance requirements (upgrades, defect management, etc)
• Regularly work with Jira, GitLab, Prometheus, Grafana, Splunk
• Participate in on-call and potentially some after-hours support as required

• Microsoft Active Directory (and related components such as Group Policy, ADFS, LDAP, AD integrated DNS) expertise
• Okta identity solution platform - advanced configuration and security hardening
• Zero Trust architecture principles and implementation experience
• Privileged Access Management (PAM) solutions and strategies
• Two-factor authentication best practices, and hardware key management (we use YubiKey)
• OAuth/OIDC/SAML authentication protocols and security implications
• Identity lifecycle management (provisioning, deprovisioning) and integration with systems
• Adaxes unified Active Directory management platform
• Jumpbox / bastion host access management practices
• Security frameworks and threat modeling methodologies
• DevOps and SRE: Experience with GitLab, CI/CD tooling, Monitoring and Alerting, and SRE practices
• Compliance and Security: Understanding of PCI Compliance and Security Best Practices
• Software Engineering: Desired experience in software development, including but not limited to coding in languages like Python, Java, or Go, understanding of software design patterns, and experience with code reviews and version control systems like Git
• Experience managing large-scale Linux (preferred) and/or Windows (bonus) infrastructure
• Cloud Expertise: Solid understanding of cloud services like AWS or Google Cloud Platform with security focus
• Agile Practices: Must have experience with Agile methodologies
• Experience working as a key contributor in a fully remote team

• Security-first mindset with the ability to balance security requirements with business needs
• Extremely knowledgeable on IAM and security-related subject matter
• Capable and comfortable working on highly strategic, complex, and high-risk undertakings
• Autonomous and proactive with strong initiative
• Passionate and self-starting, focused on iterative delivery and data-driven decision-making
• Problem-Solving: Exceptional ability to analyze complex issues, synthesize problem statements, and propose valuable solutions
• Communication: Excellent written and verbal communication skills, capable of facilitating cross-team collaboration and explaining security concepts to various audiences
• Comfortable with working in cross functional and multidisciplinary teams
• Excited about taking on challenging technical problems and devising creative solutions
• Deeply concerned with the security and compliance implications of your services and solutions Ability to influence without authority and drive security improvements through collaboration

About INSPYR Solutions

Technology is our focus and quality is our commitment. As a national expert in delivering flexible technology and talent solutions, we strategically align industry and technical expertise with our clients' business objectives and cultural needs. Our solutions are tailored to each client and include a wide variety of professional services, project, and talent solutions. By always striving for excellence and focusing on the human aspect of our business, we work seamlessly with our talent and clients to match the right solutions to the right opportunities. Learn more about us at inspyrsolutions.com.

INSPYR Solutions provides Equal Employment Opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability, or genetics. In addition to federal law requirements, INSPYR Solutions complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities.