Overview
Remote
On Site
$65 - $80 hourly
Contract - W2
Contract - Temp
Skills
Technical Drafting
Identity Management
Scalability
Provisioning
Access Control
System Monitoring
Patch Management
Hardening
Collaboration
Security Operations
Documentation
Auditing
Mentorship
CISSP
Lifecycle Management
Authentication
Authorization
SSO
Multi-factor Authentication
Directory Services
Active Directory
Scripting
Windows PowerShell
Python
Onboarding
IDPS
IT Service Management
JIRA
Service Management
ServiceNow
SailPoint
Sarbanes-Oxley
Regulatory Compliance
Management
Amazon Web Services
Microsoft Azure
CyberArk
Continuous Integration
Continuous Delivery
Cloud Computing
DevOps
Workflow
SIEM
Artificial Intelligence
Messaging
Job Details
RESPONSIBILITIES:
Kforce is looking for a Senior IAM Engineer for a remote, contract to hire opportunity. The ideal candidate will architect end-to-end privileged access solutions, collaborate with cross-functional teams, and ensure the success of CyberArk deployments, while supporting integrations with SailPoint and other IAM platforms.
Responsibilities:
* Design, architect, and deploy enterprise-grade CyberArk Privileged Access Management (PAM) solutions that align with organizational security and compliance objectives
* Lead the technical design and implementation of broader Identity and Access Management (IAM) solutions across the enterprise, ensuring scalability, automation, and alignment with business and security requirements
* Develop and maintain automation scripts (e.g., PowerShell, Python, REST APIs) to enhance provisioning, access control, and system monitoring processes
* Implement secure configurations, patch management, and least privilege models across CyberArk components and integrated systems
* Perform security baseline and hardening in line with industry (NIST, CIS) benchmarks
* Collaborate with Security Operations to monitor privileged accounts for anomalies or abuse, participate in incident investigations, and contribute to response for security events
* Lead integrations between CyberArk and enterprise identity, authentication solutions (e.g., Azure AD/Entra ID, Okta, AWS IAM)
* Ensure PAM and IAM controls meet regulatory and audit requirements (NIST, SOX, NYDFS).
* Maintain thorough documentation and evidence for audits
* Work closely with infrastructure, application, and audit teams to translate privileged access requirements into secure, scalable designs
* Provide technical mentorship, promote security best practices, and contribute to the evolution of enterprise IAM standards and security posture
REQUIREMENTS:
* (Preferred) CyberArk Guardian, CyberArk Sentry, CyberArk Defender, CISSP, GIAC Certifications, or similar credentials
* 8+ years of proven experience implementing, configuring, and managing CyberArk Privilege Cloud and Identity Security Platform Shared Services (ISPSS) in enterprise environments
* Deep understanding of secure design, onboarding, policy configuration, and lifecycle management in cloud-native deployments
* Strong background in designing scalable and secure CyberArk Privilege Cloud architectures that integrate with hybrid identity environments (on-prem, AWS, Azure)
* Broad understanding of IAM principles including authentication, authorization, SSO, MFA, and directory services (Active Directory, Azure AD, Okta)
* Proficiency in scripting languages such as PowerShell, Python, or REST APIs to automate PAM operations, onboarding, and integrations across CyberArk and related systems
* Demonstrated success integrating CyberArk Privilege Cloud with enterprise platforms such as IDPs (Entra ID, Okta), ITSM (Jira Service Management, ServiceNow), and identity governance solutions (SailPoint)
* Knowledge of regulatory and security frameworks such as NIST, CIS, SOX, and NYDFS, with the ability to map PAM controls to compliance requirements
* Experience managing privileged access and secrets in AWS and Azure environments, leveraging CyberArk's cloud connectors and ISPSS services
* (Preferred) Proficiency integrating PAM solutions into CI/CD pipelines, cloud-native platforms, and DevOps workflows
* (Preferred) Familiarity with automating access reviews, integrating PAM telemetry into SIEM platforms (InsightIDR, Sentinel), and driving ongoing security posture enhancements
The pay range is the lowest to highest compensation we reasonably in good faith believe we would pay at posting for this role. We may ultimately pay more or less than this range. Employee pay is based on factors like relevant education, qualifications, certifications, experience, skills, seniority, location, performance, union contract and business needs. This range may be modified in the future.
We offer comprehensive benefits including medical/dental/vision insurance, HSA, FSA, 401(k), and life, disability & ADD insurance to eligible employees. Salaried personnel receive paid time off. Hourly employees are not eligible for paid time off unless required by law. Hourly employees on a Service Contract Act project are eligible for paid sick leave.
Note: Pay is not considered compensation until it is earned, vested and determinable. The amount and availability of any compensation remains in Kforce's sole discretion unless and until paid and may be modified in its discretion consistent with the law.
