Identity Security Engineer

Location: City of Rochester

Identity Security Engineer page is loaded## Identity Security Engineer locations:
Rochester, New York:
Virtual - US:
Chicago, Illinois:
Canandaigua, New York:
San Antonio, Texastime type:
Full time posted on:
Publicado hace 2 díasjob requisition :
R-38813
** Descripción del Puesto de Trabajo
**** Company Summary
** We’re the producers, creators and marketers of beer, wine and spirits brands that people love. At Constellation Brands, we’re driven to push boundaries and think beyond today to deliver products and experiences that resonate now, tomorrow and well into the future. With operations in the U.S., Mexico, New Zealand and Italy, our premium portfolio of iconic brands includes Modelo Especial, Corona Extra, Modelo Cheladas, Pacifico, Victoria, The Prisoner Wine Company, Robert Mondavi Winery, Kim Crawford, Schrader Cellars, Lingua Franca, Casa Noble Tequila, and High West Whiskey.

But we’re just getting started. Our ability to stay on the forefront of consumer trends has fueled our success since our founding in 1945 and will guide us in creating the next generation of products and experiences Worth Reaching For.
*
* Position Summary:

** The Identity Security Engineer is a hands-on security engineer responsible for designing, implementing, and operating Identity Security and IAM capabilities at Constellation Brands in support of a converged security model. The role requires deep technical knowledge of the identity security tool landscape and a proven ability to automate and optimize identity platforms, integrations, and controls to improve reliability, scalability, and measurable security outcomes.

As a senior technical contributor, this engineer works closely with security architecture and engineering, security operations, OT and ICS teams, GRC, infrastructure, and network engineering to deliver secure, resilient identity solutions across enterprise and operational environments.

** Responsibilities:
*** Serve as a hands-on subject matter expert for Identity Security and IAM, with deep technical ownership of core identity platforms, protocols, and control implementations.
* Provide engineering-driven input into IAM technical strategy, roadmaps, and milestones, and translate complex identity concepts into executive-ready technical summaries.
* Lead IAM engineering efforts including architecture design, tool and vendor evaluations, system integrations, deployments, upgrades, and performance tuning, while providing technical mentorship to peer engineers.
* Design and implement identity security controls and processes aligned to security architecture standards and engineering best practices, leveraging frameworks such as ISO/IEC, NIST, and MITRE ATT&CK for identity threat coverage.
* Own day-to-day IAM platform operations, including policy and rule configuration, role and entitlement modeling, access lifecycle automation, and continuous optimization across the identity stack.
* Conduct secure design and architecture reviews with a focus on identity threat modeling, privilege boundaries, authentication flows, and attack surface reduction.
* Develop and automate identity security metrics, logging, and telemetry to measure control effectiveness, detection coverage, and incident response performance, using historical data to drive technical improvements.
* Integrate IAM platforms with Sec Ops workflows, SOAR tooling, and OT and ICS environments, supporting solution selection, production deployment, and development of detailed technical runbooks.
* Participate in on-call rotations and incident response to support 24/7/365 identity platform availability and security operations.
*
* Minimum qualifications:

*** Bachelors in one of the following disciplines:
Cybersecurity, Information Assurance, Computer Engineering, Electrical Engineering, Systems Engineering, Management Information Systems, or similar technical field and minimum of 8+ years related experience with a CISSP or equivalent.
* Strong understanding of identity security architecture and engineering concepts at the enterprise level.
* Demonstrated past contributor and “plugged-in” to the threat intelligence community and various industry sources.
* Understand what it…