Infrastructure Security Engineer Sr - IAM

Ent Credit Union and Wings Credit Union are joining forces in January 2026. This merger means more opportunities, expanded resources, and a shared commitment to delivering exceptional member service. Together, we become more - empowering members, communities, and teams through a bold, unified future. Both organizations bring a strong legacy of member satisfaction, operational excellence, financial stability, and community impact. Recognized locally and nationally as best-in-class financial institutions and employers of choice, each is known for its commitment to financial well-being and philanthropic leadership. Join us during this transformative time and be part of shaping the future of banking! To learn more about the merger, click here.

The Infrastructure Security Engineer - Identity and Access Management, Sr role provides first line defense for the credit union by designing, implementing, operating and supporting Identity and Access Management (IAM) capabilities, including identity lifecycle management, authentication and authorization, SSO/MFA, Role Based Access Control (RBAC)/Attribute Based Access Control (ABAC), Separation of Duties (SoD), Privileged Access Management (PAM), and access reviews. Additionally, engineers and supports identity platforms such as Active Directory, Entra ID, etc., and designs and enforces security controls within these platforms. The role works cross functionally with HR, Platform, Application, Audit, and Risk teams to enforce least privilege and reduce risk. Partners with Cybersecurity on incident response and remediation. At the senior level, the engineer focuses on implementing and supporting modern enterprise IAM systems, integrating secure identity solutions throughout the product lifecycle, executing architected designs, and ensuring IAM services are successfully adopted, integrated, and maintained across the organization. The engineer is also responsible for ensuring secure identity practices and processes across the organization, enabling secure authentication, and partnering with the business to ensure secure by default identity practices.

Essential Functions

• Design & Implement: Design and implement IAM solutions including RBAC, ABAC, and identity governance integrations with HR systems, directories, applications, and cloud platforms. Engineer and support Privileged Access Management (PAM) platforms (e. g. , Delinea) including credential vaulting, session management, least-privilege, and break-glass access. Architect and secure Active Directory Domain Services (AD DS) including group policy design, privileged group protection, permission inheritance, and forest recovery from compromise scenarios. Implement and manage cloud identity platforms including PIM, Conditional Access Policies, MFA, and passwordless authentication (Windows Hello for Business, FIDO2). Design and manage Active Directory Certificate Services (AD CS) and PKI infrastructure including certificate templates, enrollment permissions, and lifecycle management. Build and automate identity workflows and integrations using APIs, scripting, and infrastructure-as-code (PowerShell, Python, IaC/PaC). Embed security-by-design into identity architecture, configuration baselines, and change management processes. Partner with engineering, platform teams, and Risk & Compliance to ensure IAM solutions meet security, regulatory, and audit requirements.
• Operations: Respond to Level 2 support requests including incidents, outages, bugs, and feature requests across development, QA, and production environments. Monitor IAM platforms and support change management processes across Digital Technology environments. Maintain IAM policies, standards, and procedures. Troubleshoot and resolve complex identity and access issues across the identity technology stack. Coordinate with Cybersecurity Operations to respond to identity-related security events and support incident response and post-incident improvements. Execute user lifecycle operations including onboarding, offboarding, and access request fulfillment.
• Research: Stay current on identity technologies, risks and threats and participate in roadmap creation through organic releases and/or from business stakeholders Research, develop, and understand authentication factors, associated risks and benefits, and the impact on user experience Research, evaluate, recommend and implement new technologies/capabilities Maintain up-to-date industry knowledge relative to Identity Security, IAM, PAM technologies and methodologies, risks and threats through courses, webinars, books, and self-study. Recommend changes to leadership based on this knowledge.
• Bank Secrecy Act: Remains cognizant of and adheres to Wings policies and procedures, and regulations pertaining to the Bank Secrecy Act.

Minimum Formal Qualifications for this Position

• Bachelor's Degree Information Technology, Information Security or relevant field of study Required
• 4+ years of experience designing, implementing, and supporting Enterprise or Customer Identity Access Management, implementing identity protocols and technologies, and designing, implementing, and supporting certificate-based authentication (Required)

Preferred Qualifications

• 1+ Years' experience with modern software lifecycle development and automated cloud infrastructure deployment (Infrastructure as Code) (Preferred)

Technical or Specialized Knowledge/Skills:

• Knowledge of Enterprise or Customer Identity Access Management such as Single Sign On - SSO, Multi-Factor Authentication - MFA, Privileged Access Management - PAM, Conditional Access, and Identity Governance & Administration concepts - IGA.
• Experience with identity protocols and technologies such as OpenID Connect - OIDC, OAuth, SAML, AD-Fed, API Gateways, SCIM, and platforms such as Ping Identity, Okta, Microsoft Entra ID, and ForgeRock
• Understanding of certificate-based authentication such as PKI, FIDO2, phishing-resistant multi-factor methods, multi-tenant configuration, B2B collaboration, identity fraud prevention and detection, identity spoofing and identity verification technologies.
• Understanding of policies that reflect enterprise system security objectives.
• Ability to determine how a security system operates, including resilience and reliability, and how changes in environment or operations affect outcomes.
• Understanding of at least one IAM/PAM platform such as Delinea Secret Server, CyberArk Access Manager, SailPoint, or Saviynt.
• Experience with modern software development lifecycles and automated cloud infrastructure deployment practices.
• Experience designing and implementing access control models including RBAC, ABAC, and least-privilege access strategies.
• Ability to troubleshoot complex identity and authentication issues across enterprise systems and integrated platforms.
• Analytical and problem-solving skills with the ability to diagnose and resolve technical issues.
• Written and verbal communication skills with the ability to document technical processes and collaborate across teams.
• Ability to work independently and manage multiple priorities in a fast-paced environment.
• Understanding of privileged groups and AdminSDHolder process in Active Directory
• Understanding of the impacts of permissions inheritance
• Understanding of PKI escalations and how to defend against them, e.g., Certificate Managers/Enrollment Agents

Certifications Required:

• Security+, SC 900/SC 300, CISSP/CCSP, GIAC (as relevant), SailPoint Identity Security Engineering Certification (Preferred)

The pay range for this position is: Target Offer Rates (Standard Range) $114,421 to $126,484 Annually with a 15% target bonus (I16).

Final compensation for this position will be determined by various factors such as relevant work experience, specific skills and competencies, education, certifications, location and internal pay equity.

This position is eligible for our corporate bonus program based on company performance.

BENEFITS:
 

• Generous 401(k) match
• 401k Discretionary Profit Sharing
• Health Insurance
• Dental Insurance
• Vision Insurance
• Life Insurance
• Short Term and Long Term Disability
• Health Savings Account with company contribution
• Employee Assistance Program
• Paid Vacation, Sick, Floating Holidays and Volunteer Time Off
• Paid Holidays
• Tuition Reimbursement
• Paid Parental Leave
  
  We anticipate this position to close on 4/10/2026. Please submit your application at your earliest convenience to be considered.
  
  Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities.
  
  The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)