UNFI · 14 hours ago
IAM Engineer Principal
Providence, RI
Full-time
Onsite
Lead/Staff
10+ years expUNFI is a company focused on providing innovative solutions in the field of Identity and Access Management. The Principal IAM Engineer is responsible for the architecture, design, and implementation of IAM solutions, ensuring they meet security best practices and addressing complex identity challenges across the organization.
Food and BeverageHealth CareHospitalityOrganic Food
Responsibilities
Leads UNFI IAM architecture and design efforts to meet the platform and product team requirements while aligning to UNFI IAM and security standards, controls and governance structure
Leads design of IAM solutions such that they are resilient, highly available, fault tolerant and recoverable from disaster or ransomware
Collaborate with architecture teams, IT teams and operations teams on design, tool selection and operations for enterprise projects
Responsible for identifying, designing, and implementing IAM requirements for on-premises, SaaS, IaaS and PaaS solutions
Responsible for designing solutions adhering to zero trust principles to prevent unauthorized access to the on-premises and cloud systems
Leads design and management of identity federation, Single Sign On and Multi-Factor Authentication, including external users
Leads design and implementation of solutions and systems for Automated Identity Lifecycle Management, Identity and Access Governance and Automated Provisioning
Leads design and rollout of tools and processes to manage privileged access for humans and non-humans meeting security standards
Research and recommend new IAM solutions, execute POC’s and feasibility studies to validate next-gen product concepts and technologies leveraging results to guide business and technology decisions
Leads complex IAM architecture requirements analysis to convert platform, security, and business requirements into technical solutions
Apply extensive technical expertise in decision making and in the resolution of problems which are highly complex and technical in nature
Provide technical direction to less experienced members of the team
A technical subject matter expert that recommends and advises the Operations team in the resolution of outages or high priority incidents
Analyze log events and performance of IAM solutions and correct deficiencies, including recommendations to the Operations teams on alerting and monitoring
Identify security gaps in the identity platforms and create remediation plans
Act as Subject Matter Expert in the discovery and investigation of critical security vulnerabilities or incidents
Create and maintain functional / technical design specifications and solutions to satisfy project requirements
Create simple, repetitive deployment processes that increase both velocity and quality
Mentor less experienced members of the IAM team
Serve as IAM SME for the extended Infrastructure team and help develop internal knowledge
Qualification
Required
Bachelor's Degree in Computer Science or a related discipline desired, or relevant IAM Engineering work experience
Industry Cybersecurity or IAM certifications such as CISSP, ISC2+, GSEC, GISF, GCIA and GISP or equivalent
Relevant product certifications such as CyberArk, SailPoint, Microsoft, AWS Certified Cloud Practitioner
10+ years' professional experience working in large scale identity environments (10,000 users minimum)
10+ years' experience as an IAM Engineer/Architect in a large complex on-premises/cloud hybrid identity environment
10+ years' experience with directory services, authentication/authorization, privileged access management, identity lifecycle management and/or cloud identity services: Active Directory, Azure AD/SSO/MFA, Azure Identity Framework, AWS cloud native, CyberArk, SailPoint IIQ, Oracle OUD, LDAP, Centrify, SiteMinder, ControlMinder/UNAB or equivalent
10+ years' experience with Azure AD leveraging Graph API, Identity Experience Framework, CSS, REST, HTML
10+ year's experience with scripting and automation tools such as Powershell, bash, Ansible or equivalent
4+ years' experience with cloud providers AWS, GCP or Azure
2+ years' experience with source code management software for branching, merging and merge conflicts
Hands-on experience in designing Azure Conditional Access policies, Azure SSO, Azure MFA and Identity federation using AD Connect and/or ADFS
Experience supporting AWS identity federation and AWS governance
Experience securing applications with cloud access security broker (CASB)
Experience managing an Azure B2C tenant for external users, including design and creation of Azure B2C policies, Azure forms and workflows using the Azure Identity Framework
Experience designing Active Directory Group Policies, fine-grain password policies, AD Sites, Time Service (NTP), DNS and AD replication topology, with Active Directory 2016 functional forest level or higher
Demonstrated experience with PowerShell scripting to automate Active Directory tasks
Experience with AD delegated administration tools such as Quest ARS, RMAD, GPO Admin, Enterprise Reporter
Experience applying security standards using automated processes to prevent misuse of stale accounts, compromise of passwords or escalation of permissions, such as identifying and disabling stale accounts
Experience with SailPoint Identity IQ
Extensive understanding and experience in Java application development
Demonstrated experience with Beanshell, Linux/Unix, Windows, scripting (Bash, PowerShell, Perl), SQL, LDAP, and web services
Experience developing custom workflows for joiners, leavers and movers
Experience connecting applications to SailPoint for automated provisioning/deprovisioning and access reviews
Experience with designing and implementing Role Based Access Control using technical and business roles
Experience with the design and deployment of secure RESTful Web Services
Experience with the following web technologies (XML, SPML/SOAP, Web Services, etc.)
