Principal Identity Engineer

Principal Identity Engineer:

Ecolab is seeking a highly skilled Principal Identity Engineer to lead our identity management strategy in a complex hybrid environment. This role will oversee and own the architecture, implementation, and training other members around operational management of critical systems, including BeyondTrust, Microsoft Entra ID (formerly Azure AD), Active Directory (AD), internal Certificate Authority (Active Directory Certificate Services - ADCS), and external Certificate Authorities such as Sectigo.

  What’s in it For You: 

As a lead team member, you’ll influence our strategy and direction, drive project success, and help shape the future for digital growth

• Assist with identity technical solution design across Identity Access Management Platforms.
•  Lead the design and implementation of enterprise-grade Identity Management solutions, including BeyondTrust, Active Directory (AD), Entra ID, and Certificate Management.
• Develop scalable architectures for hybrid environments that integrate on-premises and cloud-based systems.
• Evolve and optimize a hybrid environment combining managed and exchange services across domains.
• Ensure seamless integration of identity solutions with existing infrastructure, including Entra ID and other third-party platforms.
• Provide technical leadership and mentorship to engineers within the team.
• Oversee and provide recommendations of identity management tools, including monitoring, troubleshooting, and performance optimization.
• Playing a key role in developing standards for the identity team in relation to implementation, maintenance, and support while additionally participating in our team’s on-call rotation.
• Optimize a hybrid environment combining managed and exchange services across domains.

What You Will Do: 

Key Responsibilities:

• Design and Implementation: Lead the design and implementation of robust identity management solutions that integrate seamlessly across on-premises and cloud environments. Ensuring a stable and secure environment that is evaluated across aligned to KPIs.
• Identity Governance: Lead lifecycle management and governance processes ensuring compliance with regulatory standards.
• Threat Detection: Integrate identity systems with SIEM for proactive threat detection and response.
• Passwordless Strategy: Drive adoption of modern authentication methods such as FIDO2 and passwordless technologies.
• Metrics: Establish KPIs for identity security posture and operational efficiency.
• BeyondTrust Integration: Lead and own the BeyondTrust platform ensuring secure access for servers, admin users, and supply chain isolated networks.
• Microsoft Entra ID & Active Directory: Design a cloud first architecture and train core members in Microsoft Entra ID for managing user identities, still ensuring alignment with AD on-premises systems.
• Certificate Management: Design and manage public key infrastructure (PKI), including both internal ADCS and external Certificate Authorities like Sectigo, to ensure secure communication channels and compliance with security standards.
• Collaborate with Security Architecture, Infrastructure and Cloud delivery teams to achieve business objectives
• Partner with Enterprise Architecture and business teams to achieve strategic outcomes for Digital Initiatives

Minimum Qualifications:

• Bachelor's degree and 10 years of relevant experience in Identity Field similar roles.
• 8 years of experience with BeyondTrust,or, Active Directory (AD) and Microsoft Entra ID (formerly Azure or external Certificate Authorities such as Sectigo, internal Certificate Authority (Active Directory Certificate Services - ADCS)
• Strong understanding of Identity principles including but not limited to SCIM, OIDC SAML, least privilege, Kerberos, certificate-based auth.
• Excellent analytical skills, with the ability to use data and data analytics tools to drive decisions.
• 3 years' experience with Agile methodologies and tools such as ADO or GitHub.
• Ability to think strategically while managing day-to-day product details.
• Strong communication, and interpersonal skills – the ability to collaborate and deliver effectively with diverse teams.
• Expert in EntraID integration and Microsoft 365 identity management solutions.
• Knowledge of scripting or automation technologies such as PowerShell, Terraform, REST, JSON for automating identity-related tasks.
• Experience performing SQL, EQL query analysis to build a case for a new process or to take action based on the data.
• Excellent problem-solving skills and attention to detail.
• Ability to adapt to changing priorities and manage multiple tasks effectively
• Immigration sponsorship and relocation are not available for this position.

Preferred Qualifications:

• Previous experience in building and architecting using infrastructure as code with terraform.
• Desire to be in a fast-moving, agile environment with willingness to adjust quickly 
• Certifications such as CISSP, CISA, or relevant Microsoft, BeyondTrust certifications in Identity & Access
• Experience architecting and designing multi-cloud identity platforms
• Project management experience
• Experience in CIAM(Customer Identity and Access Management)
• Experience in Protocols & APIs: Deep understanding of federation protocols (SAML, OAuth2.0, OIDC), SCIM, and RESTful APIs.
• Security Frameworks: Solid foundation in Zero Trust architecture and contemporary security standards.

The base salary range for this position is $153,900.00 - $230,800.00. This position is eligible for annual bonus pay based on performance, per plan terms. Many factors are taken into consideration when determining compensation, such as experience, education, training, geography, etc. We comply with all minimum wage and overtime laws.

Ecolab strives to provide comprehensive and market-competitive benefits to meet the needs of our associates and their families. Click here to see our benefits. 

If you are viewing this posting on a site other than our Ecolab Career website, view our benefits at jobs.ecolab.com/working-here.