Sr. IAM Engineer- CyberArk
This position will be fully remote and can be hired anywhere in the continental U.S.
Optiv is seeking a Sr. Identity and Access Management Engineer. This is a hands-on role that will require direct involvement in all related technical and process related decisions specific to these and related technologies. How you'll make an impact:
Assess the client’s current production environment, identify operational risks and process gaps, and implement a scalable, business-aligned PAM/identity framework that strengthens control, reduces operational friction, and supports long-term operational resilience.
Work closely with business and technology leaders to drive PAM and identity initiatives that directly support production operations, ensuring access processes are efficient, sustainable, and aligned to the organization’s operating model.
Evaluate existing identity and privileged-access operating models — from access request flows and lifecycle processes to role structures, separation of duties, and certification cycles — identifying where the client’s production operations can be strengthened, streamlined, or matured.
Design and evolve privileged access and identity solutions that not only meet security requirements but also fit seamlessly into the client’s day-to-day operational model, producing actionable architectures and frameworks that elevate production reliability and accountability.
Build automated, self-service, and resilient privileged access and identity capabilities that reduce manual workload, enhance operational consistency, and minimize disruption across production environments. Implement customizations to address customer business requirements. Participate in security and application troubleshooting and incident problem resolutions with other infrastructure teams, including storage, messaging, server, and network.
Collaborate with various stakeholders, including IT teams, security teams, and business units, to implement effective and efficient identity and access management solutions.
Provide engineering support for complex and recurring incidents related to IAM platforms and perform root causes analysis in accordance with customer policies and standards.
Responsible for the standards, design, and operation of Sailpoint, BeyondTrust, CyberArk and related environments.
Apply deep expertise across Entra ID, Microsoft AD platforms, SailPoint, CyberArk, BeyondTrust, and PKI to integrate identity and privileged-access capabilities in a way that supports stable production operations and business continuity.
What we're hiring for:
Bachelor’s degree in Engineering, Information Technology, Computer Science, or related discipline preferred
5 + years of experience leading PAM and identity improvements in active production environments, with a focus on operational readiness, risk reduction, and scalable process design, required
Either CyberArk Certified Privilege Cloud (CPC) Delivery Engineer OR CyberArk Certified Delivery Engineer (CDE) strongly preferred. Candidates not currently certified must complete either CPC or CDE within the first 60 days of their start date.
Microsoft Certified IT Professional (Enterprise Administrator) preferred.
CISSP certification is a plus
Experience with cloud environments such as Azure/Entra/AWS/GCP cloud environments a bonus
Strong command of IAM/PAM foundations — including SSO, SCIM, OAuth, SAML, encryption, and PKI — and how these controls contribute to secure, dependable production operations.
Practical experience with the Microsoft ecosystem — AD, DNS, Group Policy, O365/Exchange, and Azure/Entra ID — to ensure privileged access and identity controls integrate smoothly into production systems and daily operational activities. Excellent communication skills, both verbal and written are required.
Solid understanding of how Role Based Access Control (RBAC) works in large, distributed environments.
Solid understanding of cybersecurity principles and best practices.
Excellent problem-solving and analytical skills.
Experience working with PAM systems
Experience with MFA protocols and techniques.
#LI-TW1
#LI-Remote
Salary Range Description
$92,300.00 - $126,600.00 Annual
The Hiring Range provided for this role is informed by (but not limited to) various factors including responsibilities of the position, work experience, education/training, internal peer equity, geography, as well as other market influences when extending an offer. The disclosed range has not been adjusted for these factors. This role may also be eligible to participate in a variable incentive-based bonus plan. Optiv offers a comprehensive compensation and benefits package, of which salary is a component.
What you can expect from Optiv
A company committed to championing Diversity, Equality, and Inclusion through our Employee Resource Groups.
Work/life balance
Professional training resources
Creative problem-solving and the ability to tackle unique, complex projects
Volunteer Opportunities. “Optiv Chips In” encourages employees to volunteer and engage with their teams and communities.
The ability and technology necessary to productively work remotely/from home (where applicable)
EEO Statement
Optiv is an equal opportunity employer. All qualified applicants for employment will be considered without regard to race, color, religion, sex, gender identity or expression, sexual orientation, pregnancy, age 40 and over, marital status, genetic information, national origin, status as an individual with a disability, military or veteran status, or any other basis protected by federal, state, or local law.
Optiv respects your privacy. By providing your information through this page or applying for a job at Optiv, you acknowledge that Optiv will collect, use, and process your information, which may include personal information and sensitive personal information, in connection with Optiv’s selection and recruitment activities. For additional details on how Optiv uses and protects your personal information in the application process, click here to view our Applicant Privacy Notice. If you sign up to receive notifications of job postings, you may unsubscribe at any time.
About the job
Apply for this position
Sr. IAM Engineer- CyberArk
This position will be fully remote and can be hired anywhere in the continental U.S.
Optiv is seeking a Sr. Identity and Access Management Engineer. This is a hands-on role that will require direct involvement in all related technical and process related decisions specific to these and related technologies. How you'll make an impact:
Assess the client’s current production environment, identify operational risks and process gaps, and implement a scalable, business-aligned PAM/identity framework that strengthens control, reduces operational friction, and supports long-term operational resilience.
Work closely with business and technology leaders to drive PAM and identity initiatives that directly support production operations, ensuring access processes are efficient, sustainable, and aligned to the organization’s operating model.
Evaluate existing identity and privileged-access operating models — from access request flows and lifecycle processes to role structures, separation of duties, and certification cycles — identifying where the client’s production operations can be strengthened, streamlined, or matured.
Design and evolve privileged access and identity solutions that not only meet security requirements but also fit seamlessly into the client’s day-to-day operational model, producing actionable architectures and frameworks that elevate production reliability and accountability.
Build automated, self-service, and resilient privileged access and identity capabilities that reduce manual workload, enhance operational consistency, and minimize disruption across production environments. Implement customizations to address customer business requirements. Participate in security and application troubleshooting and incident problem resolutions with other infrastructure teams, including storage, messaging, server, and network.
Collaborate with various stakeholders, including IT teams, security teams, and business units, to implement effective and efficient identity and access management solutions.
Provide engineering support for complex and recurring incidents related to IAM platforms and perform root causes analysis in accordance with customer policies and standards.
Responsible for the standards, design, and operation of Sailpoint, BeyondTrust, CyberArk and related environments.
Apply deep expertise across Entra ID, Microsoft AD platforms, SailPoint, CyberArk, BeyondTrust, and PKI to integrate identity and privileged-access capabilities in a way that supports stable production operations and business continuity.
What we're hiring for:
Bachelor’s degree in Engineering, Information Technology, Computer Science, or related discipline preferred
5 + years of experience leading PAM and identity improvements in active production environments, with a focus on operational readiness, risk reduction, and scalable process design, required
Either CyberArk Certified Privilege Cloud (CPC) Delivery Engineer OR CyberArk Certified Delivery Engineer (CDE) strongly preferred. Candidates not currently certified must complete either CPC or CDE within the first 60 days of their start date.
Microsoft Certified IT Professional (Enterprise Administrator) preferred.
CISSP certification is a plus
Experience with cloud environments such as Azure/Entra/AWS/GCP cloud environments a bonus
Strong command of IAM/PAM foundations — including SSO, SCIM, OAuth, SAML, encryption, and PKI — and how these controls contribute to secure, dependable production operations.
Practical experience with the Microsoft ecosystem — AD, DNS, Group Policy, O365/Exchange, and Azure/Entra ID — to ensure privileged access and identity controls integrate smoothly into production systems and daily operational activities. Excellent communication skills, both verbal and written are required.
Solid understanding of how Role Based Access Control (RBAC) works in large, distributed environments.
Solid understanding of cybersecurity principles and best practices.
Excellent problem-solving and analytical skills.
Experience working with PAM systems
Experience with MFA protocols and techniques.
#LI-TW1
#LI-Remote
Salary Range Description
$92,300.00 - $126,600.00 Annual
The Hiring Range provided for this role is informed by (but not limited to) various factors including responsibilities of the position, work experience, education/training, internal peer equity, geography, as well as other market influences when extending an offer. The disclosed range has not been adjusted for these factors. This role may also be eligible to participate in a variable incentive-based bonus plan. Optiv offers a comprehensive compensation and benefits package, of which salary is a component.
What you can expect from Optiv
A company committed to championing Diversity, Equality, and Inclusion through our Employee Resource Groups.
Work/life balance
Professional training resources
Creative problem-solving and the ability to tackle unique, complex projects
Volunteer Opportunities. “Optiv Chips In” encourages employees to volunteer and engage with their teams and communities.
The ability and technology necessary to productively work remotely/from home (where applicable)
EEO Statement
Optiv is an equal opportunity employer. All qualified applicants for employment will be considered without regard to race, color, religion, sex, gender identity or expression, sexual orientation, pregnancy, age 40 and over, marital status, genetic information, national origin, status as an individual with a disability, military or veteran status, or any other basis protected by federal, state, or local law.
Optiv respects your privacy. By providing your information through this page or applying for a job at Optiv, you acknowledge that Optiv will collect, use, and process your information, which may include personal information and sensitive personal information, in connection with Optiv’s selection and recruitment activities. For additional details on how Optiv uses and protects your personal information in the application process, click here to view our Applicant Privacy Notice. If you sign up to receive notifications of job postings, you may unsubscribe at any time.