Exegy

Security Engineer – Identity, Privileged Access Management (IAM, PAM)

Exegy

full-time

Posted on:

Location Type: Hybrid

Location: St. LouisMontanaUnited States

Visit company website

Explore more

AI Apply
Apply

Tech Stack

AzureCloudITSMVault

About the role

  • Design, implement, and maintain IAM and PAM platforms supporting workforce, privileged, and service identities
  • Enforce least-privilege access models, role-based access control (RBAC), and attribute-based access control (ABAC) where appropriate
  • Implement strong authentication controls, including MFA, conditional access, and phishing-resistant authentication
  • Manage privileged identities for administrative, infrastructure, cloud, and application accounts
  • Eliminate shared, standing, and unmanaged privileged accounts through vaulting, just-in-time (JIT) access, and session recording
  • Lead initiatives to identify and remediate over-provisioned access, orphaned accounts, and excessive entitlements
  • Design and operate access review and certification processes in collaboration with GRC and business owners
  • Integrate IAM with HR systems and ITSM to automate joiner, mover, and leaver workflows
  • Partner with Risk and GRC teams to align IAM/PAM controls to ISO 27001, NIST, CIS Controls, and regulatory requirements
  • Support security incident investigations related to identity misuse, credential compromise, or privilege escalation

Requirements

  • 5+ years of experience in information security or identity engineering, with deep focus on IAM and/or PAM programs
  • Hands-on experience designing, implementing, and operating enterprise IAM and PAM platforms (e.g., Azure AD / Entra ID, Okta, Ping, CyberArk, BeyondTrust, Delinea, HashiCorp Vault, or comparable solutions)
  • Proven experience building and maintaining RBAC models, automating joiner-mover-leaver workflows, and leading entitlement cleanup initiatives
  • Strong working knowledge of modern authentication and authorization protocols (SAML, OAuth, OIDC, LDAP, Kerberos)
  • Experience integrating identity systems across cloud platforms, SaaS applications, on-prem infrastructure, and CI/CD pipelines
  • Demonstrated experience reducing access-related audit findings and closing identity control gaps
  • Working knowledge of common security and compliance frameworks (e.g., ISO 27001 Annex A, NIST SP 800-53, CIS Controls), with emphasis on access control and identity safeguards
  • Ability to translate security and compliance requirements into practical, scalable identity controls that support business operations
  • Comfortable communicating access risk, least-privilege principles, and control decisions to both technical and non-technical stakeholders
  • Relevant security or identity certifications (e.g., CISSP, CISM, GIAC, or IAM/PAM vendor certifications) are beneficial but not required.
Benefits
  • Health insurance
  • Flexible work arrangements

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills
IAMPAMRBACABACMFASAMLOAuthOIDCLDAPKerberos
Soft skills
communicationleadershipcollaborationproblem-solvingrisk management
Certifications
CISSPCISMGIACIAM certificationPAM certification