Senior IAM Engineer/Architect

PURPOSE

This role is for a Senior Security Engineer with deep expertise in Identity Governance and Security, Access Management to join our cybersecurity team. This person plays a critical role in the design, development, and implementation of enterprise-wide IAM solutions. The successful candidate will be responsible for creating and maintaining scalable, secure, and user-friendly IAM capabilities across internal and customer-facing applications. This includes deep expertise in Identity Governance and Administration (IGA), Multi-Factor Authentication (MFA), cloud-based IAM, AI-driven identity solutions, and supporting secure access for both workforce and external users.

The ideal candidate will have hands-on experience in securing identity environments in complex, hybrid (on-prem and cloud) enterprise settings. Additionally, as a senior engineer this role is expected to be capable of operating without direct oversight. It requires someone with sufficient depth of experience and knowledge in IT and security to be able to perform complex engineering tasks, including tool testing, deployment, maintenance, troubleshooting and enhancements.

ESSENTIAL DUTIES AND RESPONSIBILITIES

• Define and maintain IAM architecture strategy, standards, and roadmaps.
• Architect scalable and secure IAM solutions for internal systems and customer-facing applications.
• Integrate IGA, MFA, SSO, and AI-enhanced risk-based authentication into IAM designs.
• Lead the design and implementation of IAM technologies including lifecycle management, access reviews, role-based access control (RBAC), privileged access management (PAM), and federation.
• Implement and enhance IGA platforms (e.g., SailPoint, Saviynt, or equivalent).
• Design and implement adaptive and context-aware MFA solutions.
• Design secure customer identity (CIAM) solutions that provide seamless and secure access experiences.
• Drive integration of IAM with cloud-native services across AWS, Azure, and GCP.
• Leverage AI/ML to enhance identity analytics, anomaly detection, and access decisioning.
• Ensure IAM design supports hybrid and multi-cloud environments securely and efficiently.
• Ensure compliance with regulatory requirements (e.g., GDPR, HIPAA, SOX).
• Provide security consultation on access control best practices, zero trust principles, and least privilege enforcement.
• Lead IAM risk assessments and provide architectural solutions to mitigate identity-related risks.
• Partner with product and application teams to integrate IAM capabilities into customer-facing platforms.
• Act as a subject matter expert (SME) on IAM, providing architectural guidance and technical leadership.
• Communicate IAM vision, strategy, and implementation progress to technical and non-technical stakeholders.
• Develop and maintain technical documentation, runbooks, and hardening baselines.
• Provide technical leadership and mentorship to junior engineers and cross-functional teams.
• Support incident response teams in investigations.
• Stay current with identity-related security threats, tools, techniques, and frameworks (e.g., Mimikatz, BloodHound, Kerberoasting).

SUPERVISORY RESPONSIBILITIES

This job has no supervisory responsibilities.

MINIMUM REQUIREMENTS

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required.

• 7+ years of progressive education and/or experience in IAM.
• Demonstrated ability to design IAM solutions for both enterprise users and customers.
• Proven experience implementing and managing IGA tools (e.g., SailPoint, Saviynt, Oracle Identity Governance).
• Strong hands-on experience with MFA platforms (e.g., Duo, Okta, Ping Identity, Microsoft).
• Deep understanding of cloud identity models and services in AWS, Azure, and GCP.
• Familiarity with customer identity (CIAM), OAuth2, OpenID Connect (OIDC), SAML, and SCIM protocols.
• Familiarity with tools like PingCastle, BloodHound, ADFind, PowerSploit, Mimikatz, etc.
• Experience with Zero Trust architecture, PAM solutions (e.g., CyberArk, BeyondTrust), and identity governance platforms.
• Familiarity with DevSecOps practices and integrating IAM into CI/CD pipelines.
• Strong understanding of security frameworks such as MITRE ATT&CK, NIST 800-53, and CIS Controls.
• Excellent communication, leadership, and stakeholder engagement skills.

PREFERRED QUALIFICATIONS

• Bachelor's degree in Computer Science, Information Security, Engineering, or related field.
• Professional certifications such as CISSP, CCSP, Azure/AWS Certified Architect, or Certified Identity and Access Manager (CIAM).
• Experience designing and deploying AI-driven identity analytics or behavior-based access solutions
• Strong scripting and automation skills using PowerShell, Python, or other relevant languages.

COMPETENCIES

• Evaluates Problems: Evaluates and analyzes different types of information objectively to identify appropriate solutions; writes fluently, establishing the key facts clearly and interprets numerical data effectively.
• Technical Communication/ Presentation: Communicates with clarity and precision, presenting complex information in a concise format that is audience appropriate.
• Adjusting and Driving Change: Takes a positive approach to tackling work and embraces change; invites feedback relating to performance and deals constructively with criticism. Identifies the need for and drives change when required to achieve objectives.
• Focuses on Customers: Understands and anticipates customer needs and takes action to provide high-quality products and services to exceed expectations.
• Agile Best Practices: Understands how agility is leveraged in IT ways of working. Adopts agile best practices as appropriate throughout the assigned work lifecycle. Responds to feedback quickly based on comments of internal and external customers and needs of the market.
• Bias for Action: Takes initiative and identifies what needs to be done and acts without waiting to be asked. Executes work in a timely manner. Suggests improvements to current ways of working.

