Role: Sr. CyberArk PAM Engineer with Entra ID
Location: New York, NY 10017 (100% Onsite – No flexibility)
Role Summary
We are seeking a Senior / Principal IAM & PAM Implementation Engineer with deep hands on experience in Microsoft Entra ID (Azure AD) and CyberArk Privileged Access Management, combined with AI / GenAI identity security exposure, to support financial services and highly regulated clients.
This role is execution driven and operates in mission critical environments where identity failures directly impact business continuity, regulatory compliance, and customer trust. The engineer will design, implement, and operate IAM and PAM controls aligned to Zero Trust principles, audit requirements, and financial industry regulations.
Key Responsibilities
Identity & Access Management (Microsoft Entra ID / Azure AD)
• Design and hands on implement Microsoft Entra ID solutions in regulated, production critical environments
• Design and enforce Conditional Access, MFA, passwordless authentication, and device based access
• Integrate internal and third party applications using SAML, OAuth 2.0, OIDC
• Implement identity lifecycle (JML), RBAC, access reviews, and entitlement management
• Maintain role-based access control (RBAC) aligned with least privilege principles.
• Support IAM integrations with CyberArk PAM, DLP, and security platforms where applicable.
• Troubleshoot complex sign in, token, MFA, PRT, and policy enforcement issues with minimal user disruption
Privileged Access Management (CyberArk PAM)
• Hands on deployment and administration of CyberArk components: Vault, PSM, CPM, Secrets Management
• Onboard privileged accounts across servers, databases, network, cloud, and service identities
• Enforce least privilege, credential rotation, session recording, and approval workflows
• Integrate CyberArk with Microsoft Entra ID for identity driven privileged access.
• Monitor privileged access activity and investigate suspicious or non compliant usage.
• Support PAM audits, regulatory reviews, and emergency access scenarios (break glass)
AI / GenAI Identity Security
• Implement identity and access controls for AI and GenAI platforms (e.g., Microsoft Copilot, enterprise AI workloads)
• Secure:
o AI service identities and service principals
o API access and automation credentials
o AI training and inference access pipelines
• Align IAM, PAM controls with enterprise AI governance, model risk, and data protection standards
Governance, Compliance & Risk
• Implement IAM and PAM controls aligned with Financial services regulatory expectations and Internal risk & audit frameworks
• Support audits and compliance reviews (e.g., access evidence, privileged access reports)
• Design and maintain audit ready documentation, including:
o Architecture diagrams
o Policy definitions
o Access workflows and operational procedures
• Participate in identity related incident response, RCA, and remediation activities
Delivery & Client Engagement
• Lead IAM/PAM implementations from design through production rollout
• Work closely with Security leadership, Risk & compliance teams, Application owners, Auditors and regulators (as required)
• Provide clear, pragmatic recommendations balancing security, usability, and regulatory compliance
• Act as a trusted technical advisor to clients in high stakes environments
Required Skills & Experience
Mandatory (Hands on)
• 8–15 years of IAM / Security engineering experience in regulated environments
• Strong hands on experience with:
o Microsoft Entra ID (Azure AD)
o CyberArk PAM (Vault, PSM, CPM, Secrets)
• Conditional Access, MFA, Passwordless, RBAC
• SAML, OAuth 2.0, OpenID Connect
• Production troubleshooting in large enterprise environments
Regulated Industry Experience
• Experience supporting financial services, banking, insurance, or similarly regulated clients
• Exposure to audit, compliance, or risk workflows related to identity and privileged access
• Comfort operating under strict change management and approval processes
Nice to Have
• Identity Governance (PIM, Access Reviews)
• SIEM integrations (Azure Sentinel, Splunk)
• PowerShell / automation for IAM & PAM
• Zero Trust architecture implementation experience
Soft Skills
• Strong hands on engineering mindset (not architecture only).
• Process driven mindset with strong documentation discipline.
• Pragmatic problem solver with strong risk awareness
• Excellent client communication and stakeholder management skills. Clear communication with technical and business stakeholders.
• Ability to build long term, trusted relationships.
• Calm and methodical approach in high impact production incidents. Ability to support incidents under pressure
Preferred Certifications
• Microsoft SC 300 / AZ 104 / AZ 900
• CyberArk PAM certifications
• Security or identity related certifications (preferred)