Security Engineer – Identity & Privileged Access Management (IAM & PAM)

About The Position

Requirements

• 5+ years of experience in information security or identity engineering, with deep focus on IAM and/or PAM programs
• Hands-on experience designing, implementing, and operating enterprise IAM and PAM platforms (e.g., Azure AD / Entra ID, Okta, Ping, CyberArk, BeyondTrust, Delinea, HashiCorp Vault, or comparable solutions)
• Proven experience building and maintaining RBAC models, automating joiner-mover-leaver workflows, and leading entitlement cleanup initiatives
• Strong working knowledge of modern authentication and authorization protocols (SAML, OAuth, OIDC, LDAP, Kerberos)
• Experience integrating identity systems across cloud platforms, SaaS applications, on-prem infrastructure, and CI/CD pipelines
• Demonstrated experience reducing access-related audit findings and closing identity control gaps
• Working knowledge of common security and compliance frameworks (e.g., ISO 27001 Annex A, NIST SP 800-53, CIS Controls), with emphasis on access control and identity safeguards
• Ability to translate security and compliance requirements into practical, scalable identity controls that support business operations
• Effective partner to IT, Security, HR, and business teams to align identity controls with real-world workflows
• Comfortable communicating access risk, least-privilege principles, and control decisions to both technical and non-technical stakeholders
• Organized and process-oriented, with the judgment to balance security rigor, operational efficiency, and user experience

Nice To Haves

• Exposure to regulated environments such as SOX, PCI-DSS, HIPAA, or similar compliance frameworks
• Experience working with identity governance (IGA) platforms, access reviews, or access analytics
• Relevant security or identity certifications (e.g., CISSP, CISM, GIAC, or IAM/PAM vendor certifications) are beneficial but not required

Responsibilities

• Design, implement, and maintain IAM and PAM platforms supporting workforce, privileged, and service identities
• Enforce least-privilege access models, role-based access control (RBAC), and attribute-based access control (ABAC) where appropriate
• Implement strong authentication controls, including MFA, conditional access, and phishing-resistant authentication
• Manage privileged identities for administrative, infrastructure, cloud, and application accounts
• Eliminate shared, standing, and unmanaged privileged accounts through vaulting, just-in-time (JIT) access, and session recording
• Ensure privileged access is time-bound, approved, logged, and auditable
• Lead initiatives to identify and remediate over-provisioned access, orphaned accounts, and excessive entitlements
• Design and operate access review and certification processes in collaboration with GRC and business owners
• Integrate IAM with HR systems and ITSM to automate joiner, mover, and leaver workflows
• Partner with Risk and GRC teams to align IAM/PAM controls to ISO 27001, NIST, CIS Controls, and regulatory requirements
• Perform periodic access risk assessments and provide remediation recommendations
• Develop metrics that demonstrate risk reduction, such as decreased standing privileged access, faster de-provisioning, and reduced audit findings
• Support security incident investigations related to identity misuse, credential compromise, or privilege escalation
• Ensure IAM and PAM logs integrate with SIEM and monitoring platforms for visibility and alerting