• Design, implement, and improve security controls across cloud, endpoint, and application environments • Evaluate and integrate security tools and technologies to improve coverage and effectiveness • Identify gaps in existing controls and drive remediation • Own control effectiveness and continuously improve based on real-world outcomes • Own and improve detection logic across key security systems in partnership with Security Operations • Co-own detection signal quality with Security Operations, continuously refining signal, reducing noise, and eliminating blind spots • Design and maintain security telemetry pipelines, including log ingestion, normalization, and data quality • Improve logging and visibility across systems to enable effective detection and response • Partner with engineering teams to integrate security into the software development lifecycle • Define and implement security requirements for applications, infrastructure, and CI/CD pipelines • Support secure design and architecture decisions through practical implementation • Build automation and integrations to improve the scalability and efficiency of security operations • Leverage scripting and APIs to reduce manual work and improve consistency • Develop systems that enrich, correlate, and operationalize security data • Use insights from incidents, vulnerabilities, and operational metrics to improve security systems and controls • Contribute to evolving security standards, engineering practices, and technical direction

OVERVIEW The Company U.S. Financial Technology (U.S. FinTech) is seeking an experienced Senior Identity and Access Management (IAM) Engineer to join our team of talented professionals. This is a full-time remote opportunity. U.S. FinTech built and operates the largest and most advanced mortgage securitization platform in the world, supporting the Uniform Mortgage-Backed Security (UMBS) of Fannie Mae and Freddie Mac. Supporting 70% of the mortgage-backed securities in the market, U.S. FinTech provides best-in-class single-family issuance, bond administration, disclosure, and tax services. We support a broad portfolio of products for our clients with full lifecycle management. Our market-leading, cloud-based, end-to-end platform executes transactions on an extraordinary scale which has bolstered liquidity in the secondary mortgage market, one of the largest and most important financial markets in the world. Our unique approach to securitization combines the best minds in financial services with the know-how, flexibility, and innovation of leading technologists. RESPONSIBILITIES Job Information We are looking for a Senior Identity and Access Management (IAM) Engineer to help the Identity and Access Management program at U.S. FinTech's automate and align with new technology and new business goals. The primary area of responsibility will be supporting the U.S. FinTech Identity and Access Management program, both in the cloud and at several remote locations by developing automation for executing controls and leading efforts to improve them. The individual will ensure identity and access management controls in U.S. FinTech are effective in their operation and will identify and automate control improvements that reduce risks and increase efficiency. The ideal candidate should be detail oriented, thorough in executing IAM operational processes across a multitude of systems including MS Active Directory Domain Services, Azure AD, Office 365, AWS IAM, SailPoint Identity Cloud, and other AWS resources and SaaS applications. The selected individual will have demonstrated the ability to collaborate with a variety of teams in all areas of an organization in order to achieve objectives. The individual will be responsible for accurately documenting and maintaining operational and business continuity procedures. Key Job Functions - Oversee the management of AWS IAM solutions while partnering with Cloud Enterprise Infrastructure team. - Develop and drive automation of SailPoint Identity Cloud key functions: - Certification Campaigns - SOD - Provisioning/Deprovisioning - Workflows - Access Intelligence Center (AIC) - SaaS Source Mapping - API integration of 3rd party data sources - Responsible for developing and facilitation for automation and execution of access reviews and recertification for all resources, responses to user transfer and lifecycle events. - Ensure the adherence to Information Security controls and processes for our daily control compliance as well as baseline controls for control compliance. - Gather evidence in support of auditing by internal and external audit bodies. - Responsible for maintaining and development of IAM process documentation and workflows. - Contribute to the operational discussions with the team. - Participate and assist to deliver IAM-related projects, coordinating with other departments. - Oversee the onboarding of select SaaS Offering into the IAM Security Controls Framework. - Cross Departmental Collaboration - Work with other departments to integrate