Principal Systems Engineer - IAM

At Early Warning, we’ve powered and protected the U.S. financial system for over thirty years with cutting-edge solutions like Zelle®, Paze℠, and so much more. As a trusted name in payments, we partner with thousands of institutions to increase access to financial services and protect transactions for hundreds of millions of consumers and small businesses.

Positions located in Scottsdale, San Francisco, Chicago, or New York follow a hybrid work model to allow for a more collaborative working environment.

Candidates responding to this posting must independently possess the eligibility to work in the United States, for any employer, at the date of hire. This position is ineligible for employment Visa sponsorship.

We are seeking a Principal Identity & Access Management Engineer to lead the strategy, architecture, and evolution of enterprise IAM across on-premises and cloud environments. This role is a senior technical authority responsible for designing scalable, secure identity platforms and defining identity standards that enable the business while reducing risk.

You will serve as the IAM architect and thought leader, partnering with security, infrastructure, application teams, and cloud engineering to ensure identity is consistently implemented as a foundational security control across the enterprise.

• Own and evolve the enterprise IAM architecture, spanning on-premises (Active Directory) and cloud identity platforms (e.g., Microsoft Entra /Azure AD and related services).
• Define IAM roadmaps, reference architectures, and design patterns aligned with Zero Trust and least‑privilege principles.
• Lead architectural decisions for hybrid identity, cloud adoption, and identity modernization initiatives.
• Evaluate and influence IAM tooling, platform capabilities, and vendor solutions.

• Act as the subject matter expert for Active Directory architecture, including forest/domain design, trusts, replication, authentication flows, and security hardening.
• Guide AD modernization, consolidation, and integration with cloud identity platforms.
• Define standards for directory lifecycle management, privileged access, and tiered administration models.

• Establish and govern enterprise identity standards, including:
  • Authentication and session management
  • Authorization models (RBAC, ABAC where applicable)
  • Federation, SSO, and identity brokering
  • Least‑privilege and separation of duties
• Define patterns for secure access to applications, APIs, infrastructure, and cloud resources.
• Define standards for conditional access, authentication assurance levels, and federation trust models across workforce and/or customer identity platforms.
• Ensure consistent implementation of identity standards across business units and platforms.

• Architect secure hybrid identity solutions integrating on-prem and cloud environments.
• Design identity approaches for cloud‑native workloads and SaaS platforms.
• Partner with cloud and platform teams to embed IAM into landing zones, CI/CD pipelines, and infrastructure‑as‑code.

• Serve as a senior advisor on identity‑related risk, compliance, and audit initiatives.
• Review and approve IAM designs for critical systems and enterprise programs.
• Mentor engineers and architects; raise the overall IAM maturity of the organization.
• Translate complex identity concepts into clear guidance for technical and non‑technical stakeholders.

• Education and/or experience typically obtained through completion of a bachelors degree
• Typically 15 years of progressive systems or software engineering experience.
• 10+ years of experience in Identity & Access Management, active directory architecture and security, with significant focus on enterprise‑scale environments.
• Strong experience with cloud identity platforms (e.g., Microsoft Entra /Azure AD) and hybrid identity models.
• Proven knowledge of identity standards and protocols (e.g., SAML, OAuth 2.0, OpenID Connect).
• Strong understanding of authentication, authorization, session management, federation,…