
Airitos, LLC
Remote Jobs
Identity and Access Management Consulting
11 Jobs
Role Description We are looking for an experienced Active Directory and Microsoft Entra ID engineer to lead the hands-on execution of an on-premises Active Directory to Entra ID migration for a large fintech organization. Working under the direction of a solution architect, you will own the build, configuration, migration, testing, and documentation work throughout the project. This role is well-suited for a deeply technical engineer who is comfortable operating with ambiguity in a complex enterprise environment and who has migrated real AD estates before. Experience in banking, financial services, or other regulated industries is a strong plus. Key Responsibilities - Execute discovery and assessment of the on-premises Active Directory environment and Microsoft 365 tenant, and document findings and dependencies - Contribute to migration design and tool selection alongside the architect - Perform Entra ID configuration, identity synchronization, and authentication setup - Run test migrations, then migrate and validate users, groups, and service accounts - Configure identity security controls including MFA, Conditional Access, and self-service password reset - Support endpoint and device management integration through Microsoft Intune - Produce as-built documentation and deliver administrator training and operational handoff Qualifications - 5+ years of hands-on directory services engineering, including extensive experience supporting and troubleshooting on-premises Active Directory (authentication, DFS, GPO, LDAP) - Demonstrated experience executing AD to Entra ID migrations in complex enterprise environments - Strong working knowledge of Entra Connect and authentication methods (Password Hash Sync, Pass-through Authentication, ADFS) - Hands-on experience with Microsoft Intune, including device compliance and Entra ID Join and Hybrid Join - Experience with Conditional Access, MFA, and identity protection in a cloud-first model - Solid grasp of AD security, common vulnerabilities and safeguards, and Tier-0 security boundaries - Understanding of modern authentication (OIDC, SAML, Kerberos) and access control models (RBAC, PBAC, ABAC) - Working familiarity with Azure environments - Ability to author technical documentation and conduct knowledge transfer sessions Preferred Qualifications - Experience planning and running phased migration waves with defined pilot cohorts and rollback criteria - Familiarity with GPO-to-Intune policy migration - Experience with certificate services and cloud PKI approaches - Prior work in financial services or other highly regulated industries - Bachelor's degree in Computer Science or equivalent training, education, and work experience Requirements - Must be based in the United States and authorized to work without sponsorship - Must be available for occasional on-site travel (expenses covered by the client) - Must be able to pass a background check
• Elicit, document, and manage business and functional requirements for authentication and identity workflows including login, multi-factor authentication, account recovery, and credential consolidation • Analyze and map current-state identity journeys, documenting pain points, embedded business logic, and integration dependencies • Translate requirements into user stories, process flows, and functional specifications consumable by engineering and architecture teams • Partner with identity architects, UI developers, and security engineers to validate that solutions meet business and compliance requirements • Support the design and documentation of the identity Abstraction Layer, ensuring application team requirements are captured and reflected in the vendor-agnostic integration model • Facilitate working sessions and workshops with business and technology stakeholders to surface requirements and drive alignment • Maintain a requirements traceability matrix and ensure requirements are tracked through delivery • Identify gaps, risks, and dependencies across workstreams and escalate appropriately • Produce clear, well-organized documentation including BRDs, user stories, process maps, and meeting summaries
• Design and build user-facing authentication components including login pages, multi-factor authentication flows, and account recovery experiences across web, Android, and iOS • Develop and maintain SDKs and UI libraries that integrate with underlying identity vendor services (Transmit, Ping, Arcus Labs, ThreatMetrix, and others) • Contribute to the identity Abstraction Layer, a vendor-agnostic library that decouples application teams from specific identity vendor SDKs • Collaborate with identity architects, backend API teams, and security engineers to ensure UI implementations align with authentication protocols and security requirements • Implement passkey and passwordless flows using FIDO2/WebAuthn standards • Build with forward compatibility in mind to support credential consolidation across multiple products and business lines over time • Maintain documentation for components, integration guides, and change requests in alignment with enterprise change management policies • Support testing, accessibility compliance, and performance optimization across all platforms
