What We DoWe are open to remote or hybrid candidates for this role.
As a Principal Identity Engineer, you will own the technical strategy, architecture, and engineering execution for enterprise Identity and Access Management (IAM) across First American’s cloud and hybrid environments. This role is central to strengthening our security posture by delivering secure, scalable identity capabilities across our cloud environments (Azure AD/AWS/GCP).
You will lead workforce IAM, partner/federation (B2B), and customer identity (CIAM) architecture where applicable; establish Zero Trust identity controls; and set enterprise standards for IAM-as-code using Terraform + GitHub with automation in Python/Bash/JSON. This is a hands-on principal role requiring deep technical expertise, cross-org influence, and the ability to build repeatable platforms and guardrails teams can safely self-serve.
Own the enterprise IAM strategy and target-state architecture across Microsoft Entra, AWS, and Google Cloud (OCIa plus). Define secure, scalable identity patterns for workforce, partner, and customer access that align with security, risk, and compliance requirements.
Design and operationalize a Zero Trust identity model with continuous verification, risk-based access, and adaptive authentication. Reduce standing privilege through least privilege design, just-in-time (JIT) access, and standardized entitlement models.
Hands-on design and delivery of IAM capabilities including SSO, MFA, identity lifecycle, federation, and privileged access across cloud and hybrid environments. Lead modernization efforts, including migration from hybrid Active Directory to Entra IDbased authentication.
Design and evolve customer identity (CIAM) solutions supporting web, mobile, and API platforms. Balance security, privacy, performance, and customer experience while enabling scalable enterprise integrations.
Establish IAM governance frameworks covering access lifecycle, RBAC/ABAC models, access reviews, and audit evidence. Define measurable controls, documentation standards, and recurring review processes to ensure audit readiness.
Define and lead an enterprise IAM-as-Code program using Terraform and GitHub. Build reusable, versioned modules andestablishPR-based workflows with auditability, approvals, and security guardrails.
Engineer secure CI/CD pipelines for IAM deployments, including validation, testing, approvals, drift detection, and rollback strategies. Ensure reliable, auditable identity changes with operational monitoring and clear runbooks.
Develop automation in Python, Bash, and JSON to scale identity operations and reduce manual risk. Support policy management, bulk changes, integrations, and identity-related incidentresponseand diagnostics.
Advancedexpertiseacross Microsoft Entra ID, AWS IAM, and Google Cloud IAM, with OCI experience a plus.
Hands-on experience with leastprivilegedesign, JIT access, Zero Trust identity, and RBAC/ABAC models.
Strong scripting and automation skills in Python, Bash, and JSON, including CI/CD and guardrail design.
Pay Range: $170,900.00 - $227,900.00 AnnuallyThis hiring range is a reasonable estimate of the base pay range for this position at the time of posting. Pay is based on a number of factors which may include job-related knowledge, skills, experience, business requirements and geographic location.
What We OfferBy choice, we don’t simply accept individuality – we embrace it, we support it, and we thrive on it! Our People First culture is inclusive for all employees - not just because it's the right thing to do, but because it's the key to our success. We are proud to foster an authentic and inclusive workplace For All. You are free and encouraged to bring your entire, unique self to work. First American is an equal opportunity employer in every sense of the term.Based on eligibility, First American offers a comprehensive benefits package including medical, dental, vision, 401k, PTO/paid sick leave and other great benefits like an employee stock purchase plan.
