Position Summary: Designs and operates identity and cloud security controls that protect systems and data by enforcing secure, least privilege access across enterprise and cloud environments, enabling business operations while reducing identity based security risk.
Primary Responsibilities: - Design, implement, and maintain Identity and Access Management (IAM) solutions across the organization.
- Enforce least-privilege access through role-based and conditional access controls.
- Integrate identity and access controls with enterprise applications and cloud-based services.
- Support user identity lifecycle processes, including onboarding, access changes, and offboarding.
- Conduct regular access reviews/recertification and remediate orphaned, excessive, or stale accounts.
- Administer privileged access management (PAM) capabilities including credential vaulting, rotation, and session monitoring where applicable.
- Implement just-in-time access and reduce standing privilege for administrative roles when feasible.
- Administer and harden directory services (Active Directory and Entra ID/Azure AD), including tiered admin practices and authentication protocol hardening.
- Partner with IT, Network, and business teams to ensure secure and reliable system access.
- Troubleshoot and resolve authentication and access-related issues.
- Participate in security architecture and design reviews for new systems and services.
- Maintain technical documentation, standards, and procedures related to identity security.
- Support audit, risk management, and compliance efforts.
- Continuously evaluate and improve identity security controls to reduce access-related risk.
- Investigate IAM-related security incidents (unauthorized access, credential compromise, privilege escalation) and coordinate response actions.
- Integrate identity telemetry (authentication and privilege logs) into SIEM platforms and support alert tuning with the SOC.
- Other duties as required.
Skills / Knowledge / Qualifications: - Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field/equivalent practical experience
- Experience with Knowbe4, CyberARK, Crowdstrike, Cisco Umbrella, and patch management solutions a plus.
- 3+ years of experience in a cybersecurity engineering, IAM, identity, or access-focused security role.
- Experience working in enterprise IT environments supporting identity, authentication, and access controls.
- Exposure to cloud or SaaS environments and their security considerations preferred.
Familiarity with security frameworks or compliance requirements (e.g., NIST, CMMC) is a plus.
- Availability for occasional after-hours support.
- Must pass background and reference checks consistent with company policy.
Why Join the Cleveland Brothers Team- Market Leading Benefits Package: Medical, dental, vision, life insurance, 401(k) match, short- and long-term disability, health savings account, PTO, Profit Sharing Account.
- Advancement: Take your career to the next level with a dynamic organization that wants to see you succeed! In addition to room to grow in this role, there are limitless opportunities across 29 locations whether you want to move up, or into another division of the company.
- Stability - Cleveland Brothers has been around for 75 years. Experience tremendous job security in an essential role with an organization that is around for the long haul.