Senior Identity Engineer
Group 1001

Job Info

---

Group 1001 is a consumer-centric, technology-driven family of insurance companies on a mission to deliver outstanding value and operational performance by combining financial strength and stability with deep insurance expertise and a can-do culture. Group1001's culture emphasizes the importance of collaboration, communication, core business focus, risk management, and striving for outcomes. This goal extends to how we hire and onboard our most valuable assets - our employees.

Group 1001, and its affiliated companies, is strongly committed to providing a supportive work environment where employee differences are valued. Diversity is an essential ingredient in making Group 1001 a welcoming place to work and is fundamental in building a high-performance team. Diversity embodies all the differences that make us unique individuals. All employees share the responsibility for maintaining a workplace culture of dignity, respect, understanding and appreciation of individual and group differences.

Job Title: Senior Identity Engineer

Location: Remote

Department: Information Security

Reports To: Director of Identity Access Strategy

Job Summary:

We are seeking a highly skilled and motivated Senior Identity Engineer to join our Information Security team. The ideal candidate will have deep expertise in enterprise Identity technologies, in a hands-on engineering capacity. This role is critical to ensuring secure identity management processes, compliance with regulatory guidelines, and enhancement of the defense posture of the Group1001.

Key Responsibilities:

• Design, implement, and maintain enterprise-wide identity solutions with a focus on IGA, Cloud and endpoint security.
• Collaborate with cross-functional teams to integrate identity and access management (IAM) solutions into business processes.
• Manage and optimize PAM platforms, such as Delinea Secret Server, Delinea PCS.
• Implement role-based access controls (RBAC) and least privilege principles for privileged accounts.
• Ensure secure storage (Delinea SS) and rotation of privileged credentials and monitor privileged access activities.
• Experience with creating HashiCorp Vault policies, managing leases, and configuring secrets engines
• Maintain compliance with regulatory requirements through automated workflows and reporting.
• Work closely with audit and compliance teams to remediate identity-related risks.
• In depth expertise in complex Active Directory environments, including multi-forest and multi-domain architectures.
• Advanced understanding of FSMO roles, AD replication topology, Global Catalog, and sites/subnets configuration for Active Directory
• Proficiency in managing advanced security features of AD Certificate Services and Managed Service Accounts (MSA)
• Architect and support hybrid identity environments integrating Entra ID with on-premises directories and SaaS applications.
• Configure advanced features such as Conditional Access, Identity Protection, and Self-Service Password Reset.
• Proficient in implementing enterprise-level PKI environments, including root CA and subordinate CA hierarchies.
• Expertise in setting up and managing Certificate Authorities using MS AD Certificate Services and HashiCorp Vault.
• Ensure seamless Single Sign-On (SSO), external identity federation and external B2B trusts.
• Monitor and respond to identity-related security incidents and vulnerabilities.
• Collaborate with the Security Operations Center (SOC) to address IAM-related alerts and threats.
• Conduct root cause analysis and implement preventive measures.
• Evaluate and implement emerging IAM technologies and practices to enhance security and operational efficiency.
• Stay updated with industry trends, regulations, and best practices in identity management and information security.

Qualifications:

Education and Certifications:

• Bachelor's degree in Computer Science, Information Security, or related field (or equivalent experience).
• Relevant certifications such as CISSP, CISM, Microsoft Certified: Cybersecurity Architect, or equivalent are preferred.

Experience:

• Minimum of 6-8 years of experience in identity and access management, with expertise in PAM, IGA, and Microsoft Entra ID.
• Hands-on experience with tools like Delinea Secret Server/PCS, SailPoint, Okta, HashiCorp Vault, CyberArk, or similar platforms.
• Strong knowledge of Active Directory, Azure AD LDAP, Kerberos, SAML/OAuth and OpenID Connect protocols.

Skills:

• Expertise in designing and deploying secure identity solutions for complex environments.
• Strong scripting or coding skills (PowerShell, Python, Java, C# etc.) for automation.
• Experience with CI/CD build automation and deployment pipelines (Jenkins, Azure DevOps, CodeShip, PagerDuty)
• Excellent communication and collaboration skills to work effectively with technical and non-technical stakeholders.
• Solid understanding of regulatory frameworks (e.g., GDPR, SOX, HIPAA) and their impact on IAM.

Compensation:

Our compensation reflects the cost of labor across several U.S. geographic markets. The base pay for this position ranges from $200,000/year in our lowest geographic market up to $250,000/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience.

Benefits Highlights:

Employees who meet benefit eligibility guidelines and work 30 hours or more weekly, have the ability to enroll in Group 1001's benefits package. Employees (and their families) are eligible to participate in the Company's comprehensive health, dental, and vision insurance plan options. Employees are also eligible for Basic and Supplemental Life Insurance, Short and Long-Term Disability, and to enroll in the Company's Employee Assistance Program and other wellness initiatives. Employees may also participate in the Company's 401K plan, with matching contributions by the Company.

#LI-AS1 #LI-REMOTE

---