Instructional Design

Learning & Development

Higher Ed

K-12

Sales

Customer Success

Product Development

Software Engineering

Academic Advising

Marketing

Fully Remote

Tutoring

Information Technology

All Jobs

Companies

Schools

Former Teachers

$100K+

Entry Level
About Post a job
Existing employer? Sign in
edtech.com
Cambium Learning Group logo

Cambium Learning Group

Principal Security Engineer Identity & Access Management

🇺🇸 Remote - US 🕑 Full-Time 💰 TBD 💻 Information Technology 🗓️ April 1st, 2026
Salesforce SaaS Python

Edtech.com's Summary

CLI Cambium Learning, Inc. is hiring a Principal Security Engineer Identity & Access Management. The role requires leading the design and architecture of secure, scalable identity lifecycle management solutions for diverse users across on-premise and SaaS platforms, ensuring compliance with data privacy laws and promoting advanced authentication standards such as SSO and passwordless methods.

Highlights
  • Architect and maintain identity and access management (IAM) strategies for internal workforce and customer-facing systems (CIAM).
  • Design secure authentication protocols including SAML, OAuth2, OIDC, FIDO2, and enhance phishing-resistant MFA.
  • Automate user provisioning, maintenance, and deprovisioning using SCIM in collaboration with the IAM team.
  • Integrate privileged identity platforms with Active Directory, cloud/on-prem platforms, and third-party apps like SalesForce and Workday, as well as API gateway architecture.
  • Define RBAC and ABAC models to ensure compliance with student data privacy regulations such as FERPA, GDPR, and COPPA.
  • Mentor engineers on identity-first security best practices and act as a subject matter expert.
  • Proficient with modern IDP and PAM solutions including Okta, Ping Identity, Microsoft Entra ID/Azure AD, CyberArk, and BeyondTrust.
  • Strong technical skills in directory services (LDAP, AD) and scripting languages such as PowerShell and Python for automation.
  • Exceptional knowledge of TLS, SSO, Federation, SAML, OAuth2, and OIDC protocols.
  • Requires minimum 7 years IT/Security experience with at least 4 years in IAM architecture and a Bachelor’s degree in Computer Science, IT, or equivalent experience.

Principal Security Engineer Identity & Access Management Full Description

Job Overview:

The Principal Security Engineer, you will be the principal technical leader defining how users interact with our platforms. You will architect scalable solutions to manage the identity lifecycle for a diverse user base (Employees, contingent workers, and customers) across our on premise and SaaS applications. Your goal is to architect standards for a secure, frictionless experience—such as Single Sign-On (SSO), passwordless, API authentication—while adhering to strict data privacy regulations (FERPA, GDPR, COPPA).

Job Responsibilities:

  • Identity Strategy & Architecture: Architect and maintain the target-state architecture for internal workforce identity and help redesign customer-facing (CIAM) as appropriate.
  • Secure Access & Authentication: Architect secure, modern authentication protocols (SAML, OAuth2, OIDC, FIDO2) and fortify phishing-resistant MFA.
  • Identity Lifecycle Automation: Collaborate with IAM team to design automated provisioning, maintenance, and deprovisioning processes (SCIM) to handle high-volume user onboarding/offboarding.
  • Integration: Drive the integration of our privileged identity platform with brand Active Directories, Cloud and on-prem based platforms, and third-party applications such as SalesForce and Workday, as well as the architecture of an API gateway.
  • Governance & Compliance: Define RBAC (Role-Based Access Control) and ABAC (Attribute-Based Access Control) models to ensure compliance with student data privacy laws (e.g., FERPA, GDPR).
  • Mentorship: Act as a subject matter expert and mentor engineers on identity-first security best practices.

Job Requirements:

  • Experience: 7+ years in IT/Security, with at least 4+ years focusing on Identity and Access Management (IAM) architecture.
  • Platform Expertise: Deep hands-on experience with modern IDP & PAM solutions (e.g., Okta, Ping Identity, Microsoft Entra ID/Azure AD, CyberArk, BeyondTrust, etc.).
  • Technical Skills: Proficiency in directory services (LDAP, AD) and scripting languages (PowerShell, Python) for automation.
  • Protocol Knowledge: Exceptional understanding of TLS, SSO, Federation, SAML, OAuth2, and OIDC protocols.
  • Education: Bachelor's degree in Computer Science, Information Technology, or equivalent experience.

Preferred Qualifications:

  • Compliance: Familiarity with student data privacy regulations (FERPA, COPPA).
  • Zero Trust: Experience implementing Zero Trust architecture principals.
  • Certifications: CAIM, CAMS, CISSP, CISM, or vendor-specific certifications (e.g., Okta Certified Architect).

To learn more about our organization and the exciting work we do, visit www.cambiumlearning.com 

Remote First Work Environment 

Our Remote First approach gives employees the flexibility and trust they need to effectively balance work with life. It creates a culture in which all employees are valued and where success is measured in results. It allows us to work collaboratively, inclusively and for greater positive impact, regardless of our individual locations.

If you will be working remotely, either occasionally or on a permanent basis, you must have a reliable internet connection through a cable or fiber-optic broadband service with minimum speeds of 10 Mbps download and 5 Mbps upload.

The successful candidate will be expected to actively participate in video-based interviews during the recruiting process and ongoing virtual meetings with their camera on, as part of their role. To maintain confidentiality and ensure a fair evaluation process, the use of note-taking tools, reference materials, or AI-powered tools (including generative AI, language models, or similar technologies) during interviews or other selection activities is prohibited unless prior written approval has been obtained from the People Experience team. If you require an exception for medical, accessibility, or other reasons, please contact your Talent Acquisition team member to discuss accommodations in advance.

As part of our Remote-First benefits, Cambium offers reimbursement to help cover the cost of setting up your home or remote office.

An Equal Opportunity Employer

We are dedicated to fostering a culture that celebrates unique backgrounds, ideas, and experiences. All qualified applicants will receive consideration for employment without discrimination on the basis of race, color, age, religion, sex (including pregnancy, gender, gender identity/expression, or sexual orientation), national origin, protected veteran status, disability, or genetic information (including family medical history).

We will provide reasonable accommodations for qualified individuals with disabilities.  You may request an accommodation during the recruiting process with your Talent Acquisition team member.

Similar Jobs

Systems Administrator II

Western Governors University

🇺🇸 Salt Lake City, UT

Senior Salesforce Administrator

Western Governors University

🇺🇸 Salt Lake City, UT

Associate Systems Engineer

Western Governors University

🇺🇸 Salt Lake City, UT

Desktop Support Engineers

University of Utah

🇺🇸 Salt Lake City, UT

IT Specialist

University of Utah

🇺🇸 Salt Lake City, UT