Cybersecurity IAM Engineer

Who We Are

At Upbound Group, we are committed to elevating financial opportunity for all through innovative, inclusive, and technology-driven financial solutions that address the evolving needs and aspirations of consumers. The Company’s customer-facing operating units include industry-leading brands such as Rent-A-Center, Acima and Brigit that facilitate consumer transactions across a wide range of store-based and digital retail channels, including over 2,400 company-branded retail units across the United States, Mexico, New York and Puerto Rico. Upbound Group, Inc. is headquartered in Plano, Texas.

Role Summary

The Cybersecurity Identity & Access Management Engineer is a senior technical contributor on a dedicated IAM team charged with securing and scaling Upbound Group's enterprise identity platform. In this role, the engineer applies deep Microsoft Entra ID expertise and Zero Trust principles to advance identity governance, privileged access management, and entitlement controls across both on-premises and cloud environments - partnering closely with Engineering, IT, and Compliance to align identity solutions with organizational security standards. The engineer also contributes to the design and delivery of custom IAM provisioning solutions, building automation pipelines that seamlessly connect identity infrastructure with critical business applications, cloud platforms, and HRIS systems.

Key Responsibilities

• Assist in designing, implementing, and managing Microsoft Entra ID (Azure AD) environments, including tenant architecture, Conditional Access policies, MFA, passwordless authentication (FIDO2, Windows Hello), and Identity Protection
• Participate in identity lifecycle management: automate user provisioning and deprovisioning workflows via Entra ID, SCIM-based integrations, and custom automation pipelines
• Implement and govern privileged access using Privileged Identity Management (PIM), just-in-time access controls, and least-privilege RBAC models across Azure subscriptions and resources
• Participate in access governance programs including entitlement management, access reviews, dynamic group policies, and Administrative Units
• Integrate enterprise SSO using SAML, OAuth 2.0, and OpenID Connect protocols for SaaS and on-premises applications
• Support hybrid identity environments including Azure AD Connect / Cloud Sync, LDAP integrations, and federated-to-managed domain transitions
• Monitor and respond to identity-related threats by configuring identity logging, security alerting, and continuous monitoring of sign-in and audit logs
• Assist in securing Azure Container Apps environments, including ingress controls, managed identity configuration, secrets management, network isolation, and Dapr integration security​
• Evaluate and assist with hardening IAM functions for cloud-native infrastructure across Azure, AWS and GCP ensuring compliance with Zero Trust principles and organizational security policies.
• Develop and maintain custom IAM provisioning code and internal platform services using Go (Golang) for backend services and React.js for frontend integrations with HRIS platforms
• Partner with Platform Engineering teams to maintain IAM Infrastructure as Code (IaC) using Terraform to provision, configure, and manage Azure resources, identity infrastructure, and security controls in a repeatable, auditable manner​
• Utilize and maintain CI/CD security pipelines using GitHub Actions, including automated IAM provisioning workflows to Azure Container Apps environment
• Manage IAM provisioning source code, branching strategies, and code reviews in GitHub, championing secure development best practices across the team
• Automate, code or script (Bash, PowerShell, RegEx and Python) as well as write SQL to query databases as needed
• Develop and maintain documentation including runbooks, architecture diagrams, security standards, and operational procedures
• Collaborate with peers to provide direction on IAM and cloud identity security, advising cross-functional teams (Engineering, IT, Compliance, and Business units) on identity architecture decisions​
• Contribute to security incident response related to identity compromise, credential theft, or access control failures
• Evaluate emerging IAM technologies and trends, providing recommendations to leadership on platform enhancements and modernization initiatives
• Integrate AI‑driven tools into daily engineering work to enhance decision‑making quality and accelerate innovation across deliverables

Required Qualifications

• Bachelor’s degree in computer science, Cybersecurity, Information Systems, or a related field—or equivalent professional experience
• 5+ years of progressive experience in cybersecurity, with at least 2-3 years focused on Identity & Access Management.
• Deep, hands-on expertise with Microsoft Entra ID (Azure AD), including Conditional Access, Identity Protection, PIM, RBAC, application registrations, and hybrid identity (AD Connect / Cloud Sync)
• Strong experience with Azure Container Apps or similar Azure container services (AKS, Azure Container Instances), including managed identity integration and secrets management and Cosmos DB for logic and translation rules
• Strong experience with Go (Golang) for building backend services, APIs, and automated IAM provisioning workflows
• Strong experience with React.js for building modern web-based administrative interfaces and integrations with leading HRIS platforms
• Strong experience with REST API, JSON, XML, C#
• Proficiency with Terraform for provisioning and managing cloud infrastructure as code
• Strong use of GitHub and GitHub Actions for source control management, CI/CD pipeline development, automated testing, and deployment workflows
• Solid understanding of authentication and authorization protocols: SAML 2.0, OAuth 2.0, OpenID Connect, SCIM, and FIDO2
• Working knowledge of Zero Trust architecture principles and their application to identity and network security
• Proficient in modern AI‑driven security, spanning LLMs, MCP, RAG, model architectures, and enterprise‑grade security controls
• Excellent communication skills with the ability to translate complex technical security topics for diverse stakeholders

Preferred Qualifications

• Microsoft certifications: SC-300 (Identity and Access Administrator), AZ-500 (Azure Security Engineer), SC-100 (Cybersecurity Architect)
• Industry certifications: CISSP, CCSP, CIAM (Certified Identity and Access Manager), or CompTIA Security+/CySA+
• Experience with additional IdP platforms such as Okta, Ping Identity, or SailPoint alongside Microsoft Entra
• Experience with Workday HRIS platform using RaaS data integrations
• Familiarity with SIEM/SOAR platforms (Microsoft Sentinel, Rapid 7) for identity threat detection and automated response
• Knowledge of compliance frameworks such as NIST CSF, NIST AI RMF, or PCI DSS, as they relate to identity and access controls​
• Experience with PKI infrastructure, certificate-based authentication, and credential lifecycle management​
• Prior experience in multi-tenant or multi-entity Azure environments with cross-tenant federation and B2B collaboration

Work Location

Ability to work in the Plano, Texas office, Monday through Friday.

Equal Opportunity Employer

Upbound Group is an equal opportunity employer committed to ensuring all employment decisions are made on a non-discriminatory basis in accordance with applicable federal, state, and local laws.

This job description is not intended to be all-inclusive. Coworker may perform other related duties as negotiated to meet the ongoing needs of the organization.