IAM solutions. - Training and Development - Conduct training sessions for Level II and III analysts. QUALIFICATIONS Education - Bachelor's degree or equivalent experience in an IT related field. Minimum Experience - Minimum of 6 years’ experience in Identity and Access Lifecycle Management Operations and Controls. - Applicants must be authorized to work in the US without requiring employer sponsorship currently or in the future. U.S. FinTech does not offer H-1B sponsorship for this position. Specialized Knowledge & Skills - Experience in Cloud Identity Management with a strong understanding of AWS IAM to include policies, roles, user management, and security best practices. - Direct experience with MS PowerShell, JSON, SailPoint Identity Cloud API, Workflows and SOD is necessary. - Working experience with Privileged Access Management tools, specifically TSS (Thycotic Secret Server). - Experience leading group implementation and mentoring junior analysts through the process. - Experience using IAM tools and scripting for automation. - Candidate should have experience with MS Graph API, SCIM, and Azure Logic Apps. - Candidate should have a working knowledge of common OS and domain structures, servers, services, and their use of directory services. - Experience with DR/BCP planning for IAM services desired. - Candidate should have experience with Windows, Linux, Red Hat, etc. hosts, operating systems and applications. - Self-starter; adaptable to change; motivated to set personal and program goals and proactively track performance against goals and initiatives. - Ability to handle multiple priorities – projects, deliverables, and stakeholders. - Strong ability to influence and mentor peers and management; ability to cross-functionally form relationships to achieve objectives. - Demonstrates an ability to think critically, contribute thought to a broader vision, and share ideas. - Willingness to learn new technology, tools and create new processes to meet control objectives. - CISSP, CISA, Microsoft, AWS certifications or equivalent designation highly desired. - Hands on experience with Oracle and SQL Server is a plus. - Experience using IGA/IAM and PIM tools is a plus. - Experience with operating controls aligned with ISO 27001/2, FISMA or National Institute of Standards and Technology (NIST) 800-53 Rev5 guidelines is preferred. Pay Range $123,500 to $142,000 U.S. FinTech's pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) a candidate’s qualifications, skills, competencies, and experience, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law. U.S. FinTech offers a competitive total compensation package, which includes a performance bonus, 401k match, healthcare coverage, PTO, and a broad range of other benefits. Employment As a condition of employment with U.S. Financial Technology, any successful job applicant will be required to successfully complete a background investigation, which may also include a credit check for positions in some areas of our business. U.S. Financial Technology is an Equal Opportunity Employer. ##LI-Remote

Dayforce is a global human capital management (HCM) company headquartered in Toronto, Ontario, and Minneapolis, Minnesota, with operations across North America, Europe, Middle East, Africa (EMEA), and the Asia Pacific Japan (APJ) region. Our award-winning Cloud HCM platform offers a unified solution database and continuous calculation engine, driving efficiency, productivity and compliance for the global workforce. Our brand promise - Makes Work Life Better™ - Reflects our commitment to employees, customers, partners and communities globally. About the opportunity We are seeking a Security Engineer Prin with strong expertise in Identity and Access Management (IAM) to support and secure a FedRAMP ATO–authorized environment. The ideal candidate has hands-on experience designing, implementing, and operating Privileged Access Management (PAM) and Identity Governance & Administration (IGA) solutions while ensuring compliance with NIST 800-53 Moderate controls. This role requires deep technical skills in Delinea PAM, One Identity IGA, Microsoft Entra ID, Azure Automation and automation using PowerShell, calling API’s and modern scripting languages to support secure, scalable, and compliant cloud environments. What you'll get to do Identity & Access Management - Design, implement, and maintain Delinea PAM solutions for privileged account discovery, credential vaulting, session management, and just-in-time access. - Implement and support One Identity IGA for identity lifecycle management, access requests, approvals, certifications, and role-based access control. - Design, develop, and maintain API integrations between IAM platforms (Delinea PAM, One Identity IGA, Microsoft Entra ID) and non-identity systems, including ServiceNow, SIEM/SOAR platforms, and other enterprise applications. - Manage and secure identities in Microsoft Entra ID (Azure AD), including: - Conditional Access policies - MFA and passwordless authentication - Privileged Identity Management (PIM) - External and workforce identities Security Engineering & Automation - Develop and maintain PowerShell automation for IAM, PAM, and compliance workflows. - Create scripts and tools using Python, Bash, or other modern languages to integrate security platforms and automate controls. - Integrate IAM solutions with cloud platforms, SaaS applications, and on-prem systems. - Support secure API integrations and identity federation (SAML, OAuth 2.0, OIDC). - Automate identity lifecycle, access requests, approvals, provisioning, and deprovisioning workflows using REST APIs, webhooks, and scripted integrations. FedRAMP & Compliance - Implement and operate security controls aligned with NIST 800-53 Moderate. - Support FedRAMP ATO audits, assessments, and continuous monitoring activities. - Produce and maintain technical documentation, SOPs, and evidence artifacts. - Participate in vulnerability remediation, access reviews, and incident response related to identity security. - Ability to obtain and maintain Public Trust clearance Skills and experience we value - 5+ years engineering experience with IAM capabilities / technologies such as IGA, PAM, and IAM - Familiarity with Proofpoint email security platforms, including identity-based threat protection and user risk signals. - Experience implementing and managing FIDO2 / hardware security keys (e.g.,YubiKeys) for phishing-resistant authentication. - Expert knowledge and hands-on technical experience with MS Entra,Onprem Delinea PAM, IAM, and One Identity IGA solutions - Expert knowledge and hands-on technical experience with automation calling API’s - Expert knowledge of SSO, MFA, RBAC, MS Entra PIM - Highly proficient in automation scripting languages such as PowerShell - Superior communication skills (written and verbal) with an ability to articulate complex topics in a business understandable manner at all levels in an enterprise - Ability to prioritize workload and consistently meet deadlines in a fast-paced environment - Certifications such as CISSP, Cloud Security (CCSP, CCSK, AZ-305, AZ-500) are highly desirable - Bachelor’s degree is a plus What’s in it for you Dayforce is fueled by the diversity of our talented employees. We are an equal opportunity employer and consider and embrace ALL individuals and what makes them unique. We believe our employees should be happy and healthy, with peace of mind and a sense of fulfillment. We encourage individuals to apply based on their passions. Dayforce encourages personal and professional growth. We offer excellent time away from work programs, comprehensive wellness initiatives and recognition through competitive pay and benefits. With a commitment to community impact, including volunteer days and our charity, Dayforce Cares we provide opportunities for you to thrive both in your career and personal life. Our focus is not just on your job but on supporting you to be the best version of yourself. About the Salary Ranges Please note that the salary range mentioned in this job description should serve simply as a guide. The final compensation offered may vary based on a variety of factors, including bonuses and/or incentives, or a candidate’s experience, skills, budget and location. Our company is committed to providing a fair, equitable, and competitive package that reflects the value an individual brings to the organization. Fraudulent Recruiting Beware of fraudulent recruiting. Legitimate Dayforce contacts will use an @dayforce.com email address. We do not request money, checks, equipment orders, or sensitive personal data during the recruitment process. If you have been asked for any of the above, or believe you have been contacted by someone posing as a Dayforce employee, please refer to our fraudulent recruiting statement found here: https://www.dayforce.com/be-aware-of-recruiting-fraud Dayforce actively monitors all job applications to ensure authenticity. Submissions determined to be fraudulent or misleading will be declined from the recruitment process #LI-Remote

Dayforce is a global human capital management (HCM) company headquartered in Toronto, Ontario, and Minneapolis, Minnesota, with operations across North America, Europe, Middle East, Africa (EMEA), and the Asia Pacific Japan (APJ) region. Our award-winning Cloud HCM platform offers a unified solution database and continuous calculation engine, driving efficiency, productivity and compliance for the global workforce. Our brand promise - Makes Work Life Better™ - Reflects our commitment to employees, customers, partners and communities globally. About the opportunity We are seeking a Security Engineer Prin with strong expertise in Identity and Access Management (IAM) to support and secure a FedRAMP ATO–authorized environment. The ideal candidate has hands-on experience designing, implementing, and operating Privileged Access Management (PAM) and Identity Governance & Administration (IGA) solutions while ensuring compliance with NIST 800-53 Moderate controls. This