Key skills
AWSAzureCloudCyber SecurityJavaScriptPythonPowerShellGoogle CloudIAMAzure ADEntra IDOAuthJWTOktaSAMLLDAPActive DirectoryIdentity ManagementSSOSingle Sign-OnCommunicationCollaborationZero Trust
About this role
Role Overview
- Lead the build, configuration, and deployment of secure email, messaging, authentication (MFA, SSO), and identity lifecycle management solutions.
- Develop and implement new IAM capabilities and enhancements as outlined in the IAM strategic roadmap.
- Recommend and integrate additional IAM solutions or controls to improve frontline security defences.
- Participate in the deployment and initial configuration of new IAM technologies, ensuring alignment with standards and best practices.
- Establish and enforce IAM policies and procedures to maintain compliance with relevant regulations.
- Coordinate with cross-functional teams to ensure seamless integration and operation of IAM solutions.
- Provide training and support to users on IAM policies, procedures, and technologies.
- Act as the escalation point for complex IAM issues, maintaining operational excellence and continuous improvement in IAM processes.
- Engineer and enhance Identity Access Management (IAM) solutions to strengthen organizational security and support a zero-trust architecture.
- Drive the development and integration of authentication, lifecycle governance, and customer IAM capabilities in line with strategic security objectives.
- Collaborate across teams to ensure robust, compliant, and user-friendly IAM processes and technologies.
Requirements
- Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, Information Security, or a closely related field (or equivalent combination of education and experience)
- Many roles accept relevant professional experience in lieu of a degree, but a 4-year degree remains the most common baseline.
- Professional experience in IAM or related cybersecurity fields — typically 3–7+ years depending on the role level (e.g., 3–5 years for mid-level IAM Engineer; 5–10+ for senior/principal roles).
- Hands-on experience with identity lifecycle management, access provisioning/de-provisioning, or access reviews is highly valued.
- Strong knowledge of core IAM concepts and protocols — including authentication, authorization, RBAC (Role-Based Access Control), PBAC, SSO (Single Sign-On), MFA (Multi-Factor Authentication), federation, and standards like SAML, OAuth 2.0, OIDC, LDAP, and JWT.
- Hands-on experience with leading IAM platforms/tools — such as Okta, SailPoint, Microsoft Entra ID (Azure AD), Ping Identity/ForgeRock, CyberArk (for PAM), Saviynt, or similar.
- Familiarity with at least one or two major vendors is often explicitly required.
- Experience with directory services and identity stores — particularly Active Directory (AD), Entra ID/Azure AD, LDAP directories, or cloud identity solutions. Many roles emphasize hybrid/on-premises + cloud directory management.
- Understanding of compliance, regulatory frameworks, and security standards — knowledge of NIST, ISO 27001, GDPR, HIPAA, SOX, PCI-DSS, COBIT, or Zero Trust principles.
- Ability to align IAM processes with audit and governance requirements is critical.
- Cloud platform familiarity — experience integrating IAM with major cloud providers like AWS IAM, Azure AD/Entra ID, Google Cloud Identity, or multi-cloud environments. Cloud IAM is now a near-universal expectation.
- Scripting and automation skills — proficiency in languages/tools such as PowerShell, Python, JavaScript, REST APIs, or BeanShell for automating IAM workflows, custom connectors, or integrations.
- Strong communication and collaboration skills — excellent verbal and written English communication (critical for English-speaking roles), ability to explain complex IAM concepts to both technical and non-technical stakeholders (e.g., business leaders, auditors), and experience working cross-functionally in teams.
- Relevant certifications (preferred or required in many postings) — common ones include CISSP, CISM, Okta Certified Professional, SailPoint Certified IdentityIQ Engineer, Microsoft Certified: Identity and Access Administrator, GIAC certifications, or vendor-neutral ones like Certified Identity and Access Manager (CIAM) from Identity Management Institute.
- Fluency in English language.
Tech Stack
- AWS
- Azure
- Cloud
- Cyber Security
- JavaScript
- Python
Benefits
- Competitive salary package with annual bonus
- Company car
- Multisport card
- Additional life insurance
- Long term, international career growth & opportunities
- Options to purchase CHEP/Brambles shares
- 3 Days paid leave for volunteering
- Employee´s pension insurance plan (up to CZK 4100 monthly contribution)
- 25 the days of the annual holiday
- 5 sick days
- Meal vouchers (225 CZK daily)
- Cafeteria system to spend on health, culture, traveling, education, and purpose