Identity & PAM Security Engineer

Accountabilities

• Design, implement, and manage privileged access controls including Privileged Identity Management (PIM), just-in-time (JIT) access, approval workflows, and role assignments.


• Define and maintain secure administrative access processes for high-risk roles, privileged sessions, and emergency break-glass accounts.


• Lead access review and certification processes, ensuring remediation actions are completed and access remains aligned with least-privilege principles.


• Manage the lifecycle of service accounts, machine identities, secrets, API keys, and credentials, including rotation, monitoring, and decommissioning.


• Configure and maintain conditional access policies, MFA enforcement, and identity risk-based security controls.


• Design and implement automation for identity workflows, including approvals, access provisioning, reporting, and remediation processes.


• Collaborate with Security, Infrastructure, and Engineering teams to enhance identity security across cloud and enterprise environments.


• Support security audits, compliance requirements, incident response, and identity-related investigations.


• Contribute to the evolution of identity governance, PAM strategies, and security operations best practices.


• Improve identity security tooling, documentation, and operational processes to increase scalability and resilience.

Requirements

• 4+ years of experience in Identity & Access Management (IAM), Cloud Security, Infrastructure Security, or Security Engineering roles.


• Hands-on experience with identity platforms such as Microsoft Entra ID and Google Cloud IAM.


• Strong understanding of identity security principles including least privilege, RBAC, MFA, conditional access, and privileged access management.


• Experience managing service accounts, machine identities, secrets management, and credential rotation at scale.


• Proven ability to design or operate PAM or identity governance processes in complex environments.


• Experience building automation using tools such as PowerShell, Python, APIs, or workflow orchestration platforms.


• Strong analytical and problem-solving skills with a security-first mindset.


• Experience working with SIEM tools, log analysis platforms, or security monitoring systems is a plus.


• Familiarity with tools such as HashiCorp Vault, Azure Key Vault, or Google Secret Manager is advantageous.


• Relevant certifications such as SC-300, AZ-500, CISSP, or CCSP are considered a strong plus.


• Excellent communication, documentation, and stakeholder management skills.


• Ability to work effectively in distributed, fast-paced, and collaborative engineering environments.

Benefits

• Competitive salary with performance-based quarterly bonuses.


• Remote-first working model with flexibility across working hours.


• 28 days of paid annual leave.


• Core working hours with flexibility outside of defined collaboration windows.


• Top-tier equipment provided to support your work.


• Referral bonuses and performance-based flash bonuses.


• Annual company retreats with international team collaboration opportunities.


• Opportunity to work in a highly technical, security-focused environment.


• Exposure to modern cloud identity, PAM, and enterprise security architectures.


• Strong emphasis on autonomy, ownership, and continuous improvement.


• Collaborative and globally distributed team culture.

Deze vacature komt van ats_lever. Originele vacature bekijken ↗