To learn more about our organization and the exciting work we do, visit www.cambiumlearning.com
Remote First Work Environment
If you will be working remotely, either occasionally or on a permanent basis, you must have a reliable internet connection through a cable or fiber-optic broadband service with minimum speeds of 10 Mbps download and 5 Mbps upload.
As part of our Remote-First benefits, Cambium offers reimbursement to help cover the cost of setting up your home or remote office.
An Equal Opportunity Employer
We will provide reasonable accommodations for qualified individuals with disabilities. You may request an accommodation during the recruiting process with your Talent Acquisition team member.
Benefits
Vision insuranceRemote work options
Additional Information
Job Overview:
The Principal Security Engineer, you will be the principal technical leader defining how users interact with our platforms. You will architect scalable solutions to manage the identity lifecycle for a diverse user base (Employees, contingent workers, and customers) across our on premise and SaaS applications. Your goal is to architect standards for a secure, frictionless experience-such as Single Sign-On (SSO), passwordless, API authentication-while adhering to strict data privacy regulations (FERPA, GDPR, COPPA).
Job Responsibilities:
Identity Strategy & Architecture: Architect and maintain the target-state architecture for internal workforce identity and help redesign customer-facing (CIAM) as appropriate.
Secure Access & Authentication: Architect secure, modern authentication protocols (SAML, OAuth2, OIDC, FIDO2) and fortify phishing-resistant MFA.
Identity Lifecycle Automation: Collaborate with IAM team to design automated provisioning, maintenance, and deprovisioning processes (SCIM) to handle high-volume user onboarding/offboarding.
Integration: Drive the integration of our privileged identity platform with brand Active Directories, Cloud and on-prem based platforms, and third-party applications such as SalesForce and Workday, as well as the architecture of an API gateway.
Governance & Compliance: Define RBAC (Role-Based Access Control) and ABAC (Attribute-Based Access Control) models to ensure compliance with student data privacy laws (e.g., FERPA, GDPR).
Mentorship: Act as a subject matter expert and mentor engineers on identity-first security best practices.
Job Requirements:
Experience: 7+ years in IT/Security, with at least 4+ years focusing on Identity and Access Management (IAM) architecture.
Platform Expertise: Deep hands-on experience with modern IDP & PAM solutions (e.g., Okta , Ping Identity, Microsoft Entra ID/Azure AD, CyberArk, BeyondTrust, etc.).
Technical Skills: Proficiency in directory services (LDAP, AD) and scripting languages (PowerShell, Python) for automation.
Protocol Knowledge: Exceptional understanding of TLS, SSO, Federation, SAML, OAuth2, and OIDC protocols.
Education: Bachelor's degree in Computer Science, Information Technology, or equivalent experience.
Cambiumlearning · Worldwide