Principal IAM Solutions Architect

• Define and evolve enterprise IAM architecture that aligns with business needs across workforce identity, customer identity (CIAM), and partner ecosystems.
• Develop scalable reference architectures, build patterns, and standards.
• Ensure architectural decisions are effectively accomplished and adopted.
• Lead and actively participate in the delivery of SSO, MFA, passwordless authentication, identity lifecycle process automation, access models, and API-based integrations.
• Merge and map identities within systems to federate under one platform instance.
• Work with SaaS providers to define requirements and translate them into implementation results.
• Partner and collaborate with cross-functional teams to ensure clean, secure, and scalable implementations.
• Act as Lead and point of contact for sophisticated identity challenges and blocking issues, to include the retirement of Legacy systems and federation of enterprise identity platforms.
• Plan and lead implementation efforts across IAM solutions covering Okta, Azure AD (Entra ID) and other supporting systems.
• Translate strategic priorities into practical execution plans with the Director of IAM.
• Mentor IAM Team Members through real-world problem-solving and building thinking.

• 10+ years of experience in IAM, security architecture or engineering
• Consistent record as an IAM architect who has successfully delivered scalable and sustainable implementations.
• Deep expertise in OAuth 2.0, OpenID Connect (OIDC), SAML, SCIM, LTI, authentication and authorization patterns, and identity lifecycle and governance models.
• Practical experience with performing work directly within IAM platforms such as Okta and Azure AD (MS Entra)
• Proven experience with executing work surrounding API integrations, distributed systems, and cloud environments (AWS, Azure, etc.).
• Practical experience working with observability tools such as Amplitude, Dynatrace or Splunk to analyze usage and error patterns to define better architecture.
• Deep expertise designing and architecting enterprise IAM applications using Java and the Spring ecosystem, including Spring Boot-based UI, REST services and Legacy SOAP integrations, with clear ownership of application structure, scalability, security and evolution. Experience using nodejs, typescript, react and JaxRs is preferred.
• Demonstrated leadership across the full SDLC, including source control and CI/CD (Git/Stash/Jenkins) and work management (JIRA), with responsibility for setting engineering standards, deployment patterns and modernization strategies for critical identity platforms.
• Proven ability to leverage the Agile Project Management methodology to complete work.
• Ability to move fluidly between architecture build, technical deep dives, and execution support.
• Preferred experience in EdTech, SaaS, or high-scale consumer environments, crafting CIAM solutions at scale, familiarity with Zero Trust Architecture and any relevant certifications (CISSP, CISM, vendor-specific IAM).

At Cengage Group, we take great pride in our commitment to providing a comprehensive and rewarding Total Rewards package designed to support and empower our employees. Click here ( to learn more about our Total Rewards Philosophy.

The full base pay range has been provided for this position. Individual base pay will vary based on work schedule, qualifications, experience, internal equity, and geographic location. Sales roles often incorporate a significant incentive compensation program beyond this base pay range.

In this position, you will be eligible to participate in the company's discretionary incentive bonus program. This position's bonus target amount, which is not guaranteed and is dependent on individual performance and overall company results among other factors, is provided below.

20% Annual: Individual Target

$117,100.00 - $152,200.00 USD

Cengage is committed to working with broad talent pools to attract and hire strong and most qualified individuals. Our job applicants are considered regardless of any classification protected by applicable federal, state, provincial or local laws.

Cengage is also committed to providing reasonable accommodations for qualified individuals with disabilities including during our job application process. If you are an applicant with a disability and require reasonable accommodation in our job application process, please contact us at (see below)