Sr Security Engineer - IAM

If you are motivated and believe in the credit union philosophy of "People Helping People," join our team!

The Sr. Security Engineer – IAM is a mid to senior-level role responsible for driving the design, development, and advancement of SECU’s IAM program. This individual will serve as a subject matter expert (SME) and technical lead, providing support as well as participating in the strategic direction, implementation, and continuous improvement of IAM solutions, including Privileged Access Management (PAM), Single Sign-On (SSO), Identity Governance and Administration (IGA), Multi-Factor Authentication (MFA), Active Directory (AD), Customer Identity and Access Management (CIAM), and other IAM technologies.

This role will be instrumental in designing and optimizing IAM frameworks, automating identity processes, and ensuring compliance with security policies and regulatory requirements. The engineer will collaborate with cybersecurity, IT, and business stakeholders to enhance security posture, mitigate identity-related risks, and drive IAM adoption. Additionally, they will mentor junior engineers, lead complex IAM projects, and provide technical guidance to strengthen the overall cybersecurity strategy.

• (30%) Assist with implementation and maintenance of technical security solutions including planning, deployment coordination, change management, documentation, and training to enhance SECU’s security posture.
• (20%) Configure and tune security tools, integrate them with enterprise controls, and evaluate vendor offerings and new tools to improve security responsiveness.
• (20%) Identify and recommend opportunities for documentation enhancements, cost savings, service quality improvements, and operational efficiency.
• (10%) Support governance and compliance efforts by participating in assessments and remediation activities to ensure adherence to security standards and regulations.
• (10%) Participate in on‑call rotation and serve as a resource for technical support of information security technologies and mentor junior engineers.
• (10%) Pursue and maintain skills and certifications to stay current with advancing cybersecurity trends and best practices.
• Responsibilities will include participation in special assignments and cross‑functional initiatives as required.

• Candidate must live in North Carolina or a contiguous state.
• Bachelor's Degree in Computer Science, Information Technology, Cyber Security, or a related field; or three additional years of relevant experience can be considered in lieu of a degree.
• Minimum five years of experience in a related field.

• Experience with SailPoint IDN is most preferred; also experience with Okta and Cloud Identity solutions such as Entra and AWS are preferred.

• Proficient in implementing or supporting two or more IAM solutions such as PAM, SSO, Directory Services, IGA, CIAM, and MFA.
• Experience implementing integrations between multiple IAM solutions.
• Knowledge of cloud directories such as EntraID, AWS Directory Service, and Google Cloud Identity.
• Knowledge of hybrid IAM environments and cloud‑to‑cloud identity integration.
• Understanding of APIs used to integrate IAM systems with other applications.

• Understanding of authentication and authorization protocols such as OAuth
  2.0, OIDC, SAML, LDAP, Kerberos, and XACML.

• Familiarity with IAM governance frameworks and standards such as NIST, ISO
  27001, SOX, and GDPR.
• Experience with audit and compliance reporting.

• Experience in provisioning and de‑provisioning user accounts, including Joiner‑Mover‑Leaver (JML) processes.
• Experience with automation of user lifecycle management using tools such as Power Shell, Python, or IAM orchestration tools.
• Experience in the implementation or support of Role‑Based Access Control (RBAC) and Attribute‑Based Access Control (ABAC).

• Understanding of IAM’s role in broader security frameworks and risk management.
• Understanding of threat modeling and risk assessment related to…