Northwestern Mutual
3 days ago – be among the first 25 applicants
What's the role? The Principal IAM Engineer is the senior technical authority for identity services, responsible for designing, implementing, and governing enterprise‑wide IAM capabilities across workforce, partner, and customer identities. This role combines deep hands‑on engineering with architecture and leadership, driving the modernization of authentication, authorization, identity lifecycle, and privileged access controls across our cloud and on‑prem environments.
Key Responsibilities
Own the end‑to‑end technical design of IAM services, including identity lifecycle management, authentication, authorization, SSO, and privileged access controls, ensuring they are secure, scalable, and highly available.
Lead design and implementation of IAM integrations for SaaS, on‑prem, and AWS cloud platforms, including federation (SAML, OIDC, OAuth), MFA, and Passwordless capabilities.
Serve as the primary escalation point for complex IAM engineering issues; perform root‑cause analysis and drive long‑term remediation and hardening of IAM platforms and related services.
Partner with security architecture, infrastructure, application, and HR/IT teams to align IAM solutions with enterprise security strategy, compliance obligations, and business objectives.
Define IAM engineering standards, patterns, and reference architectures; guide other engineers in implementing secure onboarding patterns for applications into IGA, PAM, and SSO platforms.
Lead modernization initiatives.
Contribute to audits, risk assessments, and regulatory reviews by providing technical evidence, designing compensating controls, and closing identified IAM control gaps.
Mentor and coach IAM engineers and analysts, promoting engineering excellence, documentation discipline, and a culture of continuous learning and improvement.
Qualifications
10+ years of experience in information security or infrastructure engineering, with at least 5 years of hands‑on‑keyboard experience with core IAM platforms.
Deep expertise with the majority of our IAM stack.
Strong hands‑on experience with Microsoft Entra ID and Active Directory as foundational directory services, and extensive experience implementing federation protocols (SAML, OIDC, OAuth2).
Proven track record designing and implementing IAM solutions in hybrid multi‑cloud environments, including the automation of provisioning, access reviews, and RBAC/ABAC models.
Experience with secrets management solutions.
Proficiency in at least one scripting or programming language (such as PowerShell, Python, or Java) to automate tasks and build custom connectors for our IAM tools.
Excellent communication skills with the ability to translate complex technical concepts related to our IAM ecosystem for both technical and non‑technical stakeholders.
Exceptional sense of ownership and the ability to work with a limited set of requirements.
Highly advanced ability to breakdown work to deliver value incrementally.
Experience leading large‑scale IAM programs.
Prior responsibility as a technical lead or architect for IAM, including mentoring teams and influencing roadmaps beyond direct reporting lines.
Demonstrated ability to balance security, usability, and operational efficiency, with a strong bias toward automation and measurable risk reduction.
Compensation Range Pay Range - Start:
$135,800.00
Pay Range - End:
$252,200.00
We believe in fairness and transparency. Final salaries are based on a number of factors, including the skills and experience of the candidate, the current market, location of the candidate, and other factors uncovered in the hiring process.
For hire locations in California, New York City, or other eligible locations, geographic specific pay structures, compensation and benefits could be applicable.
Northwestern Mutual is an equal opportunity employer who welcomes and encourages diversity in the workforce. We are committed to creating and maintaining an environment in which each employee can contribute creative ideas, seek challenges, assume leadership and continue to focus on meeting and exceeding business and personal objectives.
Skills Talent Development & Planning – Beginner, Learning Agility & Critical Thinking – Expert, Cross Functional Partnering & Planning – Expert, Business Automation – Expert, Accountability – Beginner, Customer Centricity – Expert, Access Management Tools & Technologies – Expert, Cloud Deployment Models – Expert, Identity Protocols – Expert, Security Practices – Expert, Continuous Improvement – Expert, Analytical Thinking – Expert, Technical Problem Solving – Expert, Compliance – Expert, DevSecOps – Advanced, Strategic Vision & Planning – Intermediate, Stakeholder Relationship – Expert, Strategic Thinking – Expert, Adaptive Communication – Expert, Business Influence – Beginner, Identity & Access Management Industry Standards – Expert
Benefits
Flexible work schedules
Concierge service
Comprehensive benefits
Employee resource groups
#J-18808-Ljbffr
What's the role? The Principal IAM Engineer is the senior technical authority for identity services, responsible for designing, implementing, and governing enterprise‑wide IAM capabilities across workforce, partner, and customer identities. This role combines deep hands‑on engineering with architecture and leadership, driving the modernization of authentication, authorization, identity lifecycle, and privileged access controls across our cloud and on‑prem environments.
