Identity & Application Security Engineer

Identity & Application Security Engineer

DPR Construction, a global leader in highly technical and complex construction, is seeking an experienced Identity & Application Security Engineer to lead the governance, implementation, and continuous improvement of our application and identity security strategy. This role plays a critical function in securing SaaS, PaaS, and internally hosted business applications across DPR and its family of companies, ensuring alignment with Zero Trust principles, enterprise architecture, and regulatory requirements.

You will partner closely with infrastructure, compliance, and business teams to establish secure access frameworks, manage third-party identities, implement role-based access controls (RBAC), and drive the adoption of secure-by-design practices throughout the application lifecycle.

Key Responsibilities

Application Security & Governance

• Own the security lifecycle of enterprise applications—including intake, evaluation, onboarding, configuration, and decommissioning.
• Define, implement, and continuously enhance application security standards for SaaS, PaaS, on-premises, and database platforms.
• Evaluate new applications and conduct security posture assessments in collaboration with business stakeholders and infrastructure teams.
• Maintain a centralized SaaS application inventory and associated metadata.
• Improve workflows and automation for secure application intake and governance.

Identity & Access Management

• Oversee IAM policies for enterprise applications, including group permissions, role assignments, and access reviews.
• Design and enforce modern identity models using Microsoft Entra ID, moving away from legacy local identities.
• Lead the implementation of Privileged Identity Management (PIM) and Privileged Access Management (PAM) for applications requiring elevated access.
• Define and audit RBAC frameworks to uphold least privilege access and proper role segregation.
• Govern third-party identity access (e.g., consultants, vendors) with strong authentication and federated identity standards.
• Enforce enterprise-wide Multi-Factor Authentication (MFA) and SSO strategies for both internal and external users.

Collaboration & Incident Support

• Serve as a key liaison between security, IT infrastructure, compliance, and business teams to align application onboarding with security requirements.
• Collaborate with the enterprise IAM team to embed best practices and controls into application provisioning processes.
• Support investigations, incident response, and root cause analysis for access or application security events.
• Provide subject matter expertise for audits, compliance reviews, and third-party risk assessments.

Qualifications

• 5+ years of IT experience, with at least 4 years focused on enterprise identity and application security.
• Deep expertise in Microsoft Entra ID, PIM/PAM, conditional access, and SaaS integration.
• Strong working knowledge of authentication and authorization standards: SAML, OAuth2, OpenID Connect (OIDC), SCIM.
• Demonstrated experience with RBAC design, access governance, and user lifecycle management across cloud and on-prem applications.
• Understanding of Zero Trust principles, SaaS governance, and regulatory compliance in enterprise environments.
• Excellent written and verbal communication skills, with the ability to translate technical requirements into business terms.
• Experience in a regulated or complex industry (e.g., construction, healthcare, finance) is preferred.

Preferred Certifications

• Microsoft Certified: Identity and Access Administrator Associate
• Certified Information Systems Security Professional (CISSP)
• Certified Cloud Security Professional (CCSP)
• GIAC Security Essentials (GSEC) or similar

Desirable Skills

• Experience with cloud security monitoring tools, SaaS discovery platforms, or CASBs.
• Familiarity with secure application development practices (e.g., DevSecOps principles).
• Working knowledge of ITIL and/or NIST CSF frameworks.
• Experience with enterprise-grade provisioning tools (e.g., SailPoint, Saviynt, or similar).

Work Conditions

• Prolonged periods of sitting and/or standing at a computer screen.
• Must be able to sit or stand for long periods of time.
• Must be able to lift 15 pounds at times.
• Occasional domestic travel, via airplane, will be required for meetings.

This is a hybrid role with most time being spent working from home. Attendance at important meetings and events at the local DPR office is required.

DPR Construction is a forward-thinking, self-performing general contractor specializing in technically complex and sustainable projects for the advanced technology, life sciences, healthcare, higher education and commercial markets. Founded in 1990, DPR is a great story of entrepreneurial success as a private, employee-owned company that has grown into a multi-billion-dollar family of companies with offices around the world.

Working at DPR, you'll have the chance to try new things, explore unique paths and shape your future. Here, we build opportunity together—by harnessing our talents, enabling curiosity and pursuing our collective ambition to make the best ideas happen. We are proud to be recognized as a great place to work by our talented teammates and leading news organizations like U.S. News and World Report, Forbes, Fast Company and Newsweek.