Experience with web application servers (Tomcat, WebSphere, WebLogic, JBOSS, etc.)
Extensive experience architecting, designing and implementing CyberArk products for a complex enterprise environment with multiple domains and platforms
Experience integrating CyberArk with various applications using out of the box and custom connectors
Experience rolling out privileged access to administrative users to maximize security and operational efficiency
Experience using CyberArk to secure remote access for vendors
Demonstrated experience with CI/CD pipelines for delivery of new software/configurations
Experience with architecting and designing for Security Constraints, Resiliency, Fault-Tolerance, and Scalability in context of hybrid network architectures
Demonstrated experience leading troubleshooting and solving issues related to identities, systems, access, accounts, authentication, authorization, entitlements, and permissions
Some proficiency with core network services like DNS, DHCP, IPAM, and NTP in a global, distributed environment
Experience with traffic and network analysis using tools such as Wireshark, Netflow, Solarwinds and TCPDump
Experience working with highly effective engineering teams through major technology transitions
Experience working in complex network environments with legacy systems
Proficient with industry security frameworks such as NIST, ISO 17799, CIS, etc
Familiar with one or more regulatory requirements and laws such as, but not limited to, PCI, Federal Financial Institutions Examination Council (FFIEC), Sarbanes-Oxley (SOX), HIPAA, GDPR and GLBA
Knowledge of zero trust principles
Knowledge of ITIL and able to follow established processes for ITSM
Knowledge of agile or Kanban principles and practices
Some familiarity of iOS and Android ecosystems to support the credentialing of mobile devices
Knowledge of Microsoft Exchange
Knowledge of relational databases (Oracle, MSSQL, MySQL, etc)
Knowledge of enterprise systems (SAP, PeopleSoft, ServiceNow)
Able to develop solutions based on secure design and/or coding practices
Ability to be flexible, decision oriented, and motivated to support management initiatives
Ability to demonstrate a consultative approach to strategic decisions with a particular emphasis on design and delivery
Strong documentation and communication skills
Strong attention to details
Problem investigation and diagnostic skills
Able to write and maintaining clear documentation about system architecture, release, and implementation plans, and develop and maintain internal documentation
Able to automate configuration and develop repeatable enterprise processes, including CI/CD
Benefits
Paid Time Off
Sick Time
Paid holidays and parental leave
401K Program
Medical, dental, vision, life, and accidental death/dismemberment insurance
Short-term and long-term disability insurance program
Flexible Spending Account and/or Health Savings Account
Company
UNFI
UNFI is North America’s Premier Food Wholesaler.
10001+ employees
H1B Sponsorship
UNFI has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (6)
2024 (2)
2023 (4)
2022 (4)
Funding
Current Stage
Public CompanyTotal Funding
$507.1M2024-04-25Post Ipo Debt· $500M
2014-07-15Post Ipo Equity· $7.1M
1996-11-01IPO
Leadership Team
Sandy Douglas
Chief Executive Officer
Giorgio Matteo Tarditi
President and CFO
Recent News
Digital Commerce 360
2025-12-17
Company data provided by crunchbase