Principal Security Engineer Identity & Access Management
Company: Cambium Learning Group
Location: Remote (Remote)
Type: Full-time
Remote: Yes
Posted: 2026-04-01
About this role
Job Overview:
The Principal Security Engineer, you will be the principal technical leader defining how users interact with our platforms. You will architect scalable solutions to manage the identity lifecycle for a diverse user base (Employees, contingent workers, and customers) across our on premise and SaaS applications. Your goal is to architect standards for a secure, frictionless experience—such as Single Sign-On (SSO), passwordless, API authentication—while adhering to strict data privacy regulations (FERPA, GDPR, COPPA).
Job Responsibilities:
- Identity Strategy & Architecture: Architect and maintain the target-state architecture for internal workforce identity and help redesign customer-facing (CIAM) as appropriate.
- Secure Access & Authentication: Architect secure, modern authentication protocols (SAML, OAuth2, OIDC, FIDO2) and fortify phishing-resistant MFA.
- Identity Lifecycle Automation: Collaborate with IAM team to design automated provisioning, maintenance, and deprovisioning processes (SCIM) to handle high-volume user onboarding/offboarding.
- Integration: Drive the integration of our privileged identity platform with brand Active Directories, Cloud and on-prem based platforms, and third-party applications such as SalesForce and Workday, as well as the architecture of an API gateway.
- Governance & Compliance: Define RBAC (Role-Based Access Control) and ABAC (Attribute-Based Access Control) models to ensure compliance with student data privacy laws (e.g., FERPA, GDPR).
- Mentorship: Act as a subject matter expert and mentor engineers on identity-first security best practices.
Job Requirements:
- Experience: 7+ years in IT/Security, with at least 4+ years focusing on Identity and Access Management (IAM) architecture.
- Platform Expertise: Deep hands-on experience with modern IDP & PAM solutions (e.g.,
Okta
, Ping Identity, Microsoft Entra ID/Azure AD, CyberArk, BeyondTrust, etc.).
- Technical Skills: Proficiency in directory se...