Infrastructure Security Engineer Jr - IAM

Ent Credit Union and Wings Credit Union are joining forces in January 2026. This merger means more opportunities, expanded resources, and a shared commitment to delivering exceptional member service. Together, we become more - empowering members, communities, and teams through a bold, unified future. Both organizations bring a strong legacy of member satisfaction, operational excellence, financial stability, and community impact. Recognized locally and nationally as best-in-class financial institutions and employers of choice, each is known for its commitment to financial well-being and philanthropic leadership. Join us during this transformative time and be part of shaping the future of banking! To learn more about the merger, click here.

The Infrastructure Security Engineer - Identity and Access Management, Jr provides first line defense for the credit union and is responsible for operating Identity and Access Management (IAM) tools, identity lifecycle, authentication/authorization, Single-Sign On (SSO)/Multi-Factor Authentication (MFA), Role Based Access Control (RBAC)/Attribute Based Access Control (ABAC), Separation of Duties (SoD), Privileged Access Management (PAM), and periodic access reviews. Additionally, engineers and supports identity platforms such as Active Directory, Entra ID, etc., and designs and enforces security controls within these platforms. The role works cross functionally with HR, Platform, Application, Audit, and Risk teams to enforce least privilege and reduce risk, and partners with Cybersecurity on incident response and remediation.

Essential Functions

• Operations Respond to Level 1 support requests, including incidents, outages, bugs, and feature requests; monitor IAM environments and support change management across development, QA, and production. Maintain IAM policies, standards, procedures, and ensure solutions meet regulatory, audit, and internal requirements. Troubleshoot and resolve identity and access issues across enterprise systems. Configure, operate, and troubleshoot Active Directory (AD DS), cloud identity providers, and Active Directory Certificate Services (AD CS), including group policies, privileged group management, PIM, Conditional Access, MFA, passwordless technologies (e. g. , Windows Hello for Business, FIDO2), PKI certificates, and recovery from compromise scenarios. Partner with Risk & Compliance to produce audit-ready evidence and remediate findings. Coordinate with Cybersecurity Operations to respond to identity security events and support post-incident improvements with runbooks and metrics. Collaborate with platform and product teams to integrate IAM controls into CI/CD pipelines and change management processes. Execute user lifecycle operations, including onboarding, offboarding, and routine access requests. Write and maintain SOPs, runbooks, and knowledge base articles for operational consistency.
• Design & Implement Assist in implementing and optimizing RBAC and ABAC access controls. Integrate IGA platforms with HR systems (e. g. , UKG), directories (Active Directory), applications, and cloud services. Support the implementation and usage of IAM capabilities in enterprise systems, including improving authentication and authorization policies. Engineer and maintain PAM tools (e. g. , Delinea), including credential vaulting, session management, least-privilege strategies, and break-glass access processes. Integrate PAM with directories, servers, cloud platforms, and critical applications. Build and automate identity workflows, connectors, and integrations using APIs, scripting, or infrastructure-as-code tools (PowerShell, Python, IaC/PaC); document SOPs and architecture diagrams. Operate and harden security controls across identity platforms, embedding security by design in change requests and architecture reviews. Maintain secure identity configuration baselines and ensure IAM solutions meet compliance, audit, and regulatory requirements. Align identity security with the organization's overall security strategy to reduce risk.
• Research: Stay current on identity technologies, risks and threats and participate in roadmap creation through organic releases and/or from business stakeholders Research, develop, and understand authentication factors, associated risks and benefits, and the impact on user experience Research, evaluate, recommend and implement new technologies/capabilities Maintain up-to-date industry knowledge relative to Identity Security, IAM, PAM technologies and methodologies, risks and threats through courses, webinars, books, and self-study. Recommend changes to leadership based on this knowledge
• Bank Secrecy Act: Remains cognizant of and adheres to Wings policies and procedures, and regulations pertaining to the Bank Secrecy Act.

Minimum Formal Qualifications for this Position

• Bachelor's Degree Information Technology, Information Security, or relevant field of study
• 1+ years' experience managing users, groups, roles, entitlements, and the identity lifecycle (Joiners/Movers/Leavers), including creating accounts for new users, handling transfers or promotions, and processing employee separations (Required)

Preferred Qualifications

• 1+ Years' experience working with and troubleshooting auth protocols such as OIDC, OAuth2, SAML, LDAP, Integrated Windows Authentication
• 1+ Years' experience understanding and abiding by policies that reflect system security objectives; ability to determine how a security system works (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes 

Technical or Specialized Knowledge/Skills:

• Knowledge of identity and access management concepts such as SSO, MFA, RBAC/ABAC, and least-privilege access.
• Skilled in certificate-based authentication, PKI, and multi-factor authentication technologies.
• Knowledge of IT systems, directories, or cloud platforms, including Active Directory or similar directory services.
• Ability to troubleshoot user access, authentication, or identity issues across enterprise systems.
• Knowledge of IAM/PAM platforms (e.g., Delinea, CyberArk, SailPoint, Saviynt).
• Understanding of identity protocols and standards (OIDC, OAuth, SAML, SCIM, AD FS).
• Analytical, problem-solving, and documentation skills to maintain SOPs, runbooks, and knowledge base articles.
• Skilled in communication and collaboration, working with IT, security, and application teams.
• Ability to manage multiple priorities in a fast-paced environment and quickly learn new technologies.

Certifications Required:

• Security+, SC 900/SC 300, SailPoint Identity Security Administrator (Preferred)

The pay range for this position is: $40 to $45 per Hour plus 10% target annual bonus (I14).

Final compensation for this position will be determined by various factors such as relevant work experience, specific skills and competencies, education, certifications, location and internal pay equity.


BENEFITS:
 

• Generous 401(k) match
• 401k Discretionary Profit Sharing
• Health Insurance
• Dental Insurance
• Vision Insurance
• Life Insurance
• Short Term and Long Term Disability
• Health Savings Account with company contribution
• Employee Assistance Program
• Paid Vacation, Sick, Floating Holidays and Volunteer Time Off
• Paid Holidays
• Tuition Reimbursement
• Paid Parental Leave
   

We anticipate this position to close on 4/10/2026. Please submit your application at your earliest convenience to be considered

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities.

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)