Job Overview
Location
Remote
Job Type
Full-time
Category
Security Engineer
Date Posted
April 2, 2026
Full Job Description
đź“‹ Description
- • As the Principal Security Engineer for Identity & Access Management at Cambium Learning Group, you will serve as the principal technical leader shaping how users securely access our educational technology platforms, ensuring a seamless yet fortified experience for employees, contingent workers, and customers while upholding critical data privacy standards like FERPA, GDPR, and COPPA.
- • You will architect and evolve the target-state identity architecture for internal workforce identity and contribute to redesigning customer-facing CIAM solutions, establishing scalable, secure foundations for authentication and access across hybrid on-premise and SaaS environments.
- • Day to day, you will design and implement modern authentication protocols including SAML, OAuth2, OIDC, and FIDO2, strengthening phishing-resistant MFA and enabling passwordless access to reduce risk and improve user experience.
- • You will collaborate with the IAM team to automate identity lifecycle processes using SCIM, enabling efficient, secure provisioning, maintenance, and deprovisioning of users at scale during onboarding and offboarding cycles.
- • You will lead the integration of privileged identity platforms with Active Directory, cloud and on-premise systems, and key third-party applications such as Salesforce and Workday, while architecting an API gateway to support secure service-to-service communication.
- • You will define and enforce RBAC and ABAC models to ensure least-privilege access and ongoing compliance with student data protection regulations, conducting regular reviews and audits to maintain alignment with evolving legal and organizational requirements.
- • You will act as a subject matter expert and mentor to engineering teams, promoting identity-first security principles, sharing best practices, and elevating the organization’s overall security posture through guidance and knowledge transfer.
- • You will partner with cross-functional teams including IT, security, compliance, and product to align IAM strategy with business goals, ensuring security controls enable innovation without compromising safety or regulatory adherence.
- • You will stay ahead of emerging threats and identity trends, evaluating new technologies and frameworks—such as Zero Trust architecture—to continuously improve resilience against credential-based attacks and insider threats.
- • Through your leadership, you will help build a culture of security awareness and technical excellence, where identity is treated as a foundational pillar of trust and safety across all Cambium Learning platforms.
🎯 Requirements
- • 7+ years of experience in IT or Security, with at least 4+ years focused specifically on Identity and Access Management (IAM) architecture and implementation.
- • Deep hands-on expertise with modern Identity Provider (IdP) and Privileged Access Management (PAM) platforms, including Okta, Ping Identity, Microsoft Entra ID/Azure AD, CyberArk, BeyondTrust, or equivalent solutions.
- • Strong proficiency in directory services (LDAP, Active Directory) and scripting languages such as PowerShell and Python for automating identity workflows and system integrations.
- • Exceptional understanding of core security protocols including TLS, SSO, federation, SAML, OAuth2, and OIDC, with proven ability to design and troubleshoot complex authentication flows.
- • Bachelor’s degree in Computer Science, Information Technology, or a related technical field, or equivalent professional experience demonstrating equivalent knowledge and skills.
🏖️ Benefits
- • Remote-first work environment with flexibility to work from anywhere, supported by a culture that values trust, results, and inclusivity regardless of location.
- • Reimbursement for home office setup to help cover costs of creating a productive and ergonomic remote workspace.
- • Commitment to professional growth through access to learning resources, mentorship opportunities, and support for pursuing relevant certifications such as CISSP, CISM, or vendor-specific credentials like Okta Certified Architect.
Skills & Technologies
Python
Fiber
Azure
SSL
Senior
Remote
Degree Required
About Cambium Learning Group, Inc.
Cambium Learning Group is an education technology company that develops and delivers digital and print curriculum, assessment, and intervention solutions for K-12 students and educators. Its portfolio includes brands such as Learning A-Z, Voyager Sopris Learning, ExploreLearning, and Kurzweil Education, which provide literacy, math, science, and professional development resources. The company supports personalized learning, data-driven instruction, and accessibility for diverse learners across classroom and remote environments.
Get more remote jobs like this
Subscribe to the weekly newsletter for similar remote roles and curated hiring updates.
Newsletter
Weekly remote jobs and featured talent.
No spam. Only curated remote roles and product updates. You can unsubscribe anytime.
