Principal Security Engineer,IAM Job Bloomington Minnesota USA,IT/Tech

Job#: 3019282

Job Description:

We are seeking a Security Engineer with strong expertise in Identity and Access Management (IAM) to support and secure a FedRAMP ATO–authorized environment. The ideal candidate has hands‑on experience designing, implementing, and operating Privileged Access Management (PAM) and Identity Governance & Administration (IGA) solutions while ensuring compliance with NIST 800‑53 Moderate controls.

This role requires deep technical skills in Delinea PAM, One Identity IGA, Microsoft Entra , Azure Automation and automation using Power Shell, calling APIs and modern scripting languages to support secure, scalable, and compliant cloud environments.

Location:

This role is open to remote work for candidates based in the United States.

About the opportunity:

Key Responsibilities:

Identity & Access Management

Design, implement, and maintain Delinea PAM solutions for privileged account discovery, credential vaulting, session management, and just‑in‑time access.
Implement and support One Identity IGA for identity lifecycle management, access requests, approvals, certifications, and role‑based access control.
Design, develop, and maintain API integrations between IAM platforms (Delinea PAM, One Identity IGA, Microsoft Entra ) and non‑identity systems, including Service Now
, SIEM/SOAR platforms, and other enterprise applications.
Manage and secure identities in Microsoft Entra (Azure AD), including:
- Conditional Access policies
- MFA and passwordless authentication
- Privileged Identity Management (PIM)
- External and workforce identities

Security Engineering & Automation

Develop and maintain Power Shell automation for IAM, PAM, and compliance workflows.
Create scripts and tools using Python, Bash, or other modern languages to integrate security platforms and automate controls.
Integrate IAM solutions with cloud platforms, SaaS applications, and on‑prem systems.
Support secure API integrations and identity federation (SAML, OAuth 2.0, OIDC).
Automate identity lifecycle, access requests, approvals, provisioning, and deprovisioning workflows using REST APIs
, webhooks
, and scripted integrations.

FedRAMP & Compliance

Implement and operate security controls aligned with NIST 800-53 Moderate
.
Support FedRAMP ATO audits, assessments, and continuous monitoring activities.
Produce and maintain technical documentation, SOPs, and evidence artifacts.
Participate in vulnerability remediation, access reviews, and incident response related to identity security.
Ability to obtain and maintain Public Trust clearance

Skills and experience we value:

5+ years engineering experience with IAM capabilities / technologies such as IGA, PAM, and IAM
Familiarity with Proofpoint email security platforms, including identity‑based threat protection and user risk signals.
Experience implementing and managing FIDO2 / hardware security keys (e.g., Yubi Keys) for phishing‑resistant authentication.
Expert knowledge and hands‑on technical experience with MS Entra, On‑prem Delinea PAM, IAM, and One Identity IGA solutions
Expert knowledge and hands‑on technical experience with automation calling APIs
Expert knowledge of SSO, MFA, RBAC, MS Entra PIM
Highly proficient in automation scripting languages such as Power Shell
Superior communication skills (written and verbal) with an ability to articulate complex topics in a business understandable manner at all levels in an enterprise
Ability to prioritize workload and consistently meet deadlines in a fast‑paced environment
Certifications such as CISSP, Cloud Security (CCSP, CCSK, AZ-305, AZ-500) are highly desirable
Bachelor’s degree is a plus

for more details.

Apex Benefits Overview:

Apex offers a range of supplemental benefits, including medical, dental, vision, life, disability, and other insurance plans that offer an optional…


Increase/decrease your Search Radius (miles)



Job Posting Language

Principal Security Engineer, IAM