Overview
The IAM Engineer is responsible for designing, implementing, and managing the organization’s identity and access management solutions. The role requires deep expertise in ISVA (Identity Services and Verification Automation) and CyberArk for privileged access management, ensuring secure, compliant, and efficient access to systems and applications across the enterprise. The engineer will collaborate with IT, Security, and Compliance teams to enforce identity governance, manage privileged accounts, and implement security best practices for access control.
Key Responsibilities
- Identity and Access Management Administration
Administer and maintain ISVA solutions for identity verification, user provisioning / deprovisioning, and access request automation.
Implement and manage CyberArk Privileged Access Management (PAM) solutions including Vault configuration, policies, safe management, and session monitoring.Ensure the secure onboarding and offboarding of users and privileged accounts.Monitor and enforce identity policies, access reviews, and compliance requirements.Privileged Access Management (CyberArk)Manage privileged accounts, credentials, and access workflows using CyberArk.
Configure and maintain CyberArk components such as Vault, CPM (Central Policy Manager), PSM (Privileged Session Manager), and PVWA (Password Vault Web Access).Implement least-privilege principles, access approval workflows, and automated credential rotation.Monitor privileged access sessions and generate audit reports for compliance and governance purposes.Identity Governance & CompliancePerform periodic access reviews and audits to ensure compliance with internal policies and external regulations (ISO 27001, SOX, GDPR).
Maintain documentation of access policies, workflows, and IAM configurations.Collaborate with internal audit and compliance teams during assessments.Integration & AutomationIntegrate IAM solutions with enterprise systems (Active Directory, LDAP, HR systems, cloud platforms, SaaS applications).
Automate provisioning / deprovisioning processes to reduce manual effort and mitigate risk.Support IAM-related automation for privileged account management, access requests, and approval workflows.Investigate and resolve IAM-related incidents, including login issues, access failures, and policy violations.Conduct root cause analysis for recurring access or security issues and implement preventative measures.Provide 24x7 support for critical IAM and PAM incidents when needed.Documentation & ReportingMaintain up-to-date IAM architecture diagrams, configuration guides, and operational SOPs.
Generate reports for user access, privileged account usage, and compliance audits.Provide recommendations for improvements in identity and access controls.Required Qualifications & Skills
Experience : 6+ years in Identity and Access Management or Security Administration.Technical Skills :Strong experience with ISVA (Identity Services and Verification Automation) for identity lifecycle management.Hands-on experience with CyberArk PAM including Vault, CPM, PSM, PVWA, and policies.Strong understanding of Active Directory, LDAP, SSO / SAML / OAuth , and identity federation protocols.Familiarity with access certification, RBAC (Role-Based Access Control), and least-privilege principles.Knowledge of identity governance and compliance frameworks (ISO, SOX, GDPR).Experience in integrating IAM / PAM solutions with cloud and on-premises systems.Preferred Qualifications :Certifications : CyberArk Trustee, Defender, or Sentry ; Certified Identity and Access Manager (CIAM) .Experience with other IAM tools like SailPoint, Okta, Ping Identity , or Azure AD .Knowledge of scripting for automation (PowerShell, Python, etc.).Seniority level
Mid-Senior levelEmployment type
Full-timeJob function
Engineering and Information TechnologyIndustries : Software Development#J-18808-Ljbffr
