Cybersecurity Identity and Access Engineer II

Job Profile Summary

The Cybersecurity IAM Engineer II is responsible for leading the design and implementation of advanced identity and access management solutions that support enterprise-wide security and usability goals. This role will drive key initiatives such as passwordless authentication, privileged access management, secure credential handling, and Zero Trust architecture. The engineer will play a critical role in shaping the organization's IAM strategy and ensuring alignment with regulatory frameworks and business needs.

Principal Duties and Responsibilities

Identity & Access Management Strategy

• Design and maintain IAM workflows for onboarding, offboarding, and access changes.
• Administer role-based access control (RBAC) and privileged access using PIM and JIT models.
• Implement and maintain Privileged Access Management (PAM) solutions to secure, monitor, and manage privileged accounts and credentials.
• Manage identity lifecycle for employees and vendors, including cloud-only accounts and Entra ID integrations.

Authentication & Access Control

• Lead the evaluation, design, and deployment of passwordless authentication technologies (e.g., FIDO2, biometrics, smart cards, device trust).
• Configure and support enterprise SSO platforms, Conditional Access policies, Mobile Application Management (MAM), AppLocker, and ASR rules.
• Collaborate with stakeholders to ensure seamless integration of authentication solutions with existing systems and user workflows.
• Monitor authentication flows and optimize for security, usability, and compliance.

Credential & Web Access Security

• Oversee secure credential storage and rotation using Keeper.
• Manage Cloudflare Zero Trust configurations for identity-based access control and secure web traffic.

Compliance & Governance

• Ensure alignment with NIST 800-171 and other regulatory frameworks.
• Maintain documentation and audit readiness for authentication and access controls.

Required Qualifications

• Bachelor’s degree in Computer Science, Information Security, or equivalent experience.
• Minimum of 5 years in cybersecurity engineering or related technical roles.
• Proven experience implementing passwordless authentication solutions in enterprise environments.
• Strong hands-on experience with Active Directory, Azure Entra ID, and IAM frameworks.
• Familiarity with Keeper, Cloudflare Zero Trust, and enterprise SSO platforms.
• Proficiency in PowerShell scripting and API integrations.
• Excellent analytical, problem-solving, and communication skills.
• Ability to work independently and collaboratively in a fast-paced, inclusive environment.

Preferred Qualifications

• Azure Security Engineer Associate certification, or equivalent.
• Experience with Microsoft Defender, Sentinel, and Purview.
• Background in threat detection, incident response, and playbook development.