Identity Cloud Engineer

About The Position

Requirements

• BS in Computer Science or Business with emphasis in IT or equivalent.
• 3+ years of experience with Azure and Microsoft Entra ID identity configuration.
• 3+ years of experience working with CyberArk technologies. Devolutions experience is a plus.
• Strong knowledge of Windows Server, Linux/Unix, Active Directory, LDAP, SQL Server, Azure AD/Entra ID.
• Proficiency with PowerShell; working knowledge of Python.
• Experience with REST APIs, certificate management, and secrets automation.
• Strong understanding of Entra ID components, including Conditional Access, MFA, PIM, Identity Protection, App Registrations, and Enterprise Applications.
• Experience defining role models, RBAC structures, and access governance patterns.

Nice To Haves

• Governance-focused mindset
• Strong analytical and documentation skills
• Ability to define and enforce standards
• Cross-functional communication skills
• Attention to detail and commitment to consistency

Responsibilities

• Develop and maintain standardized access patterns across Azure and Microsoft Entra ID, including role designs, approval workflows, RBAC models, and application integration standards.
• Define governance frameworks for group-based access, privileged elevation, application onboarding, and identity lifecycle management.
• Maintain naming conventions, tagging standards, metadata requirements, and standardized role/entitlement structures for Azure and Entra ID.
• Partner with security, compliance, cloud, and application teams to ensure consistent adoption of identity and access standards.
• Implement and maintain consistent Entra ID configurations such as Conditional Access baselines, MFA/security settings, Managed Identity patterns, and standardized SSO/provisioning templates.
• Support application and workload teams in configuring access models aligned with identity standards.
• Troubleshoot access issues, misconfigurations, and inconsistent access patterns across cloud resources.
• Support access reviews, entitlement management, and lifecycle workflows by ensuring standardized roles, groups, and access packages exist and are governed.
• Design access packages, role definitions, workflow templates, and lifecycle automation for identities, groups, service principals, and app registrations.
• Establish and enforce lifecycle standards for app registrations, service principals, permissions, ownership, and deprovisioning.
• Ensure applications integrate cleanly with IGA platforms with well‑structured entitlements that support classification, governance, and access certifications.
• Design, deploy, configure, and maintain CyberArk PAM solutions across on-premises, hybrid, and Azure cloud environments.
• Administer CyberArk components such as EPV, PVWA, PSM/PSMP, CCP, CPM, CP, PTA, Conjur, and EPM.
• Integrate CyberArk with Azure services, Azure AD, Kubernetes, CI/CD pipelines, containers, and cloud-native workloads.
• Manage privileged accounts, credentials, secrets, and machine identities across servers, databases, network devices, and cloud platforms.
• Perform ongoing platform operations including upgrades, patching, tuning, DR testing, hardening, and health monitoring.
• Troubleshoot PAM issues involving authentication, connectivity, session management, plugin behavior, and access workflows.
• Build automation (PowerShell, Python, REST API) for onboarding, provisioning, secret rotation, and lifecycle workflows.
• Develop or update custom connectors, plugins, and onboarding templates for non-standard systems.
• Support audits, risk assessments, and remediation aligned with PAM best practices and Zero Trust.
• Educate engineering, cloud, and application teams on identity and PAM best practices.
• Partner with IAM, DevOps, security operations, and cloud engineering to ensure access models and PAM integrations align with enterprise architecture.
• Maintain documentation for standards, patterns, runbooks, architecture diagrams, and operational processes.