Sr. Identity Access Management (IAM) Engineer

About The Position

Requirements

• Minimum 8 years of progressive experience in Identity & Access Management or cybersecurity engineering roles.
• Hands-on experience with CyberArk, including Privilege Cloud, PSM, and CPM.
• Experience working in regulated or security sensitive environments.
• Experience providing technical oversight or leadership for managed service providers (MSP/MSSP).
• Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, (or equivalent experience/degree).
• Deep expertise in Privileged Access Management (PAM) concepts and implementations.
• Strong working knowledge of CyberArk Privilege Cloud, PSM, CPM, and credential vaulting.
• Working knowledge of SailPoint IdentityIQ/IdentityNow and Ping Identity (PingFederate, PingAccess, PingOne).
• Understanding of authentication protocols (SAML, OIDC, OAuth, LDAP).
• Familiarity with cloud and hybrid environments, specifically AWS IAM capabilities and best practices.
• Experience with scripting or automation (PowerShell, Python) is a plus.
• Familiarity with automation and scripting (Python, PowerShell, Terraform) for bulk onboarding or interacting with Cyberark infrastructure.
• Proficiency in IAM frameworks and protocols (SAML, OIDC, OAuth 2.0, MFA, etc.)
• Strong problem-solving and troubleshooting skills.
• Excellent communication skills to articulate technical concepts to technical and non-technical stakeholders.
• Ability to provide clear technical direction to internal teams and external partners.
• Strategic thinker with the ability to align cybersecurity architectures with business and regulatory goals.
• Detail oriented with a strong focus on security, reliability, and operational excellence.

Nice To Haves

• Hands on experience supporting or integrating SailPoint and Ping Identity platforms preferred.
• Experience with AWS IAM capabilities and best practices preferred.
• Experience in financial services, with an understanding of financial threats (e.g., fraud, data breaches) and regulations (e.g., PCI DSS, Korean SOX, GDPR) preferred.
• CyberArk certifications (e.g., Defender, Sentry) preferred.
• IAM or security certifications such as CISSP, CISM, or equivalent preferred.

Responsibilities

• Privileged Access Management - CyberArk · Serve as the primary technical owner for CyberArk Privilege Cloud. · Design, configure, and manage CyberArk PSM and CPM components, including connectors, platform onboarding, and vault integrations. · Onboard, manage, and maintain privileged accounts across on prem and cloud environments. · Implement and maintain session management, credential rotation, and least privilege controls. · Troubleshoot and resolve complex CyberArk-related incidents and performance issues. · Lead upgrades, configuration changes, and feature enablement within CyberArk Privilege Cloud.
• MSP Direction and Operational Oversight · Provide technical direction and day-to-day oversight of the MSP supporting CyberArk. · Review MSP deliverables, configurations, and operational activities for quality, security, and compliance. · Define runbooks, SOPs, and escalation procedures for PAM operations. · Act as the escalation point for complex issues.
• IAM Platform Engineering & Integration · Provide hands-on engineering support and architectural guidance for SailPoint (identity governance) and Ping Identity (SSO, MFA, federation). · Partner with infrastructure, application, and cloud teams to integrate IAM and PAM controls into enterprise platforms and business applications. · Contribute to AWS IAM platform engineering and best practices · Support lifecycle automation, access reviews, authentication flows, and entitlement management across IAM systems. · Ensure consistent application of IAM standards, patterns, and security best practices. · Create and maintain architecture diagrams, technical documentation, and operational runbooks. · Collaborate with Security Operations, Infrastructure, Cloud, and Application teams to improve identity security posture.
• Security, Risk, and Compliance Alignment · Ensure PAM and IAM solutions align with regulatory and audit requirements (e.g., SOX, PCI, SOC 2, ISO 27001). · Support audits by providing evidence, documentation, and technical explanations of IAM and PAM controls. · Identify and remediate access-related risks, including orphaned accounts, excessive privileges, and policy gaps.

Benefits

• Medical, dental, and vision plans with no-cost and low-cost options
• Annual employer HSA contribution
• 401(k) matching and immediate vesting
• Vehicle purchase and lease discounts, plus monthly vehicle allowances by job level: o Associate / Sr. Associate\: $350 o Manager / Sr. Manager\: $600 o Director\: $800 o Executive Director\: $900 o VP or Above\: $1,000
• 100% employer-paid life and disability insurance
• No-cost health and wellbeing programs, including a gym benefit
• Six weeks of paid parental leave
• Paid Volunteer Time Off, plus a company donation to a charity of your choice