• Design and build user-facing authentication components including login pages, multi-factor authentication flows, and account recovery experiences across web, Android, and iOS • Develop and maintain SDKs and UI libraries that integrate with underlying identity vendor services (Transmit, Ping, Arcus Labs, ThreatMetrix, and others) • Contribute to the identity Abstraction Layer, a vendor-agnostic library that decouples application teams from specific identity vendor SDKs • Collaborate with identity architects, backend API teams, and security engineers to ensure UI implementations align with authentication protocols and security requirements • Implement passkey and passwordless flows using FIDO2/WebAuthn standards • Build with forward compatibility in mind to support credential consolidation across multiple products and business lines over time • Maintain documentation for components, integration guides, and change requests in alignment with enterprise change management policies • Support testing, accessibility compliance, and performance optimization across all platforms
• Integrate front-end portal components with IAM APIs to support real-time identity creation and provisioning • Deploy and configure APIs on gateways and developer portals • Perform data transformation and integration across middleware layers, orchestration engines, and IAM platforms • Troubleshoot and resolve API issues using simulators, log analysis, and other diagnostic tools • Partner with IAM engineers, application teams, and cross-functional stakeholders across multiple brands and geographies • Support phased global rollout activities, including coordination across multiple time zones • Contribute to SDLC processes and participate in automated deployment pipelines
• Architect, deploy, and operationalize enterprise identity and access management solutions across the full Verify platform • Design and implement IBM Verify architecture across SaaS and hybrid enterprise environments • Stand up and configure IBM Verify Identity Access (v11), including reverse proxy, web and API gateways, and junction configuration • Deploy containerized Verify Identity Access on OpenShift or Kubernetes, including Helm-based configuration • Build multi-environment setups (DEV, QA, PROD) following platform best practices • Configure Verify SaaS tenants, application onboarding, and connectivity to enterprise systems • Implement secure configuration aligned with enterprise security standards • Configure SSO across SAML, OIDC, and OAuth 2.0 • Implement MFA, including passwordless, biometric, and one-time-passcode methods • Configure adaptive and risk-based access using the platform risk engine • Build identity orchestration and authentication flows using the no-code flow designer • Integrate consumer and workforce access use cases • Integrate IBM Verify with Active Directory, HR systems, and cloud directories • Onboard target applications using connectors, API-based provisioning, and SCIM • Configure provisioning policies, access governance, and certification campaigns where Verify Identity Governance is in scope • Implement role-based access control and segregation-of-duties controls • Develop custom adapters and API integrations where required • Architect HA and failover for on-premises and containerized Verify Identity Access deployments • Design load balancing and failover strategies for hybrid components • Develop and test disaster recovery procedures for self-managed components • Tune performance, including connection pooling, session handling, and reconciliation throughput • Conduct capacity planning and resolve system bottlenecks • Automate builds and deployments using scripting (Shell, Python, Ansible) • Develop environment provisioning and configuration scripts • Support CI/CD integration for containerized Verify components • Maintain infrastructure-as-code where possible • Create architecture diagrams and build documentation • Develop operational runbooks • Provide handover documentation to support teams
PAM Engineer - CyberArk Job Description We are seeking an experienced PAM Engineer with deep CyberArk expertise to join an active implementation project at a major financial services client. CyberArk is already deployed in the environment, and this role will focus on expanding coverage, onboarding accounts, building out integrations, and driving the implementation toward completion. This is a hands-on consulting engagement requiring someone who can hit the ground running with minimal ramp-up. Professional Responsibilities - Onboard privileged accounts across Windows, Linux/Unix, databases, network devices, and cloud platforms into CyberArk Vault - Configure and manage CPM (Central Policy Manager) plugins and policies for automated password rotation - Deploy and troubleshoot PSM (Privileged Session Manager) and PSM for SSH/Web connectors - Build and customize CyberArk platforms, connection components, and usage profiles to meet client requirements - Integrate CyberArk with enterprise directories (Active Directory, LDAP), SIEM, ticketing systems, and MFA providers - Support Secrets Manager / Conjur or Application Access Manager (AAM) implementations for application credential management - Develop and refine safe structures, access control policies, and role-based access workflows - Troubleshoot vault, connector, and component issues across Dev, UAT, and Production environments - Participate in change management processes and document configurations, runbooks, and operational procedures - Collaborate with client security, infrastructure, and application teams to plan and execute onboarding waves - Support audit and compliance requirements by ensuring session recording, access logging, and reporting are properly configured Professional Skills - Strong working knowledge of CyberArk Privileged Access Security (PAS) suite, including Vault, PVWA, CPM, PSM, and AAM/Conjur - Proficiency with CyberArk platform customization, including CPM