Lead Security Engineer IAM

The Lead Security Engineer drives measurable improvements in IAM and cloud security with a focus on AI-enabled access governance RBAC optimization and secure AWS/Azure architecture. Within the first 6 months success is demonstrated by strengthening access controls automating IAM and DevSecOps processes and influencing teams to adopt best practices. 

Over the first year this role leads an enterprise RBAC transformation enhances multi-cloud security with integrated DevSecOps pipelines and delivers AI-driven insights from SailPoint IIQ to proactively reduce risk. 

Success in this role requires navigating complex IAM integrations improving data quality for AI insights and gaining organizational buy-in for access changeswhile consistently delivering scalable secure and efficient solutions. 

Qualifications :

Preferred: 

• Scripting DevSecOps IAM design and implementation cloud architectural skills. 

Required: 

• Bachelors degree or direct and applicable work experience. 
• 7 years of experience working in architecting of server or network controls in any of the following: DevOps DevSecOps Identity and Access Management (IAM) system virtualization Windows and Linux Security Cloud Security Network and Network Security Active Directory Java XML JSON Azure AWS MySQL Federation SSO. 
• Knowledge of compliance and regulatory program requirements such as HIPAA ISO 27000 NIST FISMA and SOC standards. 
• Experience architecting and designing security solutions at the enterprise level. Strong knowledge of high-scale cloud systems within multiple accounts and how they can be secured using agreed best practices. 
• Experience with DevSecOps and automation in highly scalable environments. 
• Strong analytical and problem-solving skills. A certain degree of creativity innovation and latitude is required (the ability to think outside the box when faced with challenges). 
• High attention to detail while completing tasks and processes. Ability to prioritize to maximize personal efficiency. 
• Ability to help design solutions for cybersecurity problems. 
• Strong compliance and regulatory-focused customer service orientation with effective verbal and written communication skills working with technical and non-technical personnel with the ability to address all levels of leadership business technical and non-technical staff. 
• Travel required up to 5% 

Additional Information :

a. Identify risk-related issues and architect solutions to avoid potential security incidents and business impact. 

b. Create architecture policies aligning with industry best practices for cybersecurity and resiliency. 

c. Design security for monitoring logging IAM encryption data protection detection. and preventive controls. 

d. Provide expertise and best practices for implementing cloud security and secured code detection and prevention. 

e. Deploy strong identity and access management (IDAM) controls across applications and computing environments. 

f. Develop and maintain secure resilient enterprise-grade cloud processes in tandem with architects and system engineers. 

g. Actively monitor assess and recommend tactical and strategic initiatives based on new and emerging threats posing risk to cloud computing environments. 

h. Align with architects to create secure workloads in AWS Microsoft Azure and Google Cloud. 

i. Advise and design with commercial and open-source security tools and controls. 

j. Communicate security posture to cybersecurity leaders stakeholders IT and developers. 

k. Design for integrated security controls workflows data protection authentication and authorization. 

l. Acts as technical architect for Windows Linux VMware Kubernetes Docker and others used to support business needs. 

m. Other duties as assigned. 

All your information will be kept confidential according to EEO guidelines.

An Equal Opportunity Employer

The policy of Wellmark Blue Cross Blue Shield is to recruit hire train and promote individuals in all job classifications without regard to race color religion sex national origin age veteran status disability sexual orientation gender identity or any other characteristic protected by law.

Applicants requiring a reasonable accommodation due to a disability at any stage of the employment application process should contact us at

Please inform us if you meet the definition of a Covered DoD official.

At this time Wellmark is not considering applicants for this position that require any type of immigration sponsorship (additional work authorization or permanent work authorization) now or in the future to work in the United States. This includes but IS NOT LIMITED TO: F1-OPT F1-CPT H-1B TN L-1 J-1 etc. For additional information around work authorization needs please refer to the following resources:Nonimmigrant Workers and Green Card for Employment-Based Immigrants 

Wellmark supports and expects the responsible use of AI for our workforce! We welcome the responsible use of these tools by job seekers as well and are interested in learning from you; you will have an opportunity in the application process to share which tools you used and how you applied them. 

Remote Work :

No

Employment Type :

Full-time