Cyber Security Engineer PAM/IAM

Job Overview

The Cybersecurity Engineer (PAM / IAM / Cloud Security) is responsible for implementing, managing, and securing identity and access systems across on-premises and cloud environments. This role ensures that privileged accounts, user access, and cloud resources are properly secured, monitored, and compliant with organizational policies and regulatory standards.

Key Responsibilities1. PAM (Privileged Access Management)

• Implement, configure, and manage PAM solutions (e.g., CyberArk, BeyondTrust, Thycotic, Delinea, Azure PIM).
• Define and enforce least privilege principles and privileged session management.
• Monitor and audit privileged account activity to detect and prevent misuse.
• Automate password rotation, vaulting, and credential management processes.
• Conduct periodic privileged access reviews and compliance audits.

2. IAM (Identity and Access Management)

• Design and maintain IAM frameworks aligned with Zero Trust principles.
• Manage user provisioning, de-provisioning, and access lifecycle using tools like Okta, Azure AD, Ping Identity, SailPoint, or One Identity.
• Integrate IAM systems with cloud and enterprise applications (SSO, MFA, RBAC, SCIM).
• Develop and enforce access control policies, authentication mechanisms, and identity governance.
• Work with HR and IT to ensure access alignment during employee onboarding/offboarding.

3. Cloud Security

• Secure cloud environments (AWS, Azure, GCP) by enforcing Identity & Access controls (IAM roles, policies).
• Implement cloud-native security tools (e.g., Azure Defender, AWS IAM, GuardDuty, Security Hub).
• Perform configuration reviews, vulnerability assessments, and threat monitoring for cloud resources.
• Support incident response, risk mitigation, and compliance within the cloud infrastructure.
• Collaborate with DevOps teams to integrate security into CI/CD pipelines (DevSecOps).

4. Security Operations & Compliance

• Assist in incident investigation and response related to identity breaches or cloud threats.
• Develop and maintain security documentation, policies, and runbooks.
• Ensure compliance with frameworks such as ISO 27001, SOC 2, NIST, GDPR, or HIPAA.
• Provide technical guidance and training to internal teams on PAM, IAM, and Cloud Security best practices.

Required Skills and ExperienceTechnical Skills

• Strong knowledge of Identity Governance, PAM, and MFA technologies.
• Hands-on experience with tools such as CyberArk, BeyondTrust, Thycotic, Delinea, SailPoint, Okta, Azure AD.
• Familiarity with Azure / AWS security models and Zero Trust architecture.
• Understanding of Active Directory, LDAP, SSO, OAuth, SAML, SCIM, and OpenID Connect.
• Experience with PowerShell, Python, or Bash scripting for automation.
• Good grasp of network security, firewalls, and endpoint protection concepts.

Soft Skills

• Strong analytical and problem-solving skills.
• Excellent communication and teamwork abilities.
• Detail-oriented with a focus on risk mitigation and compliance.
• Ability to manage multiple priorities in a fast-paced environment.

Education & Certifications

• Bachelor's degree in Computer Science, Information Security, or related field.
• Preferred Certifications:
• CompTIA Security+, CySA+, or CASP+
• Microsoft Certified: Azure Security Engineer Associate
• AWS Certified Security – Specialty
• Certified Identity and Access Manager (CIAM)
• Certified Information Systems Security Professional (CISSP)
• CyberArk / SailPoint / Okta certification (preferred)

Job Type: Full-time

Pay: $66,171.36-$153,517.28 per year

Ability to commute/relocate:

• Toronto, ON (Toronto District): reliably commute or plan to relocate before starting work (required)

Application question(s):

• What is your monthly current salary?
• What is your monthly expected salary?
• What is your notice period?

Education:

• Bachelor's Degree (preferred)

Experience:

• Cybersecurity Engineer: 3 years (required)

Work Location: In person