Security Engineer II
Lennar · Irving, TX · 3 wk ago
Information Technology$30k/yrFull-time
Responsibilities
- Support enterprise IAM solutions that collectively deliver single sign-on (SSO), multifactor authentication (MFA), identity governance and administration, and privileged access management for all types of identities, including on-premises, hybrid, cloud-only, non-human (service accounts), and application-based credentials (API keys, tokens).
- Engineer and operate IGA capabilities, including joiner-mover-leaver workflows, access request and approval, automated provisioning/de-provisioning, and role-based access control (RBAC/ABAC).
- Implement and manage PAM platforms for privileged account onboarding, credential vaulting, password rotation, session monitoring/recording, and just-in-time (JIT) elevation.
- Design and implement identity and access controls for AI agents and non-human identities (service accounts, bots, APIs, workloads), including lifecycle management, secrets management, least-privilege roles, and monitoring of machine-to-machine access in alignment with Zero Trust principles.
- Monitor identity and privileged access activities, analyze logs and alerts, and support incident response and forensic investigations related to compromised identities or misuse of privilege.
- Support audit, compliance, and certification efforts by providing evidence, improving control design, and remediating findings related to IAM, IGA, and PAM.
- Troubleshoot complex IAM/IGA/PAM issues, perform root cause analysis, and drive continuous improvement and modernization of identity platforms.
- Collaborate with security architecture, infrastructure, application, and DevOps teams to embed identity security and Zero Trust principles in new solutions and strategic programs.
- Document architectures, standards, runbooks, and knowledge articles, and provide guidance and training to operations and application teams on identity security best practices.
- Participate in Proof of Concepts and product evaluations of new and emerging Identity security services and technologies.
- May provide mentorship and support to various junior security engineers and security operations team members.
Requirements
- Education: Bachelor’s degree required in Computer Science, Cybersecurity, Engineering, or related field.
- Experience:
- 4-5 years of hands-on cybersecurity engineering experience with exposure to IAM.
- 4+ years of relevant work experience in security engineering, with a focus on concepts and technologies in Identity & Access Management (IAM) like SailPoint, Delinea, CyberArk, Entra ID, Ping Identities.
- 2+ years of relevant work experience with Identity and Access Management solutions, including the implementation and configuration of solutions for Single Sign-On (SSO), Multifactor Authentication (MFA), and various identity integration protocols (SAML, OIDC).
- Experience building and maintaining SailPoint connectors, aggregation and provisioning jobs, roles/entitlements, and workflows for HR-driven JML processes.
- Experience administering Microsoft Entra ID, including users, groups, roles, app registrations, and enterprise applications.
- Working knowledge of solutions for Identity Governance and Administration, Privileged Access Management, and access control models such as RBAC, ABAC, PBAC, and FGAC.
- Certifications: Any Certified Information Systems Security Professional (CISSP), CompTIA Security+, Certified Identity and Access Manager (CIAM), or similar advanced cloud security certifications preferred.
- Additional Skills, Knowledge, and Experience:
- Working knowledge of cloud-based Identity Providers, access controls, and hybrid federated IAM architectures.
- Experience in designing, configuring, and administering SailPoint Identity Security Cloud for identity lifecycle, access request, certifications, and policy/SoD controls.
- Strong knowledge and experience with Microsoft Active Directory (AD) Domain Services, management of AD users and security groups, and security best practices for configuring AD infrastructure, policies, group policy objects.
- Experience with implementing access control mechanisms, such as authentication policies, identity lifecycle management (provisioning, deprovisioning), and methods for authorization management.
- Strong skills in developing visual design documentation (Visio, Lucid), oral presentation skills, problem solving / critical thinking, and decision-making skills.
- Strong verbal and written communication skills.
- Ability to facilitate productive meetings and work comfortably in a team-oriented environment.
- Personal Attributes:
- Team Player: Ability to work collaboratively with senior engineers, IT teams, and other stakeholders to achieve shared goals.
- Communication: Effective written and verbal communication skills, with the ability to explain technical concepts to non-technical audiences. Ability to leverage communication skills to ensure a strong commitment to customer service.
- Detail-Oriented: Attention to detail and consideration of the non-technical components necessary for successfully executing projects and initiatives.
- Adaptability: Ability to balance multiple competing priorities in a fast-paced environment.
- Minimal Supervision: Comfortable with executing workstreams independently with a positive and self-motivated drive. Exercise sound judgement in complex situations.
Benefits
- Comprehensive health insurance plans including Medical, Dental, and Vision coverage.
- 401(k) Retirement Plan with a $1 for $1 Company Match up to 5%.
- Paid Parental Leave and an Associate Assistance Plan.
- Education Assistance Program and up to $30,000 in Adoption Assistance.
- Up to three weeks of vacation annually, along with generous Holiday, Sick Leave, and Personal Day policies.
- New Hire Referral Bonus Program and significant Home Purchase Discounts.