Senior IAM Engineer

Kforce is seeking a Senior IAM Engineer for a remote, contract-to-hire role. The ideal candidate will architect and deploy end-to-end privileged access solutions, collaborating with cross-functional teams to ensure successful CyberArk deployments and integrations with SailPoint and other IAM platforms. Responsibilities include designing, deploying, and maintaining enterprise-grade CyberArk PAM solutions, leading broader IAM solution implementation, developing automation scripts, and ensuring compliance with security frameworks and audit requirements.

Must Have

• Design, architect, and deploy enterprise-grade CyberArk Privileged Access Management (PAM) solutions.
• Lead technical design and implementation of broader Identity and Access Management (IAM) solutions.
• Develop and maintain automation scripts (PowerShell, Python, REST APIs).
• Implement secure configurations, patch management, and least privilege models.
• Perform security baseline and hardening in line with industry (NIST, CIS) benchmarks.
• Collaborate with Security Operations to monitor privileged accounts and participate in incident investigations.
• Lead integrations between CyberArk and enterprise identity, authentication solutions (Azure AD/Entra ID, Okta, AWS IAM).
• Ensure PAM and IAM controls meet regulatory and audit requirements (NIST, SOX, NYDFS).
• Maintain thorough documentation and evidence for audits.
• Work closely with infrastructure, application, and audit teams.
• Provide technical mentorship and contribute to enterprise IAM standards.
• 8+ years of experience implementing, configuring, and managing CyberArk Privilege Cloud and Identity Security Platform Shared Services (ISPSS).
• Deep understanding of secure design, onboarding, policy configuration, and lifecycle management in cloud-native deployments.
• Strong background in designing scalable and secure CyberArk Privilege Cloud architectures.
• Broad understanding of IAM principles including authentication, authorization, SSO, MFA, and directory services.
• Proficiency in scripting languages such as PowerShell, Python, or REST APIs to automate PAM operations.
• Demonstrated success integrating CyberArk Privilege Cloud with enterprise platforms (IDPs, ITSM, identity governance solutions).
• Knowledge of regulatory and security frameworks such as NIST, CIS, SOX, and NYDFS.
• Experience managing privileged access and secrets in AWS and Azure environments.

Good to Have

• CyberArk Guardian, CyberArk Sentry, CyberArk Defender, CISSP, GIAC Certifications.
• Proficiency integrating PAM solutions into CI/CD pipelines, cloud-native platforms, and DevOps workflows.
• Familiarity with automating access reviews, integrating PAM telemetry into SIEM platforms (InsightIDR, Sentinel).

Perks & Benefits

• Comprehensive medical/dental/vision insurance
• HSA
• FSA
• 401(k)
• Life, disability & ADD insurance
• Paid time off (for salaried personnel)
• Paid sick leave (for hourly employees on a Service Contract Act project)

Kforce is looking for a Senior IAM Engineer for a remote, contract to hire opportunity. The ideal candidate will architect end-to-end privileged access solutions, collaborate with cross-functional teams, and ensure the success of CyberArk deployments, while supporting integrations with SailPoint and other IAM platforms. Responsibilities:

• Design, architect, and deploy enterprise-grade CyberArk Privileged Access Management (PAM) solutions that align with organizational security and compliance objectives
• Lead the technical design and implementation of broader Identity and Access Management (IAM) solutions across the enterprise, ensuring scalability, automation, and alignment with business and security requirements
• Develop and maintain automation scripts (e.g., PowerShell, Python, REST APIs) to enhance provisioning, access control, and system monitoring processes
• Implement secure configurations, patch management, and least privilege models across CyberArk components and integrated systems
• Perform security baseline and hardening in line with industry (NIST, CIS) benchmarks
• Collaborate with Security Operations to monitor privileged accounts for anomalies or abuse, participate in incident investigations, and contribute to response for security events
• Lead integrations between CyberArk and enterprise identity, authentication solutions (e.g., Azure AD/Entra ID, Okta, AWS IAM)
• Ensure PAM and IAM controls meet regulatory and audit requirements (NIST, SOX, NYDFS).
• Maintain thorough documentation and evidence for audits
• Work closely with infrastructure, application, and audit teams to translate privileged access requirements into secure, scalable designs
• Provide technical mentorship, promote security best practices, and contribute to the evolution of enterprise IAM standards and security posture

Requirements

------------

• (Preferred) CyberArk Guardian, CyberArk Sentry, CyberArk Defender, CISSP, GIAC Certifications, or similar credentials
• 8+ years of proven experience implementing, configuring, and managing CyberArk Privilege Cloud and Identity Security Platform Shared Services (ISPSS) in enterprise environments
• Deep understanding of secure design, onboarding, policy configuration, and lifecycle management in cloud-native deployments
• Strong background in designing scalable and secure CyberArk Privilege Cloud architectures that integrate with hybrid identity environments (on-prem, AWS, Azure)
• Broad understanding of IAM principles including authentication, authorization, SSO, MFA, and directory services (Active Directory, Azure AD, Okta)
• Proficiency in scripting languages such as PowerShell, Python, or REST APIs to automate PAM operations, onboarding, and integrations across CyberArk and related systems
• Demonstrated success integrating CyberArk Privilege Cloud with enterprise platforms such as IDPs (Entra ID, Okta), ITSM (Jira Service Management, ServiceNow), and identity governance solutions (SailPoint)
• Knowledge of regulatory and security frameworks such as NIST, CIS, SOX, and NYDFS, with the ability to map PAM controls to compliance requirements
• Experience managing privileged access and secrets in AWS and Azure environments, leveraging CyberArk's cloud connectors and ISPSS services
• (Preferred) Proficiency integrating PAM solutions into CI/CD pipelines, cloud-native platforms, and DevOps workflows
• (Preferred) Familiarity with automating access reviews, integrating PAM telemetry into SIEM platforms (InsightIDR, Sentinel), and driving ongoing security posture enhancements