Lead IAM Security Engineer- CyberArk PAM
Role details
Job location
Tech stack
Job description
This position is not intended for candidates whose primary experience consists of day-to-day IAM administration, ticket resolution, or operational support. Routine Tier 1 and Tier 2 administration is handled by an external support partner. The successful candidate will focus on engineering, innovation, and long-term program development.
What We're Looking For
We are seeking professionals who:
- Challenge the status quo and identify opportunities for improvement.
- Drive IAM program maturity through engineering and modernization.
- Develop strategic roadmaps and execute long-term initiatives.
- Automate manual processes to improve efficiency and reduce risk.
- Design scalable IAM solutions rather than perform routine operational work.
- Partner effectively with third-party service providers while maintaining ownership of strategic initiatives.
- Bring a strong engineering and problem-solving mindset.
Primary Focus Areas
Successful candidates should expect to spend 90%+ of their time on:
- IAM program maturity
- Identity engineering
- Roadmap development and execution
- Enterprise integration planning
- Process improvement initiatives
- Partner governance
- Automation and orchestration
- Audit readiness and compliance improvements
Less than 10% of the role involves:
- Routine operational support
- Manual access certifications
- Administrative IAM tasks
Example Initiatives
Examples of the type of work expected include:
- Expanding enterprise application integrations into the IAM platform.
- Building and executing strategic IAM roadmaps.
- Identifying and securing non-human identities and service accounts.
- Developing PKI and certificate management strategies.
- Automating audit evidence collection and compliance reporting.
- Designing scalable identity governance processes.
Requirements
- Approximately 5+ years of Identity & Access Management experience (exceptional candidates with fewer years but significant accomplishments will be considered).
- Demonstrated success improving, modernizing, or implementing enterprise IAM programs.
- Experience developing strategic IAM solutions rather than performing primarily operational support.
- Strong engineering, analytical, and problem-solving skills.
- Ability to work independently while partnering across technical and business teams.
Preferred Technical Experience
Experience with one or more of the following technologies is highly desirable:
- CyberArk Privileged Access Management (PAM)
- Palo Alto PAM solutions
- Identity Governance & Administration (IGA) platforms
- Microsoft Identity solutions
- Single Sign-On (SSO)
- Access Management
- Authentication and Identity Federation technologies
Preferred Certifications
The following certifications are considered a plus:
- CyberArk certifications
- Identity Governance (IGA) certifications
- Microsoft Identity certifications