Lead Principal Security Engineer

Hiring: Lead Security Engineer - Chicago or Dallas (Hybrid)

We're partnering with a large, highly regulated financial organization on a Lead‑level Security Engineering position that sits at the center of their identity, automation, and privileged access programs. This is a high‑impact role for someone who wants to step into a technical leadership seat while still staying hands‑on with modern security engineering, cloud identity, and privileged access tools. The team is scaling, investing heavily in automation, and modernizing how they protect high‑value systems across both on‑prem and cloud environments.

This role will give you the chance to own major security engineering initiatives-driving improvements to PAM infrastructure, designing secure authentication flows, and helping the organization move toward more automated, resilient, and intelligence‑driven security architecture. You'll work closely with engineering, cloud, IAM, and compliance teams, acting as a subject‑matter expert across privileged access management, secrets management, and core identity technologies.

What You'll Be Doing:
* Lead operational and engineering support for privileged access platforms, including break‑fix, patching, lifecycle management, and strengthening secrets governance.
* Build and optimize secure authentication and authorization workflows across technologies like AD, OAuth2.0, OIDC, certificates, IAM policies, Kerberos, LDAPS, and more.
* Drive automation across PAM and identity systems using Python, Terraform, and CI/CD tooling to improve reliability and reduce manual work.
* Implement enhancements and long‑term architecture improvements designed to stabilize, scale, and modernize how privileged access is delivered across hybrid compute environments.
* Partner with teams across security, cloud, and infrastructure to develop AI‑assisted detection, faster remediation processes, and improved visibility into privileged user activity.
* Troubleshoot complex issues across cloud, on‑prem, and hybrid authentication systems; support platform upgrades; and strengthen the overall engineering posture of the environment.

What They're Looking For:
* Hands‑on experience with PAM platforms such as CyberArk, HashiCorp Vault, or other enterprise‑grade secrets management tools.
* Strong understanding of authentication and identity systems-AD, IAM, certificates, Kerberos, token‑based auth, and modern cloud identity patterns.
* Experience with scripting or automation using Python, Go, Bash, PowerShell, or similar languages.
* Familiarity with Terraform, CI/CD pipelines, or infrastructure‑as‑code concepts.
* A background in security engineering, security operations, development, or architecture within mid‑to‑large scale environments.
* Someone who enjoys technical ownership, problem solving, and driving improvements across core security systems.

Location: Chicago or Dallas
Work Model: Hybrid - 3 days onsite
Compensation: $145K - $236K base + bonus