IAM Authentication Engineer at Fidelity National Financial

, , United States -

Full Time

Start Date

Immediate

Expiry Date

20 May, 26

Salary

150000.0

Posted On

19 Feb, 26

Experience

2 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Azure/Entra ID, CyberArk, PAM, EPV, Authentication, SSO, Credential Vaulting, Account Hygiene, PowerShell, SQL, SAML, OAuth, OIDC, TLS/SSL Certificates, REST APIs, Terraform

Industry

Financial Services

Description

Overview POSITION OVERVIEW Fidelity National Financial (FNF) is seeking an IAM Authentication Engineer to join its Information Security Office (ISO). This position reports to the Manager of Identity and Access Management Engineering and will be responsible for leveraging leading IAM and Privileged Access Management tools, technologies, and processes. This role will support authentication and privileged access platforms across the enterprise, with a strong focus on Azure/Entra ID and CyberArk (self-hosted PAM/EPV). The Engineer will work collaboratively across the organization and its subsidiaries to integrate IAM and PAM solutions that enhance security posture while improving the end-user experience. This individual will partner closely with Information Technology teams to drive integrations, support privileged access workflows, and streamline secure access processes. LOCATION This position can sit 100% remote. If located near Jacksonville, FL – some onsite may be required. DUTIES & RESPONSIBILITIES Azure / Entra ID Authentication Perform all administration duties for the MS Azure/Entra ID authentication toolset. Assist application developers with integrating applications into Azure for authentication and SSO. Develop and maintain detailed technical, process, and security documentation related to authentication integrations. Engineer solutions to ensure Azure performs according to defined business processes, security policies, and compliance requirements. Serve as the Azure / Entra ID authentication SME to troubleshoot and support production issues. CyberArk PAM (Self-Hosted / EPV) Perform day-to-day support and administration of CyberArk self-hosted Privileged Access Management (PAM)/Enterprise Password Vault (EPV). Create and manage new safes, onboard privileged accounts, and maintain account lifecycle within CyberArk. Support end-user access requests related to privileged accounts and vault access. Assist with periodic account reviews, hygiene efforts, and privileged access governance. Support infrastructure-related tasks over time, including patching, configuration updates, and environment maintenance (as needed). Credential Vaulting & Account Hygiene Perform all administration duties for credential vaulting solutions. Engineer and maintain solutions to ensure vaulting systems align with defined policies and security standards. Develop and support account hygiene best practices across privileged and non-privileged accounts. Collaboration & Project Support Provide IAM representation on technical projects and enterprise initiatives as needed. Partner with IT and engineering teams to integrate applications and services with IAM and PAM platforms. Support process improvement and automation initiatives within authentication and privileged access domains. MINIMUM REQUIREMENTS Bachelor’s degree in computer science, business (with emphasis in IT), or equivalent combination of education and experience. Requires 3+ years of experience engineering and supporting Identity and Access Management (IAM) solutions. Requires 3+ years of experience integrating applications and business services with IAM platforms. Requires 2+ years of experience supporting Privileged Access Management (PAM) solutions, preferably CyberArk (self-hosted/EPV). Working knowledge of authentication and SSO tools and protocols, as well as PAM functions. Working knowledge of Windows Server environments, Active Directory, MS Azure, databases, and Unix/Linux platforms. PREFERRED EXPERIENCE Experience administering and supporting CyberArk self-hosted environments (Vault, PVWA, CPM, PSM). Experience with privileged account onboarding automation and safe design best practices. Programming/scripting languages: PowerShell, SQL. Web technologies: SSO, SAML, OAuth, OIDC, HTML, XML, TLS/SSL Certificates, HTTP (REST APIs), Web and Application Server Administration. Expertise with Terraform or comparable Infrastructure-as-Code (IaC) solutions. Strong interpersonal skills with the ability to work across multiple lines of business and levels of management. This position has the potential to earn compensation in the range of $110,000 - $150,000 annually based on location and job-related factors such as skillset and experience. Actual rate may vary within the range provided, depending on a number of factors, including skillset, experience and location. The base compensation is one component of the total rewards package offered to our employees, including optional health and welfare insurance (medical/dental/vision/life/disability); paid holidays, vacation, and sick time off; and matching 401(k) plan and matching employee stock purchase plan.

Responsibilities

The engineer will manage and administer Microsoft Azure/Entra ID authentication tools, integrating applications for SSO, and serving as the subject matter expert for troubleshooting production issues. Responsibilities also include day-to-day support and administration of self-hosted CyberArk PAM/EPV, including onboarding accounts and maintaining vault hygiene.