What are the responsibilities and job description for the Security Engineer – Identity & Privileged Access Management (IAM & PAM) position at Exegy?
About Exegy
Exegy is a global leader in intelligent market data, advanced trading systems, and future-proof technology. Exegy serves as a trusted partner to the complete ecosystem of the buy-side, sell-side, exchanges, and financial services technology firms around the globe. Headquartered in St. Louis with regional offices in North America, the UK/Europe and Asia Pacific, Exegy has the global footprint to deliver world-class support and managed services to its customer base of elite financial market participants.
Job Summary
The Security Engineer – IAM & PAM is responsible for designing, implementing, and operating identity, authentication, authorization, and privileged access controls across the enterprise. This role focuses on reducing over-provisioned access, enforcing least privilege, and ensuring access is appropriately granted, reviewed, and revoked in alignment with business risk, regulatory requirements, and security best practices.
This engineer partners with IT Operations, Security Architecture, GRC, HR, and Application Owners to ensure identity and access management supports both secure operations and business agility.
Responsibilities
Identity & Access Engineering
Technical Experience
Exegy is a global leader in intelligent market data, advanced trading systems, and future-proof technology. Exegy serves as a trusted partner to the complete ecosystem of the buy-side, sell-side, exchanges, and financial services technology firms around the globe. Headquartered in St. Louis with regional offices in North America, the UK/Europe and Asia Pacific, Exegy has the global footprint to deliver world-class support and managed services to its customer base of elite financial market participants.
Job Summary
The Security Engineer – IAM & PAM is responsible for designing, implementing, and operating identity, authentication, authorization, and privileged access controls across the enterprise. This role focuses on reducing over-provisioned access, enforcing least privilege, and ensuring access is appropriately granted, reviewed, and revoked in alignment with business risk, regulatory requirements, and security best practices.
This engineer partners with IT Operations, Security Architecture, GRC, HR, and Application Owners to ensure identity and access management supports both secure operations and business agility.
Responsibilities
Identity & Access Engineering
- Design, implement, and maintain IAM and PAM platforms supporting workforce, privileged, and service identities
- Enforce least-privilege access models, role-based access control (RBAC), and attribute-based access control (ABAC) where appropriate
- Implement strong authentication controls, including MFA, conditional access, and phishing-resistant authentication