CommunityJobsAdviceEventsReviewsFor EmployersFor ClientsCoach Connect
CommunityJobsAdviceEvents
JOB SEARCH

Identity Security Engineer

Constellation Brands

3.4

(10)

Multiple Locations (Remote)

Why you should apply for a job to Constellation Brands:

  • FlexAbility program. Employees can choose to work from home or hybrid for many of our roles.
  • Parental Leave program. We offer 8 weeks fully paid parental leave plus 8 weeks fully paid maternity disability for new mothers
  • Fertility/Infertility coverage within our medical coverage

    • #R-38813

    Position summary

    he Identity Security Engineer is a hands-on security engineer responsible for designing, implementing, and operating Identity Security and IAM capabilities at Constellation Brands in support of a converged security model. The role requires deep technical knowledge of the identity security tool landscape and a proven ability to automate and optimize identity platforms, integrations, and controls to improve reliability, scalability, and measurable security outcomes. As a senior technical contributor, this engineer works closely with security architecture and engineering, security operations, OT and ICS teams, GRC, infrastructure, and network engineering to deliver secure, resilient identity solutions across enterprise and operational environments.

    Responsibilities:

    • Serve as a hands-on subject matter expert for Identity Security and IAM, with deep technical ownership of core identity platforms, protocols, and control implementations.

    • Provide engineering-driven input into IAM technical strategy, roadmaps, and milestones, and translate complex identity concepts into executive-ready technical summaries.

    • Lead IAM engineering efforts including architecture design, tool and vendor evaluations, system integrations, deployments, upgrades, and performance tuning, while providing technical mentorship to peer engineers.

    • Design and implement identity security controls and processes aligned to security architecture standards and engineering best practices, leveraging frameworks such as ISO/IEC, NIST, and MITRE ATT&CK for identity threat coverage.

    • Own day-to-day IAM platform operations, including policy and rule configuration, role and entitlement modeling, access lifecycle automation, and continuous optimization across the identity stack.

    • Conduct secure design and architecture reviews with a focus on identity threat modeling, privilege boundaries, authentication flows, and attack surface reduction.

    • Develop and automate identity security metrics, logging, and telemetry to measure control effectiveness, detection coverage, and incident response performance, using historical data to drive technical improvements.

    • Integrate IAM platforms with SecOps workflows, SOAR tooling, and OT and ICS environments, supporting solution selection, production deployment, and development of detailed technical runbooks.

    • Participate in on-call rotations and incident response to support 24/7/365 identity platform availability and security operations.

    Minimum qualifications:

    • Bachelors in one of the following disciplines: Cybersecurity, Information Assurance, Computer Engineering, Electrical Engineering, Systems Engineering, Management Information Systems, or similar technical field and minimum of 8+ years related experience with a CISSP or equivalent.

    • Strong understanding of identity security architecture and engineering concepts at the enterprise level.

    • Demonstrated past contributor and "plugged-in" to the threat intelligence community and various industry sources.

    • Understand what it means to "think like a hacker" and take the attacker viewpoint.

    • Hands-on experience improving the overall IAM user experience.

    • Authentication space knowledge:

      • Multi-factor authentication (MFA).
      • Identity Federation & Single Sign-On (SSO).
      • Implementing SAML, OIDC, and OAuth.
      • Security knowledge of various technology & protocols - FIDO, PKI, Mobile MFA, OTP, FIDO key, Biometric authentication, behavior & risk-based authentication.
      • Implementation experience with web, device (laptop, etc.), infrastructure, and API authentication use cases.

    • Access Management space knowledge:

      • Privileged Access Management for admin and privileged accounts.
      • Access control solution for Linux, Windows servers, Kubernetes/docker, databases, Clouds, and other PAM use cases.
      • Integration with cloud systems including AWS, Azure, GCP, etc.
      • Active Directory integration experience.

