Job Description

We are Lennar 

Lennar is one of the nation's leading homebuilders, dedicated to making an impact and creating an extraordinary experience for their Homeowners, Communities, and Associates by building quality homes and providing exceptional customer service, giving back to the communities in which we work and live in, and fostering a culture of opportunity and growth for our Associates throughout their career. Lennar has been recognized as a Fortune 500® company and consistently ranked among the top homebuilders in the United States.

Join a Company that Empowers you to Build your Future

The Systems Engineer II - Security is a mid-level position responsible for enhancing and maintaining the security of the organization’s information technology infrastructure.  The Systems Engineer II – Security role is responsible for designing, implementing, and operating enterprise identity and access controls across IAM, IGA, and PAM platforms to ensure the right users and workloads have the right access at the right time. This role reduces identity-related risk by enforcing least privilege, strengthening authentication, and governing privileged access in alignment with security and regulatory requirements.

• A career with purpose.

• A career built on making dreams come true.

• A career built on building zero defect homes, cost management, and adherence to schedules.

Your Responsibilities on the Team 

Systems Security:

• Support enterprise IAM solutions that collectively deliver single sign-on (SSO), multifactor authentication (MFA), identity governance and administration, and privileged access management for all types of identities, including on-premises, hybrid, cloud-only, non-human (service accounts), and application-based credentials (API keys, tokens).

• Engineer and operate IGA capabilities, including joiner‑mover‑leaver workflows, access request and approval, automated provisioning/de‑provisioning, and role‑based access control (RBAC/ABAC)

• Implement and manage PAM platforms for privileged account onboarding, credential vaulting, password rotation, session monitoring/recording, and just‑in‑time (JIT) elevation.

• Design and implement identity and access controls for AI agents and non-human identities (service accounts, bots, APIs, workloads), including lifecycle management, secrets management, least-privilege roles, and monitoring of machine-to-machine access in alignment with Zero Trust principles.

• Monitor identity and privileged access activities, analyze logs and alerts, and support incident response and forensic investigations related to compromised identities or misuse of privilege.

• Support audit, compliance, and certification efforts by providing evidence, improving control design, and remediating findings related to IAM, IGA, and PAM.

• Troubleshoot complex IAM/IGA/PAM issues, perform root cause analysis, and drive continuous improvement and modernization of identity platforms.

• Collaborate with security architecture, infrastructure, application, and DevOps teams to embed identity security and Zero Trust principles in new solutions and strategic programs.

• Document architectures, standards, runbooks, and knowledge articles, and provide guidance and training to operations and application teams on identity security best practices

• Participate in Proof of Concepts and product evaluations of new and emerging Identity security services and technologies.

• May provide mentorship and support to various junior security engineers and security operations team members.

Requirements

• Education: Bachelor’s degree required in Computer Science, Cybersecurity, Engineering, or related field.

• Experience:

• 4-5 years of hands-on cybersecurity engineering experience with exposure to IAM.

• 4+ years of relevant work experience in security engineering, with a focus on concepts and technologies in Identity & Access Management (IAM) like SailPoint, Delinea, CyberArk, Entra ID, Ping Identities

• 2+ years of relevant work experience with Identity and Access Management solutions, including the implementation and configuration of solutions for Single Sign-On (SSO), Multifactor Authentication (MFA), and various identity integration protocols (SAML, OIDC).

• Experience building and maintaining SailPoint connectors, aggregation and provisioning jobs, roles/entitlements, and workflows for HR-driven JML processes.

• Experience administering Microsoft Entra ID, including users, groups, roles, app registrations, and enterprise applications.

• Working knowledge of solutions for Identity Governance and Administration, Privileged Access Management, and access control models such as RBAC, ABAC, PBAC, and FGAC

• Certifications: Any Certified Information Systems Security Professional (CISSP), CompTIA Security+, Certified Identity and Access Manager (CIAM), or similar advanced cloud security certifications preferred.

Additional Skills, Knowledge, and Experience:

• Working knowledge of cloud-based Identity Providers, access controls, and hybrid federated IAM architectures.

• Experience in designing, configuring, and administering SailPoint Identity Security Cloud for identity lifecycle, access request, certifications, and policy/SoD controls.

• Strong knowledge and experience with Microsoft Active Directory (AD) Domain Services, management of AD users and security groups, and security best practices for configuring AD infrastructure, policies, group policy objects.

• Experience with implementing access control mechanisms, such as authentication policies, identity lifecycle management (provisioning, deprovisioning), and methods for authorization management.

• Strong skills in developing visual design documentation (Visio, Lucid), oral presentation skills, problem solving / critical thinking, and decision-making skills.

• Strong verbal and written communication skills.

• Ability to facilitate productive meetings and work comfortably in a team-oriented environment.

Personal Attributes:

• Team Player: Ability to work collaboratively with senior engineers, IT teams, and other stakeholders to achieve shared goals.

• Communication: Effective written and verbal communication skills, with the ability to explain technical concepts to non-technical audiences.  Ability to leverage communication skills to ensure a strong commitment to customer service.

• Detail-Oriented: Attention to detail and consideration of the non-technical components necessary for successfully executing projects and initiatives.

• Adaptability: Ability to balance multiple competing prioities in a fast-paced environment.

• Minimal Supervision: Comfortable with executing workstreams independently with a positive and self-motivated drive. Exercise sound judgement in complex situations.

Additional Requirements:

• Continuous Learning: Commitment to staying current with industry trends and pursuing relevant certifications and training.

• Travel: Willingness to travel occasionally

This role is ideal for a motivated systems security engineer looking to use and build upon their existing technical skillsets. This role will deliver significant and essential security services necessary to protect the business operations of a large-scale enterprise. If you are passionate about cybersecurity and eager to grow in a fast-paced, collaborative environment, we encourage you to apply.

Life at Lennar

At Lennar, we are committed to fostering a supportive and enriching environment for our Associates, offering a comprehensive array of benefits designed to enhance their well-being and professional growth. Our Associates have access to robust health insurance plans, including Medical, Dental, and Vision coverage, ensuring their health needs are well taken care of. Our 401(k) Retirement Plan, complete with a $1 for $1 Company Match up to 5%, helps secure their financial future, while Paid Parental Leave and an Associate Assistance Plan provide essential support during life's critical moments. To further support our Associates, we provide an Education Assistance Program and up to $30,000 in Adoption Assistance, underscoring our commitment to their diverse needs and aspirations. From the moment of hire, they can enjoy up to three weeks of vacation annually, alongside generous Holiday, Sick Leave, and Personal Day policies. Additionally, we offer a New Hire Referral Bonus Program, significant Home Purchase Discounts, and unique opportunities such as the Everyone’s Included Day. At Lennar, we believe in investing in our Associates, empowering them to thrive both personally and professionally. Lennar Associates will have access to these benefits as outlined by Lennar’s policies and applicable plan terms. Visit Lennartotalrewards.com to view our suite of benefits.

Join the fun and follow us on social media to see what's happening at our company, and don't forget to connect with us on Lennar: Overview | LinkedInhttps://www.linkedin.com/company/lennar/> for the latest job opportunities.

Lennar is an equal opportunity employer and complies with all applicable federal, state, and local fair employment practices laws.