Lead the build, configuration, and deployment of secure email, messaging, authentication (MFA, SSO), and identity lifecycle management solutions.
Develop and implement new IAM capabilities and enhancements as outlined in the IAM strategic roadmap.
Recommend and integrate additional IAM solutions or controls to improve frontline security defences.
Participate in the deployment and initial configuration of new IAM technologies, ensuring alignment with standards and best practices.
Establish and enforce IAM policies and procedures to maintain compliance with relevant regulations.
Coordinate with cross-functional teams to ensure seamless integration and operation of IAM solutions.
Provide training and support to users on IAM policies, procedures, and technologies.
Act as the escalation point for complex IAM issues, maintaining operational excellence and continuous improvement in IAM processes.
Engineer and enhance Identity Access Management (IAM) solutions to strengthen organizational security and support a zero-trust architecture.
Drive the development and integration of authentication, lifecycle governance, and customer IAM capabilities in line with strategic security objectives.
Collaborate across teams to ensure robust, compliant, and user-friendly IAM processes and technologies.
Requirements
Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, Information Security, or a closely related field (or equivalent combination of education and experience)
Many roles accept relevant professional experience in lieu of a degree, but a 4-year degree remains the most common baseline.
Professional experience in IAM or related cybersecurity fields — typically 3–7+ years depending on the role level (e.g., 3–5 years for mid-level IAM Engineer; 5–10+ for senior/principal roles).
Hands-on experience with identity lifecycle management, access provisioning/de-provisioning, or access reviews is highly valued.
Strong knowledge of core IAM concepts and protocols — including authentication, authorization, RBAC (Role-Based Access Control), PBAC, SSO (Single Sign-On), MFA (Multi-Factor Authentication), federation, and standards like SAML, OAuth 2.0, OIDC, LDAP, and JWT.
Hands-on experience with leading IAM platforms/tools — such as Okta, SailPoint, Microsoft Entra ID (Azure AD), Ping Identity/ForgeRock, CyberArk (for PAM), Saviynt, or similar.
Familiarity with at least one or two major vendors is often explicitly required.
Experience with directory services and identity stores — particularly Active Directory (AD), Entra ID/Azure AD, LDAP directories, or cloud identity solutions. Many roles emphasize hybrid/on-premises + cloud directory management.
Understanding of compliance, regulatory frameworks, and security standards — knowledge of NIST, ISO 27001, GDPR, HIPAA, SOX, PCI-DSS, COBIT, or Zero Trust principles.
Ability to align IAM processes with audit and governance requirements is critical.
Cloud platform familiarity — experience integrating IAM with major cloud providers like AWS IAM, Azure AD/Entra ID, Google Cloud Identity, or multi-cloud environments. Cloud IAM is now a near-universal expectation.
Scripting and automation skills — proficiency in languages/tools such as PowerShell, Python, JavaScript, REST APIs, or BeanShell for automating IAM workflows, custom connectors, or integrations.
Strong communication and collaboration skills — excellent verbal and written English communication (critical for English-speaking roles), ability to explain complex IAM concepts to both technical and non-technical stakeholders (e.g., business leaders, auditors), and experience working cross-functionally in teams.
Relevant certifications (preferred or required in many postings) — common ones include CISSP, CISM, Okta Certified Professional, SailPoint Certified IdentityIQ Engineer, Microsoft Certified: Identity and Access Administrator, GIAC certifications, or vendor-neutral ones like Certified Identity and Access Manager (CIAM) from Identity Management Institute.
Fluency in English language.
Tech Stack
AWS
Azure
Cloud
Cyber Security
JavaScript
Python
Benefits
Competitive salary package with annual bonus
Company car
Multisport card
Additional life insurance
Long term, international career growth & opportunities
Options to purchase CHEP/Brambles shares
3 Days paid leave for volunteering
Employee´s pension insurance plan (up to CZK 4100 monthly contribution)
25 the days of the annual holiday
5 sick days
Meal vouchers (225 CZK daily)
Cafeteria system to spend on health, culture, traveling, education, and purpose