Job Overview:

The Senior Identity Access Management (IAM) Engineer will lead the design, implementation, and optimization of CyberArk Privileged Access Management (PAM) solutions, serving as the primary subject matter expert for CyberArk across the organization. This role requires advanced technical skills in CyberArk architecture, deployment, and operations, as well as a strong understanding of identity governance, access management, and security best practices. The ideal candidate will architect end-to-end privileged access solutions, collaborate with cross-functional teams, and ensure the success of CyberArk deployments, while supporting integrations with SailPoint and other IAM platforms.

Key Responsibilities

• CyberArk Solution Architecture: Design and implement CyberArk PAM solutions that meet organizational requirements. Lead technical design and architecture for complex CyberArk deployments, including integrations with enterprise systems (Active Directory, LDAP, cloud platforms).
• Implementation & Configuration: Oversee installation, configuration, and customization of CyberArk, including Safe policy management, PSM connectors, CPM, password rotation, and privileged account onboarding.
• Stakeholder Engagement: Collaborate with business and IT stakeholders to understand requirements and translate them into CyberArk solutions aligned with security and governance goals.
• Privileged Access Lifecycle Management: Develop and maintain privileged access lifecycle processes (onboarding, offboarding, access certification, RBAC, access reviews).
• Integration Expertise: Implement integrations with cloud platforms (Azure AD, Okta, AWS IAM), ServiceNow, and other enterprise applications.
• Security & Compliance: Ensure CyberArk solutions meet security, compliance, and auditing requirements (NIST, CIS, HIPAA, GDPR, etc.). Support audit requests and maintain documentation for completeness and accuracy.
• Automation & Optimization: Identify opportunities for process automation and operational efficiency improvements within the CyberArk platform.
• Disaster Recovery: Setup and maintain multi-region active-active environments in AWS for CyberArk.
• Mentorship & Leadership: Provide mentorship and guidance to junior team members and drive best practices for CyberArk development and implementation.
• Troubleshooting & Support: Troubleshoot complex issues related to CyberArk and privileged access management systems. Provide ongoing support and performance tuning for deployed solutions.  Must be available after hours in the event of any outage of the identity platforms.
• Documentation: Maintain thorough documentation for CyberArk configurations, workflows, integrations, and policies.
• Continuous Improvement: Stay up-to-date with the latest CyberArk features, industry trends, and best practices, and bring innovative solutions to the table.
• Provide support for audit requests including privileged access reviews and session recordings.
• Maintain completeness and accuracy for onboarding all privileged accounts and systems into CyberArk.
• Implement security hardening and best practices for CyberArk infrastructure.

Required Skills & Qualifications

• Experience: 7+ years in identity and access management (IAM), with at least 5 years of hands-on experience with CyberArk.
• Technical Expertise: Deep knowledge of CyberArk architecture, provisioning, Safe policy management, PSM connectors, CPM, password rotation, and privileged access management.
• Design and deploy PSM connectors for various platforms including Windows, Unix/Linux, databases, and network devices.
• Enterprise Integration: Strong experience integrating CyberArk solutions into enterprise environments (Active Directory, LDAP, Office 365, cloud apps).
• IAM Best Practices: Knowledge of IAM frameworks, security models, and access control principles (RBAC, ABAC, least privilege, segregation of duties).
• Security and Compliance: Understanding of regulatory and compliance requirements related to IAM and privileged access.
• Tools and Technologies: Experience with CyberArk, SailPoint, ServiceNow, Okta, Microsoft Azure AD, AWS IAM, and related IAM tools.
• Project Management: Ability to manage multiple tasks, prioritize, and deliver on-time in a fast-paced, dynamic environment. Experience with agile methodologies is a plus.
• Problem Solving: Strong analytical and troubleshooting skills for complex privileged access issues.
• Proficiency with CyberArk APIs (REST API, PACLI) for automation and integration.
• Experience with CyberArk SaaS/Privilege Cloud platform preferred.
• Communication Skills: Excellent verbal and written communication skills, able to communicate technical concepts to both technical and non-technical stakeholders.
• Certifications (Preferred): CyberArk Certified, CISSP, CISM, or other IAM-related certifications.
• Education: Bachelor’s degree in Computer Science, Information Technology, Engineering, or a related field. Master’s degree or relevant certifications is a plus.

Additional Desired Skills

• Experience with SailPoint and other IAM platforms.
• Experience with identity federation, single sign-on (SSO), and multi-factor authentication (MFA).
• Familiarity with DevOps practices and CI/CD pipelines for IAM solutions.
• Expertise in identity governance workflows, access reviews, and certification campaigns.

System One, and its subsidiaries including Joulé, ALTA IT Services, and Mountain Ltd., are leaders in delivering outsourced services and workforce solutions across North America. We help clients get work done more efficiently and economically, without compromising quality. System One not only serves as a valued partner for our clients, but we offer eligible employees health and welfare benefits coverage options including medical, dental, vision, spending accounts, life insurance, voluntary plans, as well as participation in a 401(k) plan.

System One is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, age, national origin, disability, family care or medical leave status, genetic information, veteran status, marital status, or any other characteristic protected by applicable federal, state, or local law.

#M-
#LI-
#DI-

Ref: #431-IT Tampa

#LI-BS1
#M1