- Company Name
- Exegy
- Job Title
- Security Engineer – Identity & Privileged Access Management (IAM & PAM)
- Job Description
-
**Job Title**
Security Engineer – Identity & Privileged Access Management (IAM & PAM)
**Role Summary**
Design, implement, and maintain IAM and PAM solutions to enforce least‑privilege, secure access, and regulatory compliance. Bridge security, operations, HR, and business teams to automate identity lifecycle, reduce over‑provisioned access, and provide continuous improvement of identity controls.
**Expectations**
- 5 + years of experience in information security or identity engineering with deep focus on IAM/PAM.
- Hands‑on design and operation of enterprise IAM/PAM platforms (Azure AD/Entra, Okta, Ping, CyberArk, BeyondTrust, Delinea, HashiCorp Vault, etc.).
- Proven work building RBAC/ABAC models, automating joiner‑mover‑leaver workflows, and leading entitlement cleanup.
- Strong knowledge of SAML, OAuth, OIDC, LDAP, Kerberos, MFA, conditional access, and phishing‑resistant authentication.
- Experience integrating identity systems across cloud (Azure, AWS, GCP), SaaS, on‑prem, and CI/CD pipelines.
- Demonstrated ability to reduce audit findings and close identity control gaps.
- Familiarity with ISO 27001 Annex A, NIST SP 800‑53, CIS Controls, and regulated environments (SOX, PCI‑DSS, HIPAA).
- Excellent communication with technical and non‑technical stakeholders; organized, process‑oriented, and collaborative.
**Key Responsibilities**
- Design, implement, and maintain IAM/PAM platforms for workforce, privileged, and service identities.
- Enforce least‑privilege models via RBAC/ABAC, MFA, conditional access, and phishing‑resistant authentication.
- Manage privileged identities, implement vaulting, just‑in‑time access, session recording, and time‑bound approvals.
- Lead access governance: identify over‑provisioned accounts, orphaned access, and develop certification processes.
- Automate joiner‑mover‑leaver workflows by integrating IAM with HR and ITSM systems.
- Conduct periodic access risk assessments and provide remediation recommendations; develop metrics to demonstrate risk reduction.
- Support incident investigations involving identity misuse, credential compromise, or privilege escalation.
- Ensure IAM/PAM logs are integrated with SIEM and monitoring platforms for visibility and alerting.
- Collaborate with Risk, GRC, IT Operations, HR, and application owners to align controls with business objectives.
**Required Skills**
- IAM/PAM expertise (Azure AD/Entra, Okta, Ping, CyberArk, BeyondTrust, Delinea, HashiCorp Vault).
- RBAC, ABAC, dynamic provisioning, JIT, vaulting, session recording.
- Authentication/authorization protocols (SAML, OAuth, OIDC, LDAP, Kerberos).
- Integration across cloud, SaaS, on‑prem, CI/CD.
- SIEM integration, monitoring, alerting.
- Governance, compliance, audit remediation (ISO 27001, NIST, CIS).
- Strong scripting/automation (PowerShell, Python).
- Ability to communicate risk and justify controls to diverse stakeholders.
**Required Education & Certifications**
- Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent experience).
- Certifications beneficial but not mandatory: CISSP, CISM, GIAC, IAM/PAM vendor certifications (CyberArk, Okta, Azure AD).