Principal Identity Engineer

Principal Identity Engineer

Ecolab is seeking a highly skilled Principal Identity Engineer to lead our identity management strategy in a complex hybrid environment. This role will oversee and own the architecture, implementation, and training of other team members around the operational management of critical systems, including Beyond Trust, Microsoft Entra  (formerly Azure AD), Active Directory (AD), internal Certificate Authority (Active Directory Certificate Services - ADCS), and external Certificate Authorities such as Sectigo.

As a lead team member, you'll influence our strategy and direction, drive project success, and help shape the future for digital growth.

• Assist with identity technical solution design across Identity Access Management Platforms.
• Lead the design and implementation of enterprise‑grade Identity Management solutions, including Beyond Trust, Active Directory (AD), Entra , and Certificate Management.
• Develop scalable architectures for hybrid environments that integrate on‑premises and cloud‑based systems.
• Evolve and optimize a hybrid environment combining managed and exchange services across domains.
• Ensure seamless integration of identity solutions with existing infrastructure, including Entra  other third‑party platforms.
• Provide technical leadership and mentorship to engineers within the team.
• Oversee and provide recommendations of identity management tools, including monitoring, troubleshooting, and performance optimization.
• Play a key role in developing standards for the identity team in relation to implementation, maintenance, and support while additionally participating in our team's on‑call rotation.
• Optimize a hybrid environment combining managed and exchange services across domains.

• Design and Implementation: Lead the design and implementation of robust identity management solutions that integrate seamlessly across on‑premises and cloud environments. Ensuring a stable and secure environment that is evaluated across aligned to KPIs.
• Identity Governance: Lead lifecycle management and governance processes ensuring compliance with regulatory standards.
• Threat Detection: Integrate identity systems with SIEM for proactive threat detection and response.
• Passwordless Strategy: Drive adoption of modern authentication methods such as FIDO2 and passwordless technologies.
• Metrics: Establish KPIs for identity security posture and operational efficiency.
• Beyond Trust Integration: Lead and own the Beyond Trust platform ensuring secure access for servers, admin users, and supply chain isolated networks.
• Microsoft Entra  & Active Directory: Design a cloud‑first architecture and train core members in Microsoft Entra  managing user identities, still ensuring alignment with AD on‑premises systems.
• Certificate Management: Design and manage public key infrastructure (PKI), including both internal ADCS and external Certificate Authorities like Sectigo, to ensure secure communication channels and compliance with security standards.
• Collaborate with Security Architecture, Infrastructure and Cloud delivery teams to achieve business objectives.
• Partner with Enterprise Architecture and business teams to achieve strategic outcomes for Digital Initiatives.

• Bachelor's degree and 10 years of relevant experience in Identity Field similar roles.
• 8 years of experience with Beyond Trust, Active Directory (AD) and Microsoft Entra  (formerly Azure) or external Certificate Authorities such as Sectigo, internal Certificate Authority (Active Directory Certificate Services - ADCS).
• Strong understanding of Identity principles including but not limited to SCIM, OIDC, SAML, least privilege, Kerberos, certificate‑based auth.
• Excellent analytical skills, with the ability to use data and data analytics tools to drive decisions.
• 3 years' experience with Agile methodologies and tools such as ADO or Git Hub.
• Ability to think strategically while managing day‑to‑day product details.
• Strong communication, and interpersonal skills – the ability to collaborate and deliver effectively with diverse teams.
• Expert in Entra
  
  ID integration and Microsoft 365 identity…