Principal Engineer, Identity Services

5 days ago Be among the first 25 applicants Get AI-powered advice on this job and more exclusive features. This range is provided by INSPYR Solutions. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more. Base pay range $200,000.00/yr - $240,000.00/yr Principal Engineer, Identity Services - Direct-Hire/FTE - Remote (US) Title: Principal Engineer, Identity ServicesLocation: Remote (US)Compensation: $200-240K Annual SalaryWork Requirements: US Citizen, GC Holders or Authorized to Work in the U.S. JOB DESCRIPTION: Principal Engineer, Identity Services Location: US Remote Division: Tech Ops Line Manager: Manager, Identity ServicesTHE TEAM:The Identity Services team is responsible for all things Identity and Access Management (IAM) within the company, with a core focus on enabling appropriate administrative access to production and production-adjacent services. The scope of responsibility includes Active Directory, ADFS, Okta, Adaxes, bastion and jumpbox implementations, multi-factor authentication, security keys, and various other access solutions. As part of the organization'sbroader security transformation initiative, this team plays a critical role in implementing Zero Trust principles and securing our digital ecosystem, with particular emphasis on protecting privileged access pathways and ensuring that production access follows least privilege principles.THE JOB:As a Principal Security Engineer on the Identity Services team, you will report directly to the Identity Services Manager with a dotted line to the Director of Infrastructure Security Engineering. This role is critical to the organization's security transformation initiative. While maintaining operational excellence of identity services, you will drive security-first architecture decisions, implement Zero Trust principles, and serve as the identity security subject matter expert for the enterprise.Your role is to lead the formation of technical strategy and assist in both planning and implementing work related to IAM services supported by the team, with particular emphasis on securing and managing administrative access to production systems. You will lead overall identity strategy improvements with a focus on security, functionality, features, and ease of use for production access workflows. You will be responsible for designing, implementing, and maintaining robust identity and access management (IAM) solutions that ensure appropriate administrative access to production and production-adjacent services while applying least privilege principles and maintaining operational efficiency.The ideal candidate will have deep experience with identity and access management frameworks, hands-on experience with IAM technologies, and a strong understanding of security protocols, compliance standards, and cloud environments. You are an IAM guru who will be supporting a high-volume 24x7 production environment while driving strategic security improvements. You will provide technical mentorship and guidance to junior team members, write tools to automate routine and complex tasks, and troubleshoot application and infrastructure issues. The position includes collaboration with various teams to design a scalable and supportable service-oriented architecture.WHAT YOU WILL BE DOINGWork Distribution: Tactical Work (15%): Critical operations support, incident response, and implementation of urgent security fixes. This includes hands-on coding, debugging, and deploying fixes when necessary. Security Architecture (35%): Design architectures that enable seamless integration and consumption of secure identity services. Conduct security reviews, implement Zero Trust design patterns, and lead PAM implementation. This involves creating documentation, diagrams, and proof-of-concepts. Strategic Work (50%): Participate in planning sessions, roadmap discussions, and architecture reviews. Lead identity security transformation initiatives and establish enterprise identity strategy aligned with business objectives. Principal Engineer, Identity Services - Direct-Hire/FTE - Remote (US) Title: Principal Engineer, Identity ServicesLocation: Remote (US)Compensation: $200-240K Annual SalaryWork Requirements: US Citizen, GC Holders or Authorized to Work in the U.S. JOB DESCRIPTION: Principal Engineer, Identity Services Location: US Remote Division: Tech Ops Line Manager: Manager, Identity ServicesTHE TEAM:The Identity Services team is responsible for all things Identity and Access Management (IAM) within the company, with a core focus on enabling appropriate administrative access to production and production-adjacent services. The scope of responsibility includes Active Directory, ADFS, Okta, Adaxes, bastion and jumpbox implementations, multi-factor authentication, security keys, and various other access solutions. As part of the organization'sbroader security transformation initiative, this team plays a critical role in implementing Zero Trust principles and securing our digital ecosystem, with particular emphasis on protecting privileged access pathways and ensuring that production access follows least privilege principles.THE JOB:As a Principal Security Engineer on the Identity Services team, you will report directly to the Identity Services Manager with a dotted line to the Director of Infrastructure Security Engineering. This role is critical to the organization's security transformation initiative. While maintaining operational excellence of identity services, you will drive security-first architecture decisions, implement Zero Trust principles, and serve as the identity security subject matter expert for the enterprise.Your role is to lead the formation of technical strategy and assist in both planning and implementing work related to IAM services supported by the team, with particular emphasis on securing and managing administrative access to production systems. You will lead overall identity strategy improvements with a focus on security, functionality, features, and ease of use for production access workflows. You will be responsible for designing, implementing, and maintaining robust identity and access management (IAM) solutions that ensure appropriate administrative access to production and production-adjacent services while applying least privilege principles and maintaining operational efficiency.The ideal candidate will have deep experience with identity and access management frameworks, hands-on experience with IAM technologies, and a strong understanding of security protocols, compliance standards, and cloud environments. You are an IAM guru who will be supporting a high-volume 24x7 production environment while driving strategic security improvements. You will provide technical mentorship and guidance to junior team members, write tools to automate routine and complex tasks, and troubleshoot application and infrastructure issues. The position includes collaboration with various teams to design a scalable and supportable service-oriented architecture.WHAT YOU WILL BE DOINGWork Distribution: Tactical Work (15%): Critical operations support, incident response, and implementation of urgent security fixes. This includes hands-on coding, debugging, and deploying fixes when necessary. Security Architecture (35%): Design architectures that enable seamless integration and consumption of secure identity services. Conduct security reviews, implement Zero Trust design patterns, and lead PAM implementation. This involves creating documentation, diagrams, and proof-of-concepts. Strategic Work (50%): Participate in planning sessions, roadmap discussions, and architecture reviews. Lead identity security transformation initiatives and establish enterprise identity strategy aligned with business objectives. Security Leadership Responsibilities: Design and implement Zero Trust identity architecture for production access, aligned with enterprise security strategy Develop identity security roadmap for production and administrative access aligned with TM Security Program objectives Lead privileged access management (PAM) strategy and implementation for production systems Establish security metrics and KPIs for production access and privileged identity services Lead threat modeling exercises for production access pathways and identity infrastructure Design break-glass procedures and secure emergency access patterns for production incidents. Implement just-in-time access controls and temporary privilege escalation workflows Security Architecture & Patterns: Design and implement secure production access patterns including just-in-time access and privilege escalation workflows Conduct security reviews of authentication/authorization patterns across production systems, and propose improved patterns Plan implementation of authorization patterns aligned to Infrastructure Architecture and Security, with emphasis on production access controls Develop and maintain bastion host and jumpbox architectures for secure production access Implement automation & IaC solutions with security-first principles for production access management Design robust highly scalable architecture for IAM solutions supporting 24x7 production operations Cross-Team Collaboration: Partner with Infrastructure Security Engineering team on identity-based security controls Work closely with Infrastructure Security Engineering team on security initiatives Drive remediation of identity-related security findings from audits and assessments Collaborate with the organization's InfoSec on enterprise identity requirements Incident Response & Prevention: Support security incident response with identity expertise Implement preventative measures to reduce identity-related security incidents Develop and maintain incident response runbooks for identity services Conduct tabletop exercises for identity-related security scenarios Proactively identify and address stability, capacity, and performance concerns Core Identity Services: Provide subject matter expertise for IAM technologies Exercise independent judgment in methods, techniques, and evaluation criteria for obtaining results Provide mentorship and coaching to junior team members Complete assigned project related work from Jira tickets following Scaled Agile Framework (SAFe) methodology Check in code for infrastructure build, automation, & tests to version control repository (GitLab) Support PCI / security compliance requirements (upgrades, defect management, etc) Regularly work with Jira, GitLab, Prometheus, Grafana, Splunk Participate in on-call and potentially some after-hours support as required WHAT YOU NEED TO KNOW (or TECHNICAL SKILLS/COMPETENCIES) Microsoft Active Directory (and related components such as Group Policy, ADFS, LDAP, AD integrated DNS) expertise Okta identity solution platform - advanced configuration and security hardening Zero Trust architecture principles and implementation experience Privileged Access Management (PAM) solutions and strategies Two-factor authentication best practices, and hardware key management (we use YubiKey) OAuth/OIDC/SAML authentication protocols and security implications Identity lifecycle management (provisioning, deprovisioning) and integration with systems Adaxes unified Active Directory management platform Jumpbox / bastion host access management practices Security frameworks and threat modeling methodologies DevOps and SRE: Experience with GitLab, CI/CD tooling, Monitoring and Alerting, and SRE practices Compliance and Security: Understanding of PCI Compliance and Security Best Practices Software Engineering: Desired experience in software development, including but not limited to coding in languages like Python, Java, or Go, understanding of software design patterns, and experience with code reviews and version control systems like Git Experience managing large-scale Linux (preferred) and/or Windows (bonus) infrastructure Cloud Expertise: Solid understanding of cloud services like AWS or GCP with security focus Agile Practices: Must have experience with Agile methodologies Experience working as a key contributor in a fully remote team YOU (BEHAVIOURAL SKILLS/COMPETENCIES) Security-first mindset with the ability to balance security requirements with business needs Extremely knowledgeable on IAM and security-related subject matter Capable and comfortable working on highly strategic, complex, and high-risk undertakings Autonomous and proactive with strong initiative Passionate and self-starting, focused on iterative delivery and data-driven decision-making Problem-Solving: Exceptional ability to analyze complex issues, synthesize problem statements, and propose valuable solutions Communication: Excellent written and verbal communication skills, capable of facilitating cross-team collaboration and explaining security concepts to various audiences Comfortable with working in cross functional and multidisciplinary teams Excited about taking on challenging technical problems and devising creative solutions Deeply concerned with the security and compliance implications of your services and solutions Ability to influence without authority and drive security improvements through collaboration About INSPYR Solutions Technology is our focus and quality is our commitment. As a national expert in delivering flexible technology and talent solutions, we strategically align industry and technical expertise with our clients' business objectives and cultural needs. Our solutions are tailored to each client and include a wide variety of professional services, project, and talent solutions. By always striving for excellence and focusing on the human aspect of our business, we work seamlessly with our talent and clients to match the right solutions to the right opportunities. Learn more about us at inspyrsolutions.com. INSPYR Solutions provides Equal Employment Opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability, or genetics. In addition to federal law requirements, INSPYR Solutions complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. Seniority level Seniority level Mid-Senior level Employment type Employment type Full-time Job function Job function Information Technology Industries Entertainment Providers and IT Services and IT Consulting Referrals increase your chances of interviewing at INSPYR Solutions by 2x Sign in to set job alerts for “Principal Engineer” roles. Senior Engineering Director, Plant Development Engineering Manager - Growth Experiences California, United States $190,000.00-$920,000.00 2 weeks ago Los Angeles, CA $190,000.00-$220,000.00 1 month ago Mountain View, CA $186,300.00-$269,075.00 4 days ago San Francisco, CA $186,300.00-$269,075.00 4 days ago Mountain View, CA $185,200.00-$274,400.00 4 days ago Mountain View, CA $186,300.00-$269,075.00 4 days ago San Francisco, CA $186,300.00-$269,075.00 4 days ago Mountain View, CA $186,300.00-$269,075.00 5 days ago Sr. Engineering Manager - Developer Experience (Remote) Mountain View, CA $186,300.00-$269,075.00 1 week ago San Francisco, CA $195,000.00-$235,000.00 1 month ago San Francisco, CA $185,200.00-$274,400.00 5 days ago Sr. Engineering Manager, ML Serving Platform San Mateo, CA $173,600.00-$282,100.00 1 week ago Engineering Manager II, Generative AI Products Foster City, CA $190,400.00-$259,000.00 3 weeks ago Engineering Manager II, Search Discovery Experience Engineering Manager | Remote | Startup Transforming legal tech with AI Senior Practice Manager - Data Engineering San Francisco, CA $177,000.00-$229,000.00 3 weeks ago San Francisco, CA $175,313.00-$206,250.00 5 days ago San Francisco, CA $238,000.00-$322,000.00 4 days ago Lead Contracts Manager - Data Center Design, Engineering & Construction United States $144,000.00-$201,000.00 1 week ago Engineering Manager, Software Development Engineering Manager | Hybrid | Startup Transforming legal tech with AI We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI. #J-18808-Ljbffr