IAM Authentication Engineer

About The Position

Requirements

• Bachelor’s degree in computer science, business (with emphasis in IT), or equivalent combination of education and experience.
• Requires 3+ years of experience engineering and supporting Identity and Access Management (IAM) solutions.
• Requires 3+ years of experience integrating applications and business services with IAM platforms.
• Requires 2+ years of experience supporting Privileged Access Management (PAM) solutions, preferably CyberArk (self-hosted/EPV).
• Working knowledge of authentication and SSO tools and protocols, as well as PAM functions.
• Working knowledge of Windows Server environments, Active Directory, MS Azure, databases, and Unix/Linux platforms.

Nice To Haves

• Experience administering and supporting CyberArk self-hosted environments (Vault, PVWA, CPM, PSM).
• Experience with privileged account onboarding automation and safe design best practices.
• Programming/scripting languages: PowerShell, SQL.
• Web technologies: SSO, SAML, OAuth, OIDC, HTML, XML, TLS/SSL Certificates, HTTP (REST APIs), Web and Application Server Administration.
• Expertise with Terraform or comparable Infrastructure-as-Code (IaC) solutions.
• Strong interpersonal skills with the ability to work across multiple lines of business and levels of management.

Responsibilities

• Perform all administration duties for the MS Azure/Entra ID authentication toolset.
• Assist application developers with integrating applications into Azure for authentication and SSO.
• Develop and maintain detailed technical, process, and security documentation related to authentication integrations.
• Engineer solutions to ensure Azure performs according to defined business processes, security policies, and compliance requirements.
• Serve as the Azure / Entra ID authentication SME to troubleshoot and support production issues.
• Perform day-to-day support and administration of CyberArk self-hosted Privileged Access Management (PAM)/Enterprise Password Vault (EPV).
• Create and manage new safes, onboard privileged accounts, and maintain account lifecycle within CyberArk.
• Support end-user access requests related to privileged accounts and vault access.
• Assist with periodic account reviews, hygiene efforts, and privileged access governance.
• Support infrastructure-related tasks over time, including patching, configuration updates, and environment maintenance (as needed).
• Perform all administration duties for credential vaulting solutions.
• Engineer and maintain solutions to ensure vaulting systems align with defined policies and security standards.
• Develop and support account hygiene best practices across privileged and non-privileged accounts.
• Provide IAM representation on technical projects and enterprise initiatives as needed.
• Partner with IT and engineering teams to integrate applications and services with IAM and PAM platforms.
• Support process improvement and automation initiatives within authentication and privileged access domains.

Benefits

• The base compensation is one component of the total rewards package offered to our employees, including optional health and welfare insurance (medical/dental/vision/life/disability); paid holidays, vacation, and sick time off; and matching 401(k) plan and matching employee stock purchase plan.