Identity Security Engineer jobs in United States
cer-icon
Apply on Employer Site
company-logo

Constellation Brands · 9 hours ago

Identity Security Engineer

positionRochester, NY
timeFull-time
remoteHybrid
senioritySenior Level, Lead/Staff
money$96K/yr - $206K/yr
date8+ years exp

Constellation Brands is a leading producer and marketer of beer, wine, and spirits brands. The Identity Security Engineer is responsible for designing, implementing, and operating Identity Security and IAM capabilities to enhance security outcomes and ensure the reliability of identity platforms across the organization.

Food and BeverageFood ProcessingManufacturingWine And Spirits
check
Comp. & Benefits
check
H1B Sponsor Likelynote

Responsibilities

Serve as a hands-on subject matter expert for Identity Security and IAM, with deep technical ownership of core identity platforms, protocols, and control implementations
Provide engineering-driven input into IAM technical strategy, roadmaps, and milestones, and translate complex identity concepts into executive-ready technical summaries
Lead IAM engineering efforts including architecture design, tool and vendor evaluations, system integrations, deployments, upgrades, and performance tuning, while providing technical mentorship to peer engineers
Design and implement identity security controls and processes aligned to security architecture standards and engineering best practices, leveraging frameworks such as ISO/IEC, NIST, and MITRE ATT&CK for identity threat coverage
Own day-to-day IAM platform operations, including policy and rule configuration, role and entitlement modeling, access lifecycle automation, and continuous optimization across the identity stack
Conduct secure design and architecture reviews with a focus on identity threat modeling, privilege boundaries, authentication flows, and attack surface reduction
Develop and automate identity security metrics, logging, and telemetry to measure control effectiveness, detection coverage, and incident response performance, using historical data to drive technical improvements
Integrate IAM platforms with SecOps workflows, SOAR tooling, and OT and ICS environments, supporting solution selection, production deployment, and development of detailed technical runbooks
Participate in on-call rotations and incident response to support 24/7/365 identity platform availability and security operations

Qualification

Identity SecurityIAM capabilitiesCISSP certificationMulti-factor authenticationIdentity FederationSAMLOIDCOAuthPrivileged Access ManagementActive Directory integrationIdentity GovernanceAutomating IAM workflowsBehavioral analyticsIncident responseOrganizedCommunication skillsDetail-oriented

Required

Bachelors in one of the following disciplines: Cybersecurity, Information Assurance, Computer Engineering, Electrical Engineering, Systems Engineering, Management Information Systems, or similar technical field and minimum of 8+ years related experience with a CISSP or equivalent
Strong understanding of identity security architecture and engineering concepts at the enterprise level
Demonstrated past contributor and 'plugged-in' to the threat intelligence community and various industry sources
Understand what it means to 'think like a hacker' and take the attacker viewpoint
Hands-on experience improving the overall IAM user experience
Authentication space knowledge: Multi-factor authentication (MFA), Identity Federation & Single Sign-On (SSO), Implementing SAML, OIDC, and OAuth, Security knowledge of various technology & protocols - FIDO, PKI, Mobile MFA, OTP, FIDO key, Biometric authentication, behavior & risk-based authentication, Implementation experience with web, device (laptop, etc.), infrastructure, and API authentication use cases
Access Management space knowledge: Privileged Access Management for admin and privileged accounts, Access control solution for Linux, Windows servers, Kubernetes/docker, databases, Clouds, and other PAM use cases, Integration with cloud systems including AWS, Azure, GCP, etc., Active Directory integration experience
Identity Governance space knowledge: Experience with onboarding applications into an IGA solution such as SailPoint ISC, Saviynt, etc., Experience with creating and managing user access review campaigns, Experience with automating IAM critical workflows, Familiarity with financial audit, Sarbanes-Oxley (SOX), and regulatory compliance processes, Collaborate with internal and external auditors as required
Experience with implementing JIT or Zero Standing Privilege access models
Experience implementing real-time behavioral analytics to detect anomalies such as 'impossible travel,' credential misuse, or lateral movement, and automate responses like session termination or account isolation
Experience with creating a centralized inventory and lifecycle management process for autonomous AI agents, service accounts, and IoT devices to prevent 'identity dark matter' (unmanaged accounts)
Experience implementing automated lifecycle management for machine identities, service accounts, and IoT devices, ensuring they are not 'orphaned' or over-privileged
Hands-on experience performing incident response duties
Ability to communicate effectively with various levels of technical expertise or non-expertise (written, verbal, presentation skills)
Organized and detail-oriented, able to work well under deadlines in a changing environment and complete multiple projects effectively and concurrently

Preferred

Security operations and threat intelligence experience
Strong communicator who can partner internationally with senior security and enterprise team members
Self-starter who takes initiative with strong conviction

Benefits

Paid time off
Medical/dental/vision insurance
401(k)

Company

Constellation Brands

twittertwittertwitter
Glassdoor4.3
company-logo
Constellation Brands is a producer and marketer of beer, premium wine, and spirits brands.
dateFounded in 1945
location
Victor, New York, USA
people-size5001-10000 employees
web-link
http://cbrands.com

H1B Sponsorship

Constellation Brands has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (5)
2024 (6)
2023 (6)
2022 (7)
2021 (9)
2020 (14)

Funding

Current Stage
Public Company
Total Funding
$1.4B
2025-10-15Post Ipo Debt· $500M
2025-04-29Post Ipo Debt· $500M
2024-01-09Post Ipo Debt· $400M

Leadership Team

leader-logo
Anushil Kumar
Head of Product and Solutions - Technology
linkedin
leader-logo
Bill Podborny
Chief Information Security Officer
linkedin

Recent News

Just-Drinks
Constellation jobs to go after Gallo contract ends
2026-01-22
Investing.com
US stock futures dip; defense firms climb up Trump budget plans
2026-01-09
Investing.com
Alphabet, Nvidia and Lockheed Martin rise premarket; Alcoa falls
2026-01-09
Company data provided by crunchbase