Security Engineer II

Systems Engineer II - Security

This role will be based on-site, in our Irving, TX office.

The Systems Engineer II - Security is a mid-level position responsible for enhancing and maintaining the security of the organization's information technology infrastructure. The Systems Engineer II – Security role is responsible for designing, implementing, and operating enterprise identity and access controls across IAM, IGA, and PAM platforms to ensure the right users and workloads have the right access at the right time. This role reduces identity-related risk by enforcing least privilege, strengthening authentication, and governing privileged access in alignment with security and regulatory requirements.

Your Responsibilities on the Team

• Support enterprise IAM solutions that collectively deliver single sign-on (SSO), multifactor authentication (MFA), identity governance and administration, and privileged access management for all types of identities, including on-premises, hybrid, cloud-only, non-human (service accounts), and application-based credentials (API keys, tokens).
• Engineer and operate IGA capabilities, including joiner-mover-leaver workflows, access request and approval, automated provisioning/de-provisioning, and role-based access control (RBAC/ABAC)
• Implement and manage PAM platforms for privileged account onboarding, credential vaulting, password rotation, session monitoring/recording, and just-in-time (JIT) elevation.
• Design and implement identity and access controls for AI agents and non-human identities (service accounts, bots, APIs, workloads), including lifecycle management, secrets management, least-privilege roles, and monitoring of machine-to-machine access in alignment with Zero Trust principles.
• Monitor identity and privileged access activities, analyze logs and alerts, and support incident response and forensic investigations related to compromised identities or misuse of privilege.
• Support audit, compliance, and certification efforts by providing evidence, improving control design, and remediating findings related to IAM, IGA, and PAM.
• Troubleshoot complex IAM/IGA/PAM issues, perform root cause analysis, and drive continuous improvement and modernization of identity platforms.
• Collaborate with security architecture, infrastructure, application, and DevOps teams to embed identity security and Zero Trust principles in new solutions and strategic programs.
• Document architectures, standards, runbooks, and knowledge articles, and provide guidance and training to operations and application teams on identity security best practices
• Participate in Proof of Concepts and product evaluations of new and emerging Identity security services and technologies.
• May provide mentorship and support to various junior security engineers and security operations team members.

Requirements

• Education: Bachelor's degree required in Computer Science, Cybersecurity, Engineering, or related field.
• Experience: 4-5 years of hands-on cybersecurity engineering experience with exposure to IAM.
• 4+ years of relevant work experience in security engineering, with a focus on concepts and technologies in Identity & Access Management (IAM) like SailPoint, Delinea, CyberArk, Entra ID, Ping Identities
• 2+ years of relevant work experience with Identity and Access Management solutions, including the implementation and configuration of solutions for Single Sign-On (SSO), Multifactor Authentication (MFA), and various identity integration protocols (SAML, OIDC).
• Experience building and maintaining SailPoint connectors, aggregation and provisioning jobs, roles/entitlements, and workflows for HR-driven JML processes.
• Experience administering Microsoft Entra ID, including users, groups, roles, app registrations, and enterprise applications.
• Working knowledge of solutions for Identity Governance and Administration, Privileged Access Management, and access control models such as RBAC, ABAC, PBAC, and FGAC

• Certifications: Any Certified Information Systems Security Professional (CISSP), CompTIA Security+, Certified Identity and Access Manager (CIAM), or similar advanced cloud security certifications preferred.

Additional Skills, Knowledge, and Experience:

• Working knowledge of cloud-based Identity Providers, access controls, and hybrid federated IAM architectures.
• Experience in designing, configuring, and administering SailPoint Identity Security Cloud for identity lifecycle, access request, certifications, and policy/SoD controls.
• Strong knowledge and experience with Microsoft Active Directory (AD) Domain Services, management of AD users and security groups, and security best practices for configuring AD infrastructure, policies, group policy objects.
• Experience with implementing access control mechanisms, such as authentication policies, identity lifecycle management (provisioning, deprovisioning), and methods for authorization management.
• Strong skills in developing visual design documentation (Visio, Lucid), oral presentation skills, problem solving / critical thinking, and decision-making skills.
• Strong verbal and written communication skills.
• Ability to facilitate productive meetings and work comfortably in a team-oriented environment.

Personal Attributes:

• Team Player: Ability to work collaboratively with senior engineers, IT teams, and other stakeholders to achieve shared goals.
• Communication: Effective written and verbal communication skills, with the ability to explain technical concepts to non-technical audiences. Ability to leverage communication skills to ensure a strong commitment to customer service.
• Detail-Oriented: Attention to detail and consideration of the non-technical components necessary for successfully executing projects and initiatives.
• Adaptability: Ability to balance multiple competing priorities in a fast-paced environment.
• Minimal Supervision: Comfortable with executing workstreams independently with a positive and self-motivated drive. Exercise sound judgement in complex situations.

Additional Requirements:

• Continuous Learning: Commitment to staying current with industry trends and pursuing relevant certifications and training.
• Travel: Willingness to travel occasionally

This role is ideal for a motivated systems security engineer looking to use and build upon their existing technical skillsets. This role will deliver significant and essential security services necessary to protect the business operations of a large-scale enterprise. If you are passionate about cybersecurity and eager to grow in a fast-paced, collaborative environment, we encourage you to apply.