Security Engineer

We are seeking an experienced Security Engineer to support the Access Management team within the Identity & Access Management (IAM) function. This role will focus on integrating on-premise, cloud, and SaaS solutions with the firm's Policy-Based Access Control (PBAC) system. You will collaborate across engineering teams to ensure consistent, least-privilege authorization aligned with firm‑wide security policies.

This position is part of the cybersecurity organization and requires strong technical expertise in IAM, scripting, containerization, and policy‑as‑code frameworks. Job Responsibilities: Collaborate with internal engineering teams to design and implement PBAC solutions for various infrastructure platforms and services Integrate both in‑house and third‑party products with PBAC using policy‑as‑code and GitOps methodology Develop, test, and deploy secure, scalable PBAC configurations Create detailed technical design documentation and present solutions to internal governance forums Ensure alignment with the principle of least privilege and industry best practices Troubleshoot integration and access issues across various platforms and technologies Required Skills: Bachelor's degree in computer science, Engineering, Information Security, or related field 7+ years of Python development experience Hands‑on experience with CI/CD pipelines and container tools (Docker/Podman) Experience deploying applications on Kubernetes platforms (OpenShift/AKS) Experience with declarative languages such as Prolog or Rego for policy‑as‑code Advanced scripting skills (PowerShell, Bash) and SQL/database schema design Familiarity with IAM across cloud platforms like AWS, Azure, GCP Strong organizational and multitasking skills with a results‑oriented approach Preferred Skills: Industry certifications: CISSP, CISM Cloud security certifications: Microsoft Identity & Access Admin Associate, AWS Security Specialty Experience with secure authentication protocols (OIDC, SAML, mTLS) Experience implementing PBAC solutions for app‑level authorization Experience with IGA platforms like SailPoint IdentityNow or IdentityIQ Strong troubleshooting skills across various OS utilities and languages Excellent technical writing and documentation abilities Certifications: Relevant security certifications (preferred but not required) Education: Bachelor’s degree in computer science, Information Security, or related field #J-18808-Ljbffr