role requires deep technical skills in Delinea PAM, One Identity IGA, Microsoft Entra ID, Azure Automation and automation using PowerShell, calling API’s and modern scripting languages to support secure, scalable, and compliant cloud environments. What you'll get to do Identity & Access Management - Design, implement, and maintain Delinea PAM solutions for privileged account discovery, credential vaulting, session management, and just-in-time access. - Implement and support One Identity IGA for identity lifecycle management, access requests, approvals, certifications, and role-based access control. - Design, develop, and maintain API integrations between IAM platforms (Delinea PAM, One Identity IGA, Microsoft Entra ID) and non-identity systems, including ServiceNow, SIEM/SOAR platforms, and other enterprise applications. - Manage and secure identities in Microsoft Entra ID (Azure AD), including: - Conditional Access policies - MFA and passwordless authentication - Privileged Identity Management (PIM) - External and workforce identities Security Engineering & Automation - Develop and maintain PowerShell automation for IAM, PAM, and compliance workflows. - Create scripts and tools using Python, Bash, or other modern languages to integrate security platforms and automate controls. - Integrate IAM solutions with cloud platforms, SaaS applications, and on-prem systems. - Support secure API integrations and identity federation (SAML, OAuth 2.0, OIDC). - Automate identity lifecycle, access requests, approvals, provisioning, and deprovisioning workflows using REST APIs, webhooks, and scripted integrations. FedRAMP & Compliance - Implement and operate security controls aligned with NIST 800-53 Moderate. - Support FedRAMP ATO audits, assessments, and continuous monitoring activities. - Produce and maintain technical documentation, SOPs, and evidence artifacts. - Participate in vulnerability remediation, access reviews, and incident response related to identity security. - Ability to obtain and maintain Public Trust clearance Skills and experience we value - 5+ years engineering experience with IAM capabilities / technologies such as IGA, PAM, and IAM - Familiarity with Proofpoint email security platforms, including identity-based threat protection and user risk signals. - Experience implementing and managing FIDO2 / hardware security keys (e.g.,YubiKeys) for phishing-resistant authentication. - Expert knowledge and hands-on technical experience with MS Entra,Onprem Delinea PAM, IAM, and One Identity IGA solutions - Expert knowledge and hands-on technical experience with automation calling API’s - Expert knowledge of SSO, MFA, RBAC, MS Entra PIM - Highly proficient in automation scripting languages such as PowerShell - Superior communication skills (written and verbal) with an ability to articulate complex topics in a business understandable manner at all levels in an enterprise - Ability to prioritize workload and consistently meet deadlines in a fast-paced environment - Certifications such as CISSP, Cloud Security (CCSP, CCSK, AZ-305, AZ-500) are highly desirable - Bachelor’s degree is a plus What’s in it for you Dayforce is fueled by the diversity of our talented employees. We are an equal opportunity employer and consider and embrace ALL individuals and what makes them unique. We believe our employees should be happy and healthy, with peace of mind and a sense of fulfillment. We encourage individuals to apply based on their passions. Dayforce encourages personal and professional growth. We offer excellent time away from work programs, comprehensive wellness initiatives and recognition through competitive pay and benefits. With a commitment to community impact, including volunteer days and our charity, Dayforce Cares we provide opportunities for you to thrive both in your career and personal life. Our focus is not just on your job but on supporting you to be the best version of yourself. About the Salary Ranges Please note that the salary range mentioned in this job description should serve simply as a guide. The final compensation offered may vary based on a variety of factors, including bonuses and/or incentives, or a candidate’s experience, skills, budget and location. Our company is committed to providing a fair, equitable, and competitive package that reflects the value an individual brings to the organization. Fraudulent Recruiting Beware of fraudulent recruiting. Legitimate Dayforce contacts will use an @dayforce.com email address. We do not request money, checks, equipment orders, or sensitive personal data during the recruitment process. If you have been asked for any of the above, or believe you have been contacted by someone posing as a Dayforce employee, please refer to our fraudulent recruiting statement found here: https://www.dayforce.com/be-aware-of-recruiting-fraud Dayforce actively monitors all job applications to ensure authenticity. Submissions determined to be fraudulent or misleading will be declined from the recruitment process #LI-Remote