plugins, PSM connectors, and connection components - Experience with REST API integrations and CyberArk CLI utilities (PACli, RESTAPI) - Solid understanding of Windows Server, Active Directory, Group Policy, and Linux/Unix system administration - Familiarity with networking fundamentals (DNS, firewalls, load balancers) as they relate to CyberArk architecture - Working knowledge of cloud platforms (AWS, Azure, GCP) and managing cloud-native privileged accounts - Strong troubleshooting and log analysis skills across CyberArk components - CyberArk Certified Delivery Engineer (CDE) or CyberArk Defender certification preferred - Clear written and verbal communication skills, comfortable working directly with client stakeholders Professional Experience - 3+ years of hands-on CyberArk implementation and administration experience - Demonstrated experience with large-scale account onboarding and platform buildout projects - Prior consulting or client-facing delivery experience, comfortable operating with autonomy in a client environment - Experience working within regulated industries (financial services, banking, insurance) and familiarity with compliance frameworks such as SOX, PCI-DSS, FFIEC, or NIST is a strong plus - Background in broader IAM or security operations is a plus - Experience participating in change advisory board (CAB) processes and enterprise release management workflows - Remote position, with possible infrequent travel to client site - Must be authorized to work in the USA
• Integrate front-end portal components with IAM APIs for real-time identity creation and provisioning • Deploy and configure APIs on gateways and developer portals • Troubleshoot and resolve API issues using a variety of tools including simulators and log analysis • Perform integration and data transformation between middleware layers, orchestration engines, and IAM platforms. • Work closely with IAM engineers, application teams, and other stakeholders across brands and regions • Support phased global rollout activities across multiple time zones.
• Design and implement enterprise-grade ISAM / ISVA architecture • Install and configure: ISVA Virtual Appliances (Access Control, Federation, Advanced Access Control) • Web Reverse Proxy (WRP) Policy Server Runtime components • Configure clustered deployments for scalability and redundancy • Design and implement multi-tier environments (DEV, QA, PROD) • Implement secure baseline configurations aligned with enterprise standards • Design and configure: Appliance clustering Runtime high availability Session failover and replication Load balancing strategies (F5, Netscaler, etc.) • Implement multi-data center deployments where required • Develop and test disaster recovery procedures • Configure database replication (if applicable) • Perform failover and resiliency testing • Integrate ISAM/ISVA with: Active Directory / LDAP • SAML 2.0 / OIDC / OAuth providers • Enterprise applications (on-prem and cloud) • MFA providers • Implement: Reverse proxy junctions Access control policies Federation trust relationships Adaptive authentication and step-up authentication • Configure advanced access control policies and contextual risk-based access • Tune reverse proxy performance and connection handling • Optimize authentication flows and federation transactions • Conduct performance testing and capacity planning • Troubleshoot latency, session issues, and authentication failures • Automate appliance configuration using REST APIs and scripting • Develop deployment automation (Shell, Python, Ansible, etc.) • Support CI/CD integration for configuration promotion • Implement configuration backup and version control processes • Produce detailed architecture and topology diagrams • Document build procedures and operational runbooks • Provide structured handoff to operations/support teams
• Platform Architecture & Deployment • Design and implement IBM ISIM / ISVG architecture for enterprise environments • Install and configure: WebSphere Application Server (WAS / Liberty) • IBM DB2 (or supported RDBMS) • LDAP directories (e.g., IBM SDS, AD, etc.) • IBM HTTP Server / load balancers • Build multi-tier environments (DEV, QA, PROD) following best practices • Configure clustering for WebSphere and ISIM application components • Implement secure configuration aligned with enterprise security standards • Architect and configure: WebSphere clustering • Database HA (HADR, clustering, replication) • LDAP replication • Load balancing and failover strategies • Develop and test disaster recovery procedures • Implement backup and recovery strategies • Perform failover testing and performance tuning • Integrate ISIM/ISVG with: Active Directory • HR systems • Target applications (via adapters or APIs) • SSO / Federation systems • Configure workflows, provisioning policies, access governance, and certifications • Develop and customize adapters where necessary • Implement role-based access control (RBAC) models • Tune JVMs, connection pools, and database performance • Optimize reconciliation and provisioning performance • Conduct capacity planning and scaling analysis • Monitor and resolve system bottlenecks • Automate builds and deployments using scripting (Shell, Python, Ansible, etc.) • Develop environment provisioning scripts • Support CI/CD integration where applicable • Maintain infrastructure-as-code where possible • Create detailed architecture diagrams and build documentation • Develop operational runbooks • Provide handover documentation to support teams
1more opportunities are still waiting for you.Log in now and take your next shot before someone else does.