Principal Security Engineer – Identity & Access Management

🕒 April 1

🇺🇸 United States – Remote

⏰ Full Time

🔴 Lead

👮‍♂️ Cybersecurity / Security Engineer

🦅 H1B Visa Sponsor

This company has sponsored H1B visas in the past.

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

Cambium Learning Group

WebsiteLinkedInAll Job Openings

501 - 1000 employees

Founded 2009

📚 Education

🤖 Artificial Intelligence

Education • Artificial Intelligence

Cambium Learning Group is a company focused on providing essential educational solutions through a family of companies. They create experiences designed to help educators and students succeed by leveraging technology, including artificial intelligence and machine learning. Cambium Learning Group's brands are among the most respected in the edtech sector, supporting meaningful work and innovation in education. Their commitment is reflected in their dedication to making every learning moment valuable and impactful.

📋 Description

• Architect and maintain the target-state architecture for internal workforce identity • Help redesign customer-facing (CIAM) • Architect secure, modern authentication protocols (SAML, OAuth2, OIDC, FIDO2) • Fortify phishing-resistant MFA • Collaborate with IAM team to design automated provisioning, maintenance, and deprovisioning processes (SCIM) for high-volume user onboarding/offboarding • Drive the integration of our privileged identity platform with Active Directories, Cloud and on-prem based platforms, and third-party applications like SalesForce and Workday • Define RBAC (Role-Based Access Control) and ABAC (Attribute-Based Access Control) models for compliance with student data privacy laws • Act as a subject matter expert and mentor engineers on identity-first security best practices

🎯 Requirements

• 7+ years in IT/Security • at least 4+ years focusing on Identity and Access Management (IAM) architecture • Deep hands-on experience with modern IDP & PAM solutions (e.g., Okta, Ping Identity, Microsoft Entra ID/Azure AD, CyberArk, BeyondTrust) • Proficiency in directory services (LDAP, AD) • Proficiency in scripting languages (PowerShell, Python) for automation • Exceptional understanding of TLS, SSO, Federation, SAML, OAuth2, and OIDC protocols • Bachelor's degree in Computer Science, Information Technology, or equivalent experience • Familiarity with student data privacy regulations (FERPA, COPPA) • Experience implementing Zero Trust architecture principals • Certifications: CAIM, CAMS, CISSP, CISM, or vendor-specific certifications (e.g., Okta Certified Architect)

🏖️ Benefits

• Remote First Work Environment • reimbursement to help cover the cost of setting up your home or remote office