Security Engineer designing and implementing security measures to protect Snap Inc.'s infrastructure. Collaborating across teams while focusing on threat detection and response strategies.
EX
Hybrid Security Engineer – Identity, Privileged Access Management (IAM, PAM)
Posted 2 months ago
About the role
- Security Engineer at Exegy responsible for IAM & PAM. Collaborate with teams to ensure secure identity and access management.
Responsibilities
- Design, implement, and maintain IAM and PAM platforms supporting workforce, privileged, and service identities
- Enforce least-privilege access models, role-based access control (RBAC), and attribute-based access control (ABAC) where appropriate
- Implement strong authentication controls, including MFA, conditional access, and phishing-resistant authentication
- Manage privileged identities for administrative, infrastructure, cloud, and application accounts
- Eliminate shared, standing, and unmanaged privileged accounts through vaulting, just-in-time (JIT) access, and session recording
- Lead initiatives to identify and remediate over-provisioned access, orphaned accounts, and excessive entitlements
- Design and operate access review and certification processes in collaboration with GRC and business owners
- Integrate IAM with HR systems and ITSM to automate joiner, mover, and leaver workflows
- Partner with Risk and GRC teams to align IAM/PAM controls to ISO 27001, NIST, CIS Controls, and regulatory requirements
- Support security incident investigations related to identity misuse, credential compromise, or privilege escalation
Requirements
- 5+ years of experience in information security or identity engineering, with deep focus on IAM and/or PAM programs
- Hands-on experience designing, implementing, and operating enterprise IAM and PAM platforms (e.g., Azure AD / Entra ID, Okta, Ping, CyberArk, BeyondTrust, Delinea, HashiCorp Vault, or comparable solutions)
- Proven experience building and maintaining RBAC models, automating joiner-mover-leaver workflows, and leading entitlement cleanup initiatives
- Strong working knowledge of modern authentication and authorization protocols (SAML, OAuth, OIDC, LDAP, Kerberos)
- Experience integrating identity systems across cloud platforms, SaaS applications, on-prem infrastructure, and CI/CD pipelines
- Demonstrated experience reducing access-related audit findings and closing identity control gaps
- Working knowledge of common security and compliance frameworks (e.g., ISO 27001 Annex A, NIST SP 800-53, CIS Controls), with emphasis on access control and identity safeguards
- Ability to translate security and compliance requirements into practical, scalable identity controls that support business operations
- Comfortable communicating access risk, least-privilege principles, and control decisions to both technical and non-technical stakeholders
- Relevant security or identity certifications (e.g., CISSP, CISM, GIAC, or IAM/PAM vendor certifications) are beneficial but not required.
Benefits
- Health insurance
- Flexible work arrangements
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
IT Security & Compliance Head at Lonza leading security strategy and managing global risk. Collaboration with senior leadership to enhance information security across Capsules & Health Ingredients business.
Senior Security Manager leading security for Sanofi meetings and events across North America. Ensuring compliance with global meeting policies and managing event security operations in high - stake environments.
Security Officer maintaining safety protocols at Aloft New Orleans. Responsible for patrolling, monitoring security systems, and assisting guests with safety - related concerns.
Security Detection Specialist responsible for detecting cybersecurity incidents using advanced security technologies. Analyzing data feeds and leveraging security tools for incident detection and reporting.
Senior Incident Response Engineer at Walmart focusing on security threat campaigns to enhance detection and response capabilities. Collaborating with SOC and engineering teams to improve security posture.
Head of Infrastructure & Security at Kinatico, a RegTech leader, focused on cloud infrastructure and security governance. Leading a technically deep team of cloud engineers and security specialists in a hybrid environment.
Security Engineer at KAYAK responsible for implementing security improvements and managing security tools in Berlin office infrastructure. Collaborating with teams to monitor incidents and enhance security protocols.
Security Supervisor responsible for loss prevention and safety at WarHorse Gaming casino in Omaha. Ensuring compliance with regulations and managing security team operations.
Security Shift Manager overseeing security operations at WarHorse Gaming Omaha. Responsible for team safety, compliance with regulations, and staffing in the security department.