Senior IAM Security Engineer

Senior IAM Security Engineer – Offensive Identity FocusJob Description:Financial is the nation’s largest independent brokerage firm with more than 14,000 independent financial advisors in more than 4,000 branch offices nationwide. Financial has been ranked the number one broker dealer in its class consistently over the past 10 years. Financially strong and growing, its corporate offices are in Boston, San Diego, and Charlotte.About the RoleWe are building a cutting-edge Offensive Identity Team and seeking a versatile Senior IAM Security Engineer to lead proactive efforts in securing identity infrastructure across on-prem and cloud environments. This role blends expertise in Active Directory, Windows security, and AWS IAM with a strong offensive security mindset to identify and mitigate identity-based threats before they impact the organization.Key ResponsibilitiesLead cleanup and optimization of federation configurations (PingFederate, ForgeRock)Manage and remediate AD group memberships and permissions to enforce least privilegeDesign and implement Role-Based Access Control (RBAC) models across enterprise systemsSupport access recertification campaigns and identity posture assessmentsCollaborate with red and blue teams to simulate identity-based attacks and improve detectionContribute to threat modeling and adversary simulation efforts targeting IAM infrastructureImplement and manage privilege controls using LAPS, GPOs, and local admin policiesHarden Windows servers and endpoints to prevent identity exploitationEnforce PAM practices using CyberArk or equivalent toolsCollaborate with IAM and red teams to simulate identity-based attacksIdentify and remediate misconfigurations that could lead to privilege escalationRequired Skills & Experience5+ years in IAM engineering or identity focused security rolesStrong experience with Active Directory, LDAP, and group policy managementHands-on experience with federation platforms (PingFed, ForgeRock, RSA)Familiarity with RBAC frameworks and access governance toolsDeep understanding of Windows privilege management and GPOsExperience with PAM solutions (CyberArk, BeyondTrust)Familiarity with offensive security tools and techniques targeting Windows environmentsUnderstanding of identity threats and MITRE ATT&CK techniquesExperience with scripting (PowerShell, Python) for automation and analysisPreferred QualificationsExperience with offensive security tools (Silverfort)Experience with endpoint detection and response (EDR) toolsCertifications: CISSP, GIAC, or similar IAM/security credentialsWhy Join Us?Be part of a pioneering team focused on proactive identity defenseWork with cutting-edge IAM technologies in a hybrid cloud environmentCollaborate with top-tier security professionals in a mission driven organization #J-18808-Ljbffr

Created: 2025-09-17