Senior IAM Engineer – CyberArk

Role Overview

• Assess the client’s current production environment, identify operational risks and process gaps, and implement a scalable, business-aligned PAM/identity framework that strengthens control, reduces operational friction, and supports long-term operational resilience.
• Work closely with business and technology leaders to drive PAM and identity initiatives that directly support production operations, ensuring access processes are efficient, sustainable, and aligned to the organization’s operating model.
• Evaluate existing identity and privileged-access operating models — from access request flows and lifecycle processes to role structures, separation of duties, and certification cycles — identifying where the client’s production operations can be strengthened, streamlined, or matured.
• Design and evolve privileged access and identity solutions that not only meet security requirements but also fit seamlessly into the client’s day-to-day operational model, producing actionable architectures and frameworks that elevate production reliability and accountability.
• Build automated, self-service, and resilient privileged access and identity capabilities that reduce manual workload, enhance operational consistency, and minimize disruption across production environments.
• Implement customizations to address customer business requirements.
• Participate in security and application troubleshooting and incident problem resolutions with other infrastructure teams, including storage, messaging, server, and network.
• Collaborate with various stakeholders, including IT teams, security teams, and business units, to implement effective and efficient identity and access management solutions.
• Provide engineering support for complex and recurring incidents related to IAM platforms and perform root causes analysis in accordance with customer policies and standards.
• Responsible for the standards, design, and operation of Sailpoint, BeyondTrust, CyberArk and related environments.

Requirements

• Bachelor’s degree in Engineering, Information Technology, Computer Science, or related discipline preferred
• 5 + years of experience leading PAM and identity improvements in active production environments, with a focus on operational readiness, risk reduction, and scalable process design, required
• Experience with cloud environments such as Azure/Entra/AWS/GCP cloud environments a bonus
• Microsoft Certified IT Professional (Enterprise Administrator) preferred.
• CISSP certification is a plus
• Either CyberArk Certified Privilege Cloud (CPC) Delivery Engineer OR CyberArk Certified Delivery Engineer (CDE) preferred
• Strong command of IAM/PAM foundations — including SSO, SCIM, OAuth, SAML, encryption, and PKI — and how these controls contribute to secure, dependable production operations.
• Practical experience with the Microsoft ecosystem — AD, DNS, Group Policy, O365/Exchange, and Azure/Entra ID — to ensure privileged access and identity controls integrate smoothly into production systems and daily operational activities.
• Excellent communication skills, both verbal and written are required.
• Solid understanding of how Role Based Access Control (RBAC) works in large, distributed environments.
• Solid understanding of cybersecurity principles and best practices.
• Excellent problem-solving and analytical skills.
• Experience working with PAM systems
• Experience with MFA protocols and techniques.

Tech Stack

• AWS
• Azure
• Cloud
• Cyber Security
• DNS
• Google Cloud Platform

Benefits

• A company committed to championing Diversity, Equality, and Inclusion through our Employee Resource Groups.
• Work/life balance
• Professional training resources
• Creative problem-solving and the ability to tackle unique, complex projects
• Volunteer Opportunities.
• "Optiv Chips In" encourages employees to volunteer and engage with their teams and communities.
• The ability and technology necessary to productively work remotely/from home.