    • Identity Governance space knowledge:

      • Experience with onboarding applications into an IGA solution such as SailPoint ISC, Saviynt, etc.
      • Experience with creating and managing user access review campaigns.
      • Experience with automating IAM critical workflows.
      • Familiarity with financial audit, Sarbanes-Oxley (SOX), and regulatory compliance processes.
      • Collaborate with internal and external auditors as required.

    • Experience with implementing JIT or Zero Standing Privilege access models

    • Experience implementing real-time behavioral analytics to detect anomalies such as "impossible travel," credential misuse, or lateral movement, and automate responses like session termination or account isolation

    • Experience with creating a centralized inventory and lifecycle management process for autonomous AI agents, service accounts, and IoT devices to prevent "identity dark matter" (unmanaged accounts)

    • Experience implementing automated lifecycle management for machine identities, service accounts, and IoT devices, ensuring they are not "orphaned" or over-privileged.

    • Hands-on experience performing incident response duties.

    • Ability to communicate effectively with various levels of technical expertise or non-expertise (written, verbal, presentation skills).

    • Organized and detail-oriented, able to work well under deadlines in a changing environment and complete multiple projects effectively and concurrently.

    Preferred qualifications:

    • Security operations and threat intelligence experience.

    • Strong communicator who can partner internationally with senior security and enterprise team members.

    • Self-starter who takes initiative with strong conviction.

    ADA Physical/Mental/Workplace Requirements

    • Occasional lifting up to 25 lbs.

    • Sitting, working at desk/personal computer for extended periods of time

    • Primary work environment is professional corporate office

    • Ability to travel commercially and internationally

    Location
    Rochester, New York

    Additional Locations
    Canandaigua, New York, Chicago, Illinois, San Antonio, Texas, Virtual - US

    Job Type
    Full time

    Job Area
    Information Technology

    The salary range for this role is:
    $96,500.00 - $205,500.00

    This is the lowest to highest salary we in good faith believe we would pay for this role at the time of this posting. Our compensation is based on cost of labor. For remote locations or positions open to multiple locations, the pay range may reflect several US geographic markets, including the lowest geographic market minimum to the highest geographic market maximum. We may ultimately pay more or less than the posted range, and the range may be modified in the future. An employee's pay position within the salary range will be based on several factors including, but not limited to, the prevailing minimum wage for the location, relevant education, qualifications, certifications, experience, skills, seniority, geographic location, performance, shift, travel requirements, sales or revenue-based metrics, any collective bargaining agreements, and business or organizational needs. At Constellation Brands, it is not typical for an individual to be hired at the high end of the range for their role, and compensation decisions are dependent upon the facts and circumstances of each position and candidate. We offer comprehensive package of benefits including paid time off, medical/dental/vision insurance, 401(k), and any other benefits to eligible employees.

    Note: No amount of pay is considered to be wages or compensation until such amount is earned, vested, and determinable. The amount and availability of any bonus, commission, or any other form of compensation that are allocable to a particular employee remains in the Company's sole discretion unless and until paid and may be modified at the Company's sole discretion, consistent with the law.

    Equal Opportunity

    Constellation Brands is committed to a continuing program of equal employment opportunity. All persons have equal employment opportunities with Constellation Brands, regardless of their sex, race, color, age, religion, creed, sexual orientation, national origin or citizenship, ancestry, physical or mental disability, medical condition (cancer or genetic characteristics), marital status, gender (including gender identity or gender expression), familial status, military or veteran status, genetic information, pregnancy, childbirth, breastfeeding, or related conditions (or any other group or category within the framework of the applicable discrimination laws and regulations).

    Why you should apply for a job to Constellation Brands:

  • FlexAbility program. Employees can choose to work from home or hybrid for many of our roles.
  • Parental Leave program. We offer 8 weeks fully paid parental leave plus 8 weeks fully paid maternity disability for new mothers
  • Fertility/Infertility coverage within our medical coverage