Principal Security Engineer - IAM

About the Role

The Principal Security Engineer is the most senior technical role on the security engineering team, responsible for shaping the overall security strategy with a focus on cloud security and Identity Access Management (IAM). The position involves designing cutting‑edge solutions and leading the organization’s response to its most complex security challenges. Key responsibilities include defining and leading the implementation of a cloud‑centric security and IAM strategy, architecting and deploying IAM solutions across on‑premise, Azure, AWS, GCP and SaaS platforms, and conducting advanced security assessments such as threat modeling, red‑team exercises, and cloud reviews. The engineer will act as technical lead for large‑scale projects, collaborate with executive leadership, and design workforce, privileged and customer IAM ecosystems that incorporate password‑less authentication, adaptive MFA and AI‑driven access orchestration. Additional duties involve automating provisioning workflows, integrating Agentic AI tools for policy enforcement, and mentoring senior security engineers. • Define and drive the organization’s cloud security and IAM strategy. • Architect and deploy IAM solutions across on‑premise, Azure, AWS, GCP and SaaS environments. • Lead advanced security assessments such as threat modeling, red‑team exercises, and cloud reviews. • Act as technical lead for large‑scale security projects and coordinate cross‑functional teams. • Design workforce, privileged, and customer IAM ecosystems with passwordless and AI‑driven access orchestration. • Develop automated provisioning/de‑provisioning workflows and integrate Agentic AI tools for policy enforcement. • Mentor senior security engineers and foster continuous innovation.

Key Responsibilities

• ▸cloud security
• ▸iam architecture
• ▸threat modeling
• ▸red-team
• ▸automation workflows
• ▸ai enforcement

What You Bring

Candidates must hold a bachelor’s degree in Computer Science, Cybersecurity or a related field (master’s preferred) and have at least ten years of security engineering experience with deep expertise in IAM. Required technical skills include hands‑on work with identity providers (Microsoft Entra ID, Okta, Ping), IGA solutions (SailPoint, Saviynt), PAM tools (CyberArk, Delinea, HashiCorp Vault), and customer IAM platforms (Auth0, PingOne), as well as mastery of federation protocols (SAML, OAuth2.0, OIDC), SCIM, REST APIs, Active Directory/LDAP and cloud IAM services. Proficiency in scripting or automation (PowerShell, Python, Java or REST APIs) and certifications such as CISSP, CCSP or AWS Security Specialty are expected, along with strong leadership and communication abilities. • Minimum 10 years of security engineering experience with deep IAM expertise. • Hands‑on experience with IdPs (Entra ID, Okta, Ping), IGA (SailPoint, Saviynt), PAM (CyberArk, Delinea, Vault) and customer IAM (Auth0, PingOne). • Proficient in SAML, OAuth2.0, OIDC, SCIM, REST APIs, Active Directory/LDAP and cloud IAM services. • Strong scripting/automation skills in PowerShell, Python, Java or REST APIs. • Relevant certifications such as CISSP, CCSP, AWS Certified Security – Specialty.

Requirements

• ▸iam
• ▸okta
• ▸sailpoint
• ▸cyberark
• ▸saml
• ▸cissp

Benefits

The role is primarily sedentary but requires the ability to lift up to 25 lb and perform basic office movements. Lennar offers a comprehensive benefits package that includes medical, dental and vision coverage, a 401(k) plan with a 1‑for‑1 match up to 5 %, paid parental leave, up to $30 k adoption assistance, three weeks of vacation, generous holiday and sick leave, a new‑hire referral bonus, home‑purchase discounts and an “Everyone’s Included” day. The company is committed to an inclusive culture, employee development and equal employment opportunity. • Offer comprehensive health, dental, vision plans; 401(k) match up to 5 %; paid parental leave; adoption assistance up to $30 k; up to 3 weeks vacation and generous PTO; home‑purchase discounts and referral bonuses.

Work Environment

Office Full-Time