This job is not eligible for bonuses, incentives or commissions.
Kforce is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.
By clicking ?Apply Today? you agree to receive calls, AI-generated calls, text messages or emails from Kforce and its affiliates, and service providers. Note that if you choose to communicate with Kforce via text messaging the frequency may vary, and message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You will always have the right to cease communicating via text by using key words such as STOP.
Kforce is looking for a Senior IAM Engineer for a remote, contract to hire opportunity. The ideal candidate will architect end-to-end privileged access solutions, collaborate with cross-functional teams, and ensure the success of CyberArk deployments, while supporting integrations with SailPoint and other IAM platforms.
Responsibilities:
* Design, architect, and deploy enterprise-grade CyberArk Privileged Access Management (PAM) solutions that align with organizational security and compliance objectives
* Lead the technical design and implementation of broader Identity and Access Management (IAM) solutions across the enterprise, ensuring scalability, automation, and alignment with business and security requirements
* Develop and maintain automation scripts (e.g., PowerShell, Python, REST APIs) to enhance provisioning, access control, and system monitoring processes
* Implement secure configurations, patch management, and least privilege models across CyberArk components and integrated systems
* Perform security baseline and hardening in line with industry (NIST, CIS) benchmarks
* Collaborate with Security Operations to monitor privileged accounts for anomalies or abuse, participate in incident investigations, and contribute to response for security events
* Lead integrations between CyberArk and enterprise identity, authentication solutions (e.g., Azure AD/Entra ID, Okta, AWS IAM)
* Ensure PAM and IAM controls meet regulatory and audit requirements (NIST, SOX, NYDFS).
* Maintain thorough documentation and evidence for audits
* Work closely with infrastructure, application, and audit teams to translate privileged access requirements into secure, scalable designs
* Provide technical mentorship, promote security best practices, and contribute to the evolution of enterprise IAM standards and security posture
REQUIREMENTS:
* (Preferred) CyberArk Guardian, CyberArk Sentry, CyberArk Defender, CISSP, GIAC Certifications, or similar credentials
* 8+ years of proven experience implementing, configuring, and managing CyberArk Privilege Cloud and Identity Security Platform Shared Services (ISPSS) in enterprise environments
* Deep understanding of secure design, onboarding, policy configuration, and lifecycle management in cloud-native deployments
* Strong background in designing scalable and secure CyberArk Privilege Cloud architectures that integrate with hybrid identity environments (on-prem, AWS, Azure)
* Broad understanding of IAM principles including authentication, authorization, SSO, MFA, and directory services (Active Directory, Azure AD, Okta)
* Proficiency in scripting languages such as PowerShell, Python, or REST APIs to automate PAM operations, onboarding, and integrations across CyberArk and related systems
* Demonstrated success integrating CyberArk Privilege Cloud with enterprise platforms such as IDPs (Entra ID, Okta), ITSM (Jira Service Management, ServiceNow), and identity governance solutions (SailPoint)
* Knowledge of regulatory and security frameworks such as NIST, CIS, SOX, and NYDFS, with the ability to map PAM controls to compliance requirements
* Experience managing privileged access and secrets in AWS and Azure environments, leveraging CyberArk's cloud connectors and ISPSS services
* (Preferred) Proficiency integrating PAM solutions into CI/CD pipelines, cloud-native platforms, and DevOps workflows
* (Preferred) Familiarity with automating access reviews, integrating PAM telemetry into SIEM platforms (InsightIDR, Sentinel), and driving ongoing security posture enhancements
The pay range is the lowest to highest compensation we reasonably in good faith believe we would pay at posting for this role. We may ultimately pay more or less than this range. Employee pay is based on factors like relevant education, qualifications, certifications, experience, skills, seniority, location, performance, union contract and business needs. This range may be modified in the future.
We offer comprehensive benefits including medical/dental/vision insurance, HSA, FSA, 401(k), and life, disability & ADD insurance to eligible employees. Salaried personnel receive paid time off. Hourly employees are not eligible for paid time off unless required by law. Hourly employees on a Service Contract Act project are eligible for paid sick leave.
Note: Pay is not considered compensation until it is earned, vested and determinable. The amount and availability of any compensation remains in Kforce's sole discretion unless and until paid and may be modified in its discretion consistent with the law.
This job is not eligible for bonuses, incentives or commissions.
Kforce is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.
By clicking ?Apply Today? you agree to receive calls, AI-generated calls, text messages or emails from Kforce and its affiliates, and service providers. Note that if you choose to communicate with Kforce via text messaging the frequency may vary, and message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You will always have the right to cease communicating via text by using key words such as STOP.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.