Job ID: JOB_ID_4518
Job Title: IAM Engineer with PAM (Privileged Access Management)
We are looking for an experienced IAM Engineer with a strong background in Privileged Access Management (PAM) for an onsite contract role. This position involves a 12-month duration.
Role Overview:
The PAM Lead will be responsible for researching and developing strategic standards and controls for securing non-human identities using modern privileged access concepts. This role requires close collaboration with Technology Risk to drive policies, standards, and implement robust security capabilities. You will serve as a subject matter expert for AI identity security, privileged access, assigned product portfolios, engineering guardrails, and preventative/detective controls.
Key Responsibilities:
- Researching and developing strategic standards and controls for securing non-human identities by employing modern privileged access concepts.
- Collaborating with Technology Risk to drive policies and standards and implement robust security capabilities.
- Serving as a subject matter expert for AI identity security, privileged access, assigned product portfolios, engineering guardrails, and preventative/detective controls.
- Supporting IAM encryption, data privacy strategies, and secure integrations with external vendors and cloud providers.
- Leading and ensuring success with cross-team stakeholder management through multiple formats (status updates, demos, training, and clarifying requirements).
- Integrating with enterprise security tools and platforms; identifying automation opportunities to improve security process accuracy and efficiency.
- Responding to security incidents, performing root cause analysis, and providing on-call support for IAM platforms.
- Supporting controls enforcement in with Cloud IAM services (AWS IAM, Azure Entra ID).
Technical Requirements:
- Minimum 7+ years as an IAM Engineer with hands-on experience in privileged access technologies.
- Recent experience in agentic AI and securing OWASP Top 10 NHI risks.
- Strong understanding of agentic AI systems, including binding AI agents to enterprise identities, least privilege enforcement, policy-based guardrails, Model Context Protocol (MCP), mutual TLS, OAuth2 token exchanges, and AI security tools.
- Familiarity with API gateways, service meshes (Kong, Istio, Apigee), and machine identity management (certificates, workload IDs, SPIFFE/SPIRE).
- Experience with IAM automation and administration using Terraform, Ansible, Cloud-init, Pulumi, Python, and Unix/Windows systems.
- Strong proficiency in authentication technologies: SSO, federation protocols (SAML, OIDC, OAuth2), API authentication, SCIM, RBAC, ABAC, JIT provisioning, and zero-trust principles.
- Expertise in privileged access management, including credential vaulting, session management, and PAM/PAW models.
- Skilled in directory services and multi-cloud identity governance (Azure AD, AWS AD, EntraID, Okta) and cloud IAM across AWS, Azure, and GCP.
- Awareness of open standards, threat modeling, insider threats, and continuous authentication.
- Strong organization, project delivery, communication, collaboration, and leadership skills.
- StrongDM, CyberArk, Azure Key Vault, AWS Secrets and other privileged solution areas are a plus.
Duration:
- 12 months
Location:
- Irvine, CA – Onsite
Employment Type:
- Contract
Special Requirements
Onsite role. Requires strong understanding of agentic AI systems, privileged access management, and cloud IAM. Experience with specific tools like StrongDM, CyberArk, Azure Key Vault, AWS Secrets is a plus.
Compensation & Location
Salary: $60 – $60 per year
Location: Irvine, CA
Recruiter / Company – Contact Information
Email: an.k@itechus.net
Recruiter Notice:
To remove this job posting, please send an email from
an.k@itechus.net with the subject:
DELETE_JOB_ID_4518