IAM Engineer II – PAM

Sheetz, Inc•Pittsburgh, PA

4d•Remote

About The Position

We are seeking an IAM Engineer II to lead the engineering, administration, and continuous improvement of enterprise Privileged Access Management (PAM) and Privileged Identity Management (PIM) capabilities. This role is responsible for designing and supporting secure privileged access solutions, credential vaulting, privileged session management, just-in-time elevation, service and non-human account governance, and administrative access controls across enterprise systems. The ideal candidate will work closely with IT and Cyber teams as well as business stakeholders to deliver secure, scalable, and compliant privileged access controls aligned to Zero Trust and least privilege principles. Candidate should possess strong experience with PAM/PIM platforms, privileged account lifecycle management, authentication and federation concepts, directory services, automation, and security operations in complex enterprise environments. Experience integrating privileged access solutions with IGA, SIEM, MFA, cloud platforms, and DevOps tooling is highly desirable. Experience with Delinea and HashiCorp is considered a plus. This role qualifies for a remote work arrangement within our 7 state footprint (PA, OH, MI, WV, VA, MD, NC). OVERVIEW Responsible for advanced design, administration, operation, and support of Identity and Access Management systems, integrations, and processes. Serve as a subject matter expert for Identity and Access Management practices while providing an escalation point and technical mentorship for junior team members. Lead technical projects, building scalable and complex automations, and integrations, between multiple systems and applications at the enterprise level. Design and implement custom IAM integrations, enhancements, and ensure adherence to governance, compliance, and business requirements. Lead engagement and collaboration with IAM teams and cross-functional stakeholders to deliver technical solutions that meet business and security requirements. Lead policy and standard refinement while managing lifecycles, access controls, and advanced configurations with area leadership.

Requirements

Minimum 5 years’ experience in Identity and Access Management or related field, with demonstrated expertise in IAM platforms and technologies, core IAM principals (least privilege, PAM, lifecycle management), directory services, authentication and authorization, RBAC, compliance initiatives, and IAM architecture, ports, and protocols required.
May utilize SailPoint, BeyondTrust, Saviynt, Delinea, ForgeRock, Ping Identity, Okta, CyberArk, Duo, Entra, Active Directory, etc
Minimum 1 year experience in a role leading IAM engineering and integration initiatives, including proven experience with Windows, Linux, and appliance network and server administration with minimal supervision and guidance required.

Nice To Haves

Experience integrating privileged access solutions with IGA, SIEM, MFA, cloud platforms, and DevOps tooling is highly desirable.
Experience with Delinea and HashiCorp is considered a plus.
IAM, cybersecurity, or similar certification is preferred.

Responsibilities

Lead the implementation of large-scale complex IAM projects, including new system rollouts, migrations, and upgrades to provide high-quality technical expertise in Identity and Access Management solutions that enhance security and operational efficiency by designing mitigations for compliance gaps and identity threats.
Act as the senior technical resource and escalation point for IAM-related issues and challenges, complex or high-priority identity issues, and mentor junior team members to develop skills and capabilities.
Drive innovation through the development of new integrations and workflows.
Collaborate with senior members and leadership to ensure IAM systems support the organization’s long-term security and IAM strategy, in measuring and monitoring essential KPIs and metrics.
Design and enhance workflows while coordinating with IAM teams, IT, and other business units to ensure seamless Identity and Access Management processes and experiences.
Lead the development, documentation, and refinement of IAM technical records such as standard operating procedures (SOPs), workflows, diagrams, end-user training materials, and job aids for identity and access tasks ensuring alignment with security, compliance, and governance standards.
Participate in IAM Implementation / Deployment / Documentation projects, providing technical input and executing assigned deliverables as required.
Ensure solutions and completion of Identity and Access Management tasks comply with organizational security policies, regulatory requirements, and audit standards.
Monitor identity systems, processes, and trends reporting potential issues or remediations to the appropriate teams.
Participate in on-call rotation, provide evening and weekend support as needed. Sheetz is open 24/7/365 and as such, our internal and external customers may require support at any time.