Security Engineer II

Systems Engineer II - Security THIS ROLE WILL BE BASED ON-SITE, IN OUR IRVING, TX. OFFICE We are Lennar Lennar is one of the nation's leading homebuilders, dedicated to making an impact and creating an extraordinary experience for their Homeowners, Communities, and Associates by building quality homes and providing exceptional customer service, giving back to the communities in which we work and live in, and fostering a culture of opportunity and growth for our Associates throughout their career.

Lennar has been recognized as a Fortune 500® company and consistently ranked among the top homebuilders in the United States. Join a Company that Empowers you to Build your Future The Systems Engineer II - Security is a mid-level position responsible for enhancing and maintaining the security of the organization’s information technology infrastructure. The Systems Engineer II – Security role is responsible for designing, implementing, and operating enterprise identity and access controls across IAM, IGA, and PAM platforms to ensure the right users and workloads have the right access at the right time.

This role reduces identity-related risk by enforcing least privilege, strengthening authentication, and governing privileged access in alignment with security and regulatory requirements. A career with purpose. A career built on making dreams come true. A career built on building zero defect homes, cost management, and adherence to schedules. Your Responsibilities on the Team Systems Security:
Support enterprise IAM solutions that collectively deliver single sign-on (SSO), multifactor authentication (MFA), identity governance and administration, and privileged access management for all types of identities, including on-premises, hybrid, cloud-only, non-human (service accounts), and application-based credentials (API keys, tokens). Engineer and operate IGA capabilities, including joiner‑mover‑leaver workflows, access request and approval, automated provisioning/de‑provisioning, and role‑based access control (RBAC/ABAC) Implement and manage PAM platforms for privileged account onboarding, credential vaulting, password rotation, session monitoring/recording, and just‑in‑time (JIT) elevation.

Design and implement identity and access controls for AI agents and non-human identities (service accounts, bots, APIs, workloads), including lifecycle management, secrets management, least-privilege roles, and monitoring of machine-to-machine access in alignment with Zero Trust principles. Monitor identity and privileged access activities, analyze logs and alerts, and support incident response and forensic investigations related to compromised identities or misuse of privilege.

Support audit, compliance, and certification efforts by providing evidence, improving control design, and remediating findings related to IAM, IGA, and PAM. Troubleshoot complex IAM/IGA/PAM issues, perform root cause analysis, and drive continuous improvement and modernization of identity platforms. Collaborate with security architecture, infrastructure, application, and Dev Ops teams to embed identity security and Zero Trust principles in new solutions and strategic programs.

Document architectures, standards, runbooks, and knowledge articles, and provide guidance and training to operations and application teams on identity security best practices Participate in Proof of Concepts and product evaluations of new and emerging Identity security services and technologies. May provide mentorship and support to various junior security engineers and security operations team members. Requirements

Education:

Bachelor’s degree required in Computer Science, Cybersecurity, Engineering, or related field.

Experience:

4-5 years of hands-on cybersecurity engineering experience with exposure to IAM. 4+ years of relevant work experience in security engineering, with a focus on concepts and technologies in Identity & Access Management (IAM) like SailPoint, Delinea, Cyber Ark, Entra , Ping Identities 2+ years of relevant work experience with Identity and Access Management solutions, including the implementation and configuration of solutions for Single Sign-On…