Identity Management Consultant

Job Description

Job Title: Engineer – Identity Access Manager / Sr. Engineer – IAM

Experience : 3 to 6 Years

Function : IT Security / Identity & Access Management

Location: Bengaluru, Karnataka

Position Type: Full-Time

About the Role

We are hiring for our IAM team: an Engineer – IAM (L2) focused on operational support, troubleshooting, escalation, and platform improvements.

Role requires hands-on and strong experience with CyberArk Privileged Access Management (PAM) and Google Cloud Platform (GCP) IAM.

You will ensure secure privileged access, enforce least-privilege controls, support incident response, and collaborate with security, infrastructure, and compliance teams to maintain a resilient access posture.

What You'll Do

CyberArk Operations: Perform day-to-day tasks in CyberArk (Vault, PVWA, CPM, PSM): onboarding/offboarding accounts, safe management, password rotations, and routine configuration changes.

Advanced CyberArk Administration: Lead complex CyberArk activities:

safe/policy design, CPM/PSM tuning, Vault administration, integrations with target systems, and troubleshooting replication or performance issues.

GCP IAM Architecture & Governance: Design and implement GCP IAM role models, least-privilege strategies, organization policies, and service account lifecycle management.

Incident Response & RCA: Lead investigations for escalated incidents, perform root cause analysis, and implement corrective actions.

Automation & Integration: Develop automation (PowerShell, Python, bash) for onboarding, credential rotation, reporting.

Platform Improvements & Hardening: Propose and implement enhancements, hardening, upgrades, and performance improvements for PAM and cloud IAM tooling.

Audit & Compliance Leadership: Drive complex access reviews, produce audit artifacts, and implement remediation plans for findings.

Cross-Functional Collaboration: Partner with security architects, cloud teams, and application owners to design secure access patterns and support projects and migrations.

Mentorship & Knowledge Sharing: Mentor L1 engineers, review runbooks, and lead knowledge transfer sessions.

Hands-On L1 Support & Team Enablement: Actively perform L1 operational tasks during peak load, backlogs, or on-call rotations to ensure SLA adherence; pair with L1 engineers on tickets to accelerate resolution and transfer tacit knowledge.

Process & Capacity Improvements: Identify recurring operational gaps, update runbooks, implement automation or process changes, and help prioritize L1 backlog and training needs.

Escalation Ownership: Serve as the primary technical escalation point for L1 issues, coordinating fixes, workarounds, and follow-ups until closure.

Required Qualifications:

Education: Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or related field.

Experience: 3–6 years with significant IAM/PAM experience in enterprise environments.

CyberArk: Deep hands-on experience administering Vault, PVWA, CPM, PSM; experience with integrations, high-availability, and upgrades.

GCP: Strong experience designing and operating GCP IAM at scale, including organization policies and service account governance.

Automation: Proficiency in scripting/automation (Python, PowerShell, or Cloud SDK) and experience building automation for IAM workflows.

Troubleshooting: Proven ability to perform advanced troubleshooting, RCA, and remediation.

Collaboration: Experience working with security architecture, cloud, and application teams on secure access designs.

Audit & Compliance: Experience supporting audits and implementing remediation for IAM/PAM findings.

Highly Desired (Bonus Points):

Certifications: CyberArk certifications (Defender/Trustee/Sentry), GCP Associate/Professional certifications, or relevant security certs (CISSP, CISM).

Other IAM Tools: Exposure to identity governance tools (SailPoint), SSO/MFA platforms (Okta, Azure AD), or secrets managers (Hashi Corp Vault).

SIEM/SOC Integration: Experience integrating PAM events with SIEM and working with SOC processes.

Cloud Security: Broader cloud security experience across AWS/Azure and familiarity with cloud native security controls.

Soft Skills: Strong stakeholder management, ability to explain technical concepts to non-technical audiences, and mentoring experience.