About the role

Systems Engineer II managing identity access controls across cloud platforms. Collaborating with teams to ensure identity security for financial services using cutting-edge technology.

Responsibilities

Engineer, implement, and support Privileged Access Management (PAM) solutions including vaulting, session control, and Just-In-Time (JIT) privileged access.
Administer and maintain secrets management platforms including credential onboarding, vault configuration, and automated password/secret rotation.
Support lifecycle management of non-human identities (service and workload accounts) including provisioning, governance, ownership validation, and deprovisioning.
Support enterprise certificate lifecycle management including issuance, renewal, revocation, and automation via approved platforms.
Participate in the design, testing, and implementation of automation workflows related to privileged identity and certificate management.
Provide operational support including system configuration, troubleshooting, incident response, and participation in 24x7 on-call rotation.
Produce reporting and analytics related to privileged access, secrets rotation posture, certificate health, and non-human identity governance.
Maintain technical documentation, policies, configuration standards, and operational runbooks to ensure secure and consistent platform management.
Collaborate with Security, Infrastructure, Cloud, DevOps, Audit, and external partners to resolve issues, support compliance requirements (e.g., PCI), and protect the integrity and confidentiality of systems and data.

Bachelor’s degree or equivalent experience.
2–5 years of experience in IAM, Security Engineering, or Infrastructure Security.
Hands-on experience with one or more: PAM platforms (Delinea, CyberArk, etc.) Secrets management tools (Vault, Secret Server) AWS IAM Enterprise PKI / certificate management.
Experience administering Active Directory service accounts.
Working knowledge of: RBAC and least privilege principles JIT access concepts Service/workload identity security Scripting experience (PowerShell, Python, or Bash).
Familiarity with REST APIs and automation tooling.
Network troubleshooting knowledge (TCP/IP, DNS, firewall rules).
Experience in regulated environments (PCI preferred).
Strong troubleshooting and documentation skills.
Ability to deliver in a fast-paced environment.
Excellent interpersonal skills and highly customer oriented.
Excellent written and verbal communication skills.

Healthcare Coverage – Competitive medical (PPO/HDHP), dental, and vision plans as well as company contributions to your Health Savings Account (HSA) or pre-tax savings through flexible spending accounts (FSA) for commuting, health & dependent care expenses.
401(k) Retirement Plan – Featuring a 100% Company Safe Harbor Match on your first 6% deferral immediately upon eligibility.
Paid Time Off – Flexible Time Off for Exempt (salaried) employees, as well as generous PTO for Non-Exempt (hourly) employees, plus 11 paid company holidays and a paid volunteer day.
12 weeks of Paid Parental Leave
Maven Family Planning – provides support through your Parenting journey including egg freezing, fertility, adoption, surrogacy, pregnancy, postpartum, early pediatrics, and returning to work.