IAM Security Engineer (Okta, CyberArk, AD, RSA)

IAM Security Engineer (Okta, CyberArk, AD, RSA)

100% Remote

6+ Months

Job Description:

We are seeking an experienced Identity & Access Management (IAM) Security Engineer with hands-on expertise in Okta, CyberArk, Active Directory, and RSA SecurID. The consultant will be responsible for user lifecycle management, privileged access administration, directory services, and secure authentication integrations while ensuring compliance, security best practices, and seamless platform operations across the enterprise.

This role is combined now as 1 role with AD and RSA SecureID roles in this opportunity request. only 1 consultant with all 3 qualifications/skills.

Provide Client with Okta platform integration consulting services (as time allows) as follows, but not limited to:

• Provisioning and deprovisioning user accounts, groups, and entitlements.
• Managing role-based access controls and application assignments.
• Reviewing and approving access requests.
• Monitoring and troubleshooting failed authentications and login issues.
• Monitoring security dashboards for suspicious login activity or anomalies.
• Performing periodic access certifications and entitlement reviews.
• Ensuring compliance with company security policies and regulatory frameworks (SOX, etc.).
• Coordinating with Security Operations teams for incident response related to identity events.
• Maintaining integrations with Active Directory/LDAP.
• Applying patches, updates, and feature releases from Okta.
• Running scheduled reports on access, inactive accounts, and login trends.
• Reviewing system health dashboards and alerts.
• Tracking license utilization and optimizing tenant usage.
• Provide documentation of Okta configuration as required
• Additional Client directed tasks on the Okta platform

Provide Client with CyberArk on-premises platform integration consulting services (as time allows) as follows, but not limited to:

• Onboarding new privileged accounts, credentials, and systems into CyberArk.
• Maintaining and rotating privileged account passwords and SSH keys according to policy.
• Deprovisioning accounts when no longer required.
• Managing account ownership assignments and approvals.
• Monitoring the health and performance of CyberArk components (Vault, PVWA, CPM, PSM, etc.).
• Applying patches, hotfixes, and version upgrades.
• Configuring new platforms, connectors, and plug-ins for various target systems.
• Administering safes, permissions, and access policies.
• Enforcing least privilege through policy configurations and session controls.
• Managing Privileged Session Manager (PSM) and monitoring privileged session recordings.
• Reviewing and approving privileged access requests.
• Investigating failed password rotations, vault connectivity, or policy sync issues.
• Troubleshooting onboarding errors and session connection issues.
• Running reports on privileged account usage and password rotations.
• Provide documentation of CyberArk configuration as required
• Additional Client directed tasks on the CyberArk platform

Provide Client with Active Directory platforms integration consulting services (as time allows) as follows, but not limited to:

• Creating, modifying, and disabling user accounts.
• Managing security and distribution groups, memberships, and group policies.
• Handling access requests and entitlement changes.
• Onboarding and offboarding users based on HR feeds or standard workflows.
• Providing leading practice for architecture of managing synchronization between on-premises AD and Azure AD (via AAD Connect).
• Maintaining and monitoring account provisioning and deprovisioning.
• Managing password policies, resets, and lockouts.
• Monitoring replication and health of domain controllers.
• Managing DNS, DHCP, and AD Sites & Services.
• Performing regular backups and restore tests of Active Directory.
• Applying security patches and updates to AD and Azure AD environments.
• Resolving user login, authentication, and access issues.
• Troubleshooting synchronization issues between AD and Azure AD.
• Supporting hybrid join and device registration issues.
• Provide documentation of Active Directory configuration as required
• Additional Client directed tasks on the platform

Provide Client with RSA platform integration consulting services (as time allows) as follows, but not limited to:

• Provisioning new SecurID users and assigning tokens per Client policy
• Managing token lifecycle (activation, replacement, resynchronization, revocation, deactivation).
• Handling lost, stolen, or locked tokens and issuing temporary access.
• Coordinating token distribution (hardware or software)
• Reviewing and updating access policies in line with security requirements
• Applying patches, hotfixes, and software updates as needed
• Reviewing privileged accounts and administrator roles within RSA
• Producing usage reports for audits and compliance reviews