Lead Security Architect at Synchrony focusing on Zero Trust networking across various environments. Partnering with teams to design and implement secure connectivity and policies.
EX
Hybrid Security Engineer – Identity, Privileged Access Management (IAM, PAM)
Posted 3 months ago
About the role
- Security Engineer at Exegy responsible for IAM & PAM. Collaborate with teams to ensure secure identity and access management.
Responsibilities
- Design, implement, and maintain IAM and PAM platforms supporting workforce, privileged, and service identities
- Enforce least-privilege access models, role-based access control (RBAC), and attribute-based access control (ABAC) where appropriate
- Implement strong authentication controls, including MFA, conditional access, and phishing-resistant authentication
- Manage privileged identities for administrative, infrastructure, cloud, and application accounts
- Eliminate shared, standing, and unmanaged privileged accounts through vaulting, just-in-time (JIT) access, and session recording
- Lead initiatives to identify and remediate over-provisioned access, orphaned accounts, and excessive entitlements
- Design and operate access review and certification processes in collaboration with GRC and business owners
- Integrate IAM with HR systems and ITSM to automate joiner, mover, and leaver workflows
- Partner with Risk and GRC teams to align IAM/PAM controls to ISO 27001, NIST, CIS Controls, and regulatory requirements
- Support security incident investigations related to identity misuse, credential compromise, or privilege escalation
Requirements
- 5+ years of experience in information security or identity engineering, with deep focus on IAM and/or PAM programs
- Hands-on experience designing, implementing, and operating enterprise IAM and PAM platforms (e.g., Azure AD / Entra ID, Okta, Ping, CyberArk, BeyondTrust, Delinea, HashiCorp Vault, or comparable solutions)
- Proven experience building and maintaining RBAC models, automating joiner-mover-leaver workflows, and leading entitlement cleanup initiatives
- Strong working knowledge of modern authentication and authorization protocols (SAML, OAuth, OIDC, LDAP, Kerberos)
- Experience integrating identity systems across cloud platforms, SaaS applications, on-prem infrastructure, and CI/CD pipelines
- Demonstrated experience reducing access-related audit findings and closing identity control gaps
- Working knowledge of common security and compliance frameworks (e.g., ISO 27001 Annex A, NIST SP 800-53, CIS Controls), with emphasis on access control and identity safeguards
- Ability to translate security and compliance requirements into practical, scalable identity controls that support business operations
- Comfortable communicating access risk, least-privilege principles, and control decisions to both technical and non-technical stakeholders
- Relevant security or identity certifications (e.g., CISSP, CISM, GIAC, or IAM/PAM vendor certifications) are beneficial but not required.
Benefits
- Health insurance
- Flexible work arrangements
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Enterprise Account Specialist engaging with key clients to design customized solutions within sales. Conducting market research and driving contract renewals for mid - to - large accounts.
Senior Product Go - to - Market & Partner Strategy role at Fortinet involving business development and product management in the cybersecurity sector.
Cybersecurity professional executing the cybersecurity program at Nightwing Intelligence Solutions. Responsible for RMF documentation, vulnerability assessments, and incident response in Sterling, VA.
Senior Network Security Engineer driving Zero Trust security fabric design and optimization at CRC Group. Hands - on role managing Zscaler and Palo Alto implementations across multi - cloud environments.
Lead Cybersecurity Engineer driving security testing automation at AT&T. Collaborating with teams to enhance security across telecom networks and systems.
Lead Business Analyst in the IAM Intake & Enablement team within Global Security. Driving IAM initiatives and enhancing access management at RBC.
Cybersecurity Intern supporting the Information Security team at Toyota Insurance. Assisting in developing security programs and conducting risk assessments for enterprise systems.
Cyber Security Intern contributing to security initiatives and real projects at Luminor Group in Estonia. Opportunity to learn and grow within a dynamic banking environment supporting Pan - Baltic operations.
Cyber Security Intern contributing to real projects in a dynamic banking environment with Luminor. Collaborating with interns and building practical skills through meaningful work.