ZipRecruiter

Log In

1

Principal Iam Engineer Jobs (NOW HIRING)

The Mathworks

Principal IAM/AD Engineer

Natick, MA ยท On-site

$144K - $231K/yr

Govern non-human and workload identities, including service principals, managed identities ... Mature DevOps and SecDevOps practices around IAM platform management, including source control ...

Workday, Inc.

Principal Cloud IAM Engineer

Reston, VA ยท On-site

$58 - $77.50/hr

As a Principal IAM Engineer here, you'll architect bold solutions, challenge assumptions, and drive decisions that protect Workday at its core. If you're energized by hard problems at the ...

Workday

Principal Cloud IAM Engineer

Reston, VA ยท On-site

$58 - $77.50/hr

As a Principal IAM Engineer here, you'll architect bold solutions, challenge assumptions, and drive decisions that protect Workday at its core. If you're energized by hard problems at the ...

TMS

Principal Software Engineer-IAM

Coppell, TX ยท On-site

$124K - $167K/yr

Principal Software Engineer-IAM Duration: 6+ Months Contract to Hire Location: Coppell-HYBRID 3 days Position Summary: The Principal Software Engineer is responsible for identification and ...

Lennar

Principal Security Engineer - IAM

Miami, FL

Principal Security Engineer - IAM THIS ROLE WILL BE ONSITE IN OUR IRVING, TX. OR MIAMI, FL. OFFICES We are Lennar Lennar is one of the nation's leading homebuilders, dedicated to making an impact and ...

Lennar

Principal Security Engineer - IAM

Irving, TX

Principal Security Engineer - IAM THIS ROLE WILL BE ONSITE IN OUR IRVING, TX. OR MIAMI, FL. OFFICES We are Lennar Lennar is one of the nation's leading homebuilders, dedicated to making an impact and ...

next page

Showing results 1-20

All JobsPrincipal Iam Engineer Jobs

Principal Iam Engineer information

See salary details

$74K

$147.2K

$212.5K

How much do principal iam engineer jobs pay per year?

As of Jun 12, 2026, the average yearly pay for principal iam engineer in the United States is $147,220.00, according to ZipRecruiter salary data. Most workers in this role earn between $118,500.00 and $173,000.00 per year, depending on experience, location, and employer.

What are the key skills and qualifications needed to thrive as a Principal IAM Engineer, and why are they important?

To thrive as a Principal IAM Engineer, you need deep expertise in identity and access management concepts, security protocols, and a solid background in computer science or related fields, often supported by certifications like CISSP or Azure/AWS IAM credentials. Familiarity with IAM platforms (such as Okta, SailPoint, or Azure AD), scripting languages, and security frameworks is typically required. Outstanding problem-solving, leadership, and communication skills help drive complex projects and collaborate across technical teams. These skills ensure robust access controls, compliance, and security in protecting organizational assets.

How does a Principal IAM Engineer typically collaborate with other teams within an organization?

A Principal IAM Engineer often works closely with cross-functional teams such as IT security, network operations, compliance, and application development to ensure secure and efficient identity and access management solutions. Collaboration may involve designing and implementing access controls, conducting security assessments, and integrating IAM tools with existing systems. Effective communication and project management skills are crucial, as the role frequently requires leading initiatives, providing technical guidance, and aligning security strategies with business objectives.

What is a Principal IAM Engineer?

A Principal IAM (Identity and Access Management) Engineer is a senior-level professional responsible for designing, implementing, and managing systems that control user access to an organization's resources. They play a critical role in ensuring security by developing and maintaining identity management solutions, authentication protocols, and access controls. Principal IAM Engineers also oversee compliance with security policies, mentor junior team members, and often lead strategic projects to enhance organizational security. Their expertise helps protect sensitive information and supports regulatory requirements within the company.
More about Principal Iam Engineer jobs
What cities are hiring for Principal Iam Engineer jobs? Cities with the most Principal Iam Engineer job openings:
What states have the most Principal Iam Engineer jobs? States with the most job openings for Principal Iam Engineer jobs include:
What job categories do people searching Principal Iam Engineer jobs look for? The top searched job categories for Principal Iam Engineer jobs are:
Principal Iam Engineer jobs near you
Infographic showing various Principal Iam Engineer job openings in the United States as of June 2026, with employment types broken down into 67% Full Time, and 33% Contract. Highlights an 67% In-person, and 33% Hybrid job distribution, with an average salary of $147,220 per year, or $70.8 per hour.
Principal IAM/AD Engineer

Principal IAM/AD Engineer

The Mathworks

Natick, MA โ€ข On-site

$144K - $231K/yr

Full-time

Posted 22 days ago

Job description

Job Summary
MathWorks has a hybrid work model that enables staff members to split their time between office and home. The hybrid model provides the advantage of having both in-person time with colleagues and flexible at-home life optimizations. Learn More: https://www.mathworks.com/company/jobs/resources/applying-and-interviewing.html#onboarding.
Do you enjoy building secure, scalable identity platforms and using automation to improve how identity services are delivered and managed? Join our Identity and Access Management team responsible for enterprise identity foundations across on-premises Active Directory, Microsoft Entra ID, hybrid identity, privileged access, and workload identities. We partner closely with Security Engineering, IT, Cloud, Compliance, SOC/XDR, and AI Governance teams to deliver hardened directory services, modern authentication, non-human identity governance, ITDR capabilities, and Zero Trust controls that enable the business.
MathWorks nurtures growth, appreciates inclusivity, encourages initiative, values teamwork, shares success, and rewards excellence.
Responsibilities
  • Operate, secure, and mature on-premises Active Directory, including domain controller lifecycle management, replication, sites/subnets, SYSVOL/GPO health, delegation models, privileged access boundaries, recovery readiness, patch compliance validation, and security baselines.
  • Design, implement, and manage Microsoft Entra ID capabilities, including Conditional Access, Identity Protection, PIM, enterprise applications, app registrations, service principals, managed identities, authentication controls, and authorization policies.
  • Govern non-human and workload identities, including service principals, managed identities, automation accounts, machine identities, certificates, secrets, federated credentials, and application permissions.
  • Monitor, troubleshoot, and optimize hybrid identity flows, including Azure AD Connect or Cloud Sync, provisioning, authentication, authorization, SailPoint-integrated lifecycle processes, and identity data dependencies.
  • Partner with SOC/XDR, Security Engineering, and Incident Response teams to strengthen identity threat detection and response across Active Directory, Entra ID, privileged accounts, application identities, and workload identities.
  • Harden AD and Entra ID through secure baselines, admin tiering, privileged access controls, secure delegation, workload identity controls, and proactive identity threat detection and response.
  • Automate identity operations using PowerShell, Python, Microsoft Graph, Entra APIs, Git workflows, CI/CD pipelines, and configuration-as-code or policy-as-code practices.
  • Mature DevOps and SecDevOps practices around IAM platform management, including source control, peer review, automated validation, drift detection, secure deployment workflows, logging, secrets handling, and rollback planning.
  • Help define and operationalize IAM patterns for AI-enabled systems and agentic workflows, including identity ownership, access boundaries, auditability, lifecycle governance.
  • Lead complex troubleshooting and incident response for identity-related issues, including Kerberos/NTLM, LDAP/LDAPS, replication, Conditional Access failures, service principal risk, workload identity incidents, and suspicious sign-in activity.
  • Produce runbooks, standards, design patterns, change records, and operational procedures; mentor team members and collaborate with stakeholders to align IAM operations with business needs.

Minimum Qualifications
  • A bachelor's degree and 10 years of professional work experience (or equivalent experience) is required.
  • Mastery of active directory

Additional Qualifications
A successful candidate for this role will have a combination of some or all the following skills/experience:
  • 7+ years in enterprise Active Directory operations and hardening, including DC lifecycle management, sites/services, replication, GPO, delegation, BCDR, and observability.
  • 7+ years of experience with Microsoft Entra ID capabilities such as Conditional Access, MFA, Identity Protection, PIM, enterprise applications, app registrations, service principals, managed identities, and access reviews.
  • Experience operating Azure AD Connect or Cloud Sync in hybrid identity environments.
  • Experience governing workload and non-human identities, including service principals, managed identities, certificates, secrets, automation accounts, CI/CD identities, and federated credentials.
  • Experience reviewing application permissions and consent models, including delegated permissions, application permissions, admin consent, Graph API permissions, and least privilege access.
  • Identity Governance and Administration experience, preferably with SailPoint, including provisioning, entitlement models, access certifications, role modeling, and joiner/mover/leaver processes.
  • Experience with IAM automation and engineering practices, including scripting, API integration, configuration-as-code, and CI/CD pipelines using Git-based workflows.
  • Experience with privileged access models, administrative tiering, PAWs, break-glass accounts, just-in-time access, and privileged workflow controls.
  • Experience supporting identity threat detection and response, including AD attack patterns, token abuse, risky sign-ins, suspicious service principal activity, and workload identity risk.
  • Familiarity with AI-enabled identity patterns, including AI agents, Copilot-style integrations, plugins, connectors, agentic workflows, and API permission governance.
  • SSO/Federation experience with SAML, OIDC, OAuth, SCIM provisioning, certificate-based authentication, and token-based access patterns.
  • AD security experience with trusts, LDAP/LDAPS, LDAP signing/channel binding, constrained delegation, Kerberos, NTLM, GPO hardening, and privileged groups.
  • PKI and certificate experience, including AD CS, CRL/OCSP, auto-enrollment, renewal automation, workload certificates, and service principal credentials.
  • Backup/recovery experience, including authoritative restore, forest recovery planning, recovery drills, and operational readiness exercises.
  • Compliance familiarity with CMMC, NIST CSF, NIST 800-53, NIST 800-171, ISO 27001.

Apply