Principal IAM Engineer

1. EPM Responsibilities

• Deploy, configure, and manage Endpoint Privilege Management (EPM) solutions across hybrid environments (on‑premises and cloud).
• Design and manage endpoint privilege policies to enforce least privilege and reduce attack surface using RBAC and Zero Trust principles.
• Develop, configure, and maintain automation scripts and tools (PowerShell, Python) to manage EPM policies and operational tasks.

• Gather business and security requirements; create implementation plans and roll out new or updated EPM policies for endpoints and user groups.
• Perform regular health checks, monitoring, and tuning of EPM implementations to ensure policy enforcement and visibility of privileged activity.
• Execute ongoing activities such as testing, upgrading, patching, and troubleshooting EPM agents across endpoints.
• Manage privileged accounts and secrets within Privileged Access Management (PAM) platforms.
• Support operational processes including password rotation, session monitoring, auditing, and logging of privileged access.
• Conduct access reviews, compliance validation, and audit reporting for privileged accounts, secrets, and policies.
• Lead onboarding of servers, service accounts, applications, and platforms into Privilege Cloud using CyberArk connectors and plugins.
• Resolve incidents and service requests related to PAM and EPM configurations, access issues, and policy enforcement.
• Create and maintain documentation, SOPs, KB articles, and deliver training sessions on PAM/EPM best practices and standard use cases.

CyberArk EPV Skills

• The Principal IAM Engineer will be responsible for architecting, deploying, and managing CyberArk EPV components such as Vault, CPM, PSM, CCP, PVWA, and REST integrations.
• They will also lead enterprise onboarding for privileged accounts across Windows, Linux, network devices, Citrix infrastructure, databases, applications, and cloud environments. Additionally, designing and implementing CyberArk EPM for endpoint privilege control across both Windows and macOS is a key responsibility.
• Governance standards are an essential part of the role, including safe design, access control models, credential rotation policies, and session monitoring and recording. The Engineer will lead PAM lifecycle activities, covering onboarding, migration, upgrades, disaster recovery, and performance tuning.

2. Active Directory (AD) Responsibilities

• Manage and support Active Directory (on‑prem) infrastructure, including users, groups, computers, GPOs, and OU structures.
• Administer privileged AD accounts (Domain Admins, Enterprise Admins, Tier‑0 accounts) in alignment with PAM controls.
• Design and enforce Group Policies (GPOs) for security hardening, endpoint configuration, and privilege control.
• Support AD account lifecycle management (joiner, mover, leaver) and delegation models.
• Perform AD security reviews, identify misconfigurations, and remediate risky permissions.
• Support AD audit logging, monitoring, and integration with SIEM platforms.
• Assist with domain migrations, consolidations, troubleshoot time sync issues, AD and DFSR replication issues, AD integrated DNS issues and trust configurations.

3. Azure Active Directory / Entra ID Responsibilities

• Administer Azure Active Directory (Entra ID) for user, group, role, and device management.
• Manage Azure privileged roles (Global Admin, Privileged Role Admin, Application Admin, etc.) using PIM and PAM controls.
• Implement and maintain Conditional Access policies, MFA enforcement, and identity security best practices.
• Support Azure AD application integrations, service principals, and managed identities.
• Configure and monitor Azure AD audit logs, sign‑in logs, and integrate with SIEM tools.
• Support hybrid identity scenarios (Azure AD Connect / Cloud Sync).
• Conduct regular access reviews for Azure AD privileged roles and applications.
• Assist with identity governance, least privilege adoption, and zero standing access initiatives.

4. What We’re Looking For :

Experience & Technical Skills

• 13+ years of experience in Privileged Access Management (PAM) and Endpoint Privilege Management (EPM) across design, engineering, and operations.
• Hands‑on experience with leading PAM/EPM solutions such as CyberArk, BeyondTrust, or equivalent enterprise tools.
• Strong experience with Active Directory and Azure AD / Entra ID administration in enterprise environments.
• Proficiency in scripting and automation using PowerShell, Python, and related tools.
• Experience with endpoint deployment tools such as SCCM & Intune.
• Solid understanding of incident management, change management, and regulatory controls (SOX, PCI, etc.).
• Experience configuring logging, monitoring, and troubleshooting tools such as CrowdStrike and SIEM platforms.

5. Professional Skills

• Strong interpersonal and consultative skills with the ability to work across security, infrastructure, and business teams.
• Ability to prioritize and execute tasks effectively in high‑pressure, production environments.
• Excellent written and verbal communication skills.
• Proven ability to work in a team‑oriented, collaborative environment.
• Ability to operate with minimal supervision, exercising autonomy and sound judgment within defined responsibilities.