BFS COMPETENCIES

• Business and Financial Acumen
  
  
  
  • Understands KPIs and how BFS makes money.
  • Demonstrates functional and/or technical expertise.
  • Understands complex issues and demonstrates problem solving skills.
  • Understands how to maximize business results regardless of industry cycle.
  
  
  
  
• Results Driven
  
  
  
  • Holds self and others accountable.
  • Communicates and sets clear goals with plans to deliver.
  • Manages competing priorities effectively.
  • Demonstrates appropriate urgency.
  • Drives to exceed expectations in alignment with our BFS SPICE values.
  • Embraces and follows best practices.
  • Demonstrates self-starter, can-do attitude.
  
  
  
  
• Strategic Thinking and Decision Making
  
  
  
  • Leverages resources and teams around them to solve problems and create mutually beneficial outcomes.
  • Demonstrates willingness and courage to make tough decisions in a timely manner.
  • Balances short-and-long term priorities
  • Demonstrates proactive versus reactive thinking.
  • Asks questions to identify root cause and analyze situations more accurately.
  
  
  
  
• Servant Leadership
  
  
  
  • Demonstrates humility by putting others first.
  • Builds trust-based relationships.
  • Leads by example with kindness and respect.
  • Collaborates well across all areas of the business.
  • Advocates for others
  • Actively listens to understand the meaning and intent of what the other person is communicating.
  • Demonstrates authenticity and encourages others to do the same.
  
  
  
  
• Emotional Intelligence
  
  
  
  • Demonstrates situational awareness - knows when and how to adjust leadership style in different situations.
  • Demonstrates self-awareness - understands strengths and weaknesses.
  • Demonstrates empathy - puts themselves in other's shoes.
  • Assumes positive intent.
  
  
  
  
• Develops and Leads Others
  
  
  
  • Drives alignment through clear communication of vision, goals, and expectations.
  • Invests time on a regular basis in performance feedback and developmental conversations.
  • Fosters a respectful and inclusive environment.
  • Empowers, motivates, and inspires others.
  • Coaches and mentor others for their development.
  • Guides and persuades others to deliver positive outcomes.
  
  
  
  
• Growth Mindset
  
  
  
  • Demonstrates a growth mindset; takes appropriate risks, fails fast and forward, learns from mistakes.
  • Perseveres and champions growth, even in the face of resistance, ambiguity, or possible failure.
  • Thinks like an owner with an entrepreneurial spirit.
  • Demonstrates and encourages intellectual curiosity.
  • Continuous learner; seeks opportunities and knowledge for personal and professional growth.
  • Sees possibilities over problems - actively seeks solutions.
  
  
  
  
• Innovation
  
  
  
  • Encourages out-of-the box thinking to create new ways of doing things.
  • Continuously seeks to improve and simplify pain points in the business.
  • Anticipates, embraces, and leads change.
  • Develops and executes breakthrough strategies.
  
  
  
  
• Integrity
  
  
  
  • Does the right thing even under challenging circumstances?
  • Communicates with honesty.
  • Consistently treats others fairly and equitably.
  • Demonstrates reliability and does what they say they will do.
  • Conducts tough conversations and delivers difficult messages with kindness and respect.
  
  
  
  

WORK ENVIRONMENT / PHYSICAL ACTIVITY

• Subject to both typical office environment and outside locations with temperature and weather variations.
• Must be able to lift and carry up to 25 pounds.
• Occasional travel may be required.

#LI-JA1

#LI-Remote

Successful, innovative, and fulfilling careers are built here, and your professional development is a high priority. We invest in your future through the latest training, tools, and technologies. Highly collaborative, we work together to solve problems and find better ways to continually grow our business and careers every day. You'll be empowered to try new things, gain new experiences, and build a career with unlimited horizons. The scale and depth of resources that being the #1 building materials distributor in the nation provides a variety of opportunities for you to explore - all in a friendly, people-first environment. Join us to be more, do more, and build more, together at BFS.

In addition to the base wage listed, this position is also eligible to earn an annual bonus subject to changes in plan design and documents and in accordance with applicable law. Eligibility and the amount of the bonus varies based on overall company success, thresholds met and other terms and conditions of the Company's active bonus policy for the respective year.

At Builders FirstSource, we offer competitive, affordable benefits designed to make life better for you and the people you love. Our goal is simple - provide great plans that help you and your family to live happier, healthier and more secure lives. To view all our benefit offerings click here www.bldrbenefits.com.

Builders FirstSource is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, protected veteran status or status as an individual with a disability.

In compliance with the ADA Amendments Act (ADAAA), if you have a disability and would like to request an accommodation in order to apply for a position with Builders FirstSource, please call (214) 765-3990 or email: ADA.Accommodation@bldr.com. Please do not send resumes to this email address - it is intended only to be used to request an accommodation in submitting an application for a job opening.