Key Responsibilities
Own the end‑to‑end technical design of IAM services, including identity lifecycle management, authentication, authorization, SSO, and privileged access controls, ensuring they are secure, scalable, and highly available.
Lead design and implementation of IAM integrations for SaaS, on‑prem, and AWS cloud platforms, including federation (SAML, OIDC, OAuth), MFA, and Passwordless capabilities.
Serve as the primary escalation point for complex IAM engineering issues; perform root‑cause analysis and drive long‑term remediation and hardening of IAM platforms and related services.
Partner with security architecture, infrastructure, application, and HR/IT teams to align IAM solutions with enterprise security strategy, compliance obligations, and business objectives.
Define IAM engineering standards, patterns, and reference architectures; guide other engineers in implementing secure onboarding patterns for applications into IGA, PAM, and SSO platforms.
Lead modernization initiatives.
Contribute to audits, risk assessments, and regulatory reviews by providing technical evidence, designing compensating controls, and closing identified IAM control gaps.
Mentor and coach IAM engineers and analysts, promoting engineering excellence, documentation discipline, and a culture of continuous learning and improvement.
Qualifications
10+ years of experience in information security or infrastructure engineering, with at least 5 years of hands‑on‑keyboard experience with core IAM platforms.
Deep expertise with the majority of our IAM stack.
Strong hands‑on experience with Microsoft Entra ID and Active Directory as foundational directory services, and extensive experience implementing federation protocols (SAML, OIDC, OAuth2).
Proven track record designing and implementing IAM solutions in hybrid multi‑cloud environments, including the automation of provisioning, access reviews, and RBAC/ABAC models.
Experience with secrets management solutions.
Proficiency in at least one scripting or programming language (such as PowerShell, Python, or Java) to automate tasks and build custom connectors for our IAM tools.
Excellent communication skills with the ability to translate complex technical concepts related to our IAM ecosystem for both technical and non‑technical stakeholders.
Exceptional sense of ownership and the ability to work with a limited set of requirements.
Highly advanced ability to breakdown work to deliver value incrementally.
Experience leading large‑scale IAM programs.
Prior responsibility as a technical lead or architect for IAM, including mentoring teams and influencing roadmaps beyond direct reporting lines.
Demonstrated ability to balance security, usability, and operational efficiency, with a strong bias toward automation and measurable risk reduction.
Compensation Range Pay Range - Start:
$135,800.00
Pay Range - End:
$252,200.00
We believe in fairness and transparency. Final salaries are based on a number of factors, including the skills and experience of the candidate, the current market, location of the candidate, and other factors uncovered in the hiring process.
For hire locations in California, New York City, or other eligible locations, geographic specific pay structures, compensation and benefits could be applicable.
Northwestern Mutual is an equal opportunity employer who welcomes and encourages diversity in the workforce. We are committed to creating and maintaining an environment in which each employee can contribute creative ideas, seek challenges, assume leadership and continue to focus on meeting and exceeding business and personal objectives.
Skills Talent Development & Planning – Beginner, Learning Agility & Critical Thinking – Expert, Cross Functional Partnering & Planning – Expert, Business Automation – Expert, Accountability – Beginner, Customer Centricity – Expert, Access Management Tools & Technologies – Expert, Cloud Deployment Models – Expert, Identity Protocols – Expert, Security Practices – Expert, Continuous Improvement – Expert, Analytical Thinking – Expert, Technical Problem Solving – Expert, Compliance – Expert, DevSecOps – Advanced, Strategic Vision & Planning – Intermediate, Stakeholder Relationship – Expert, Strategic Thinking – Expert, Adaptive Communication – Expert, Business Influence – Beginner, Identity & Access Management Industry Standards – Expert
Benefits
Flexible work schedules
Concierge service
Comprehensive benefits
Employee resource groups
#J-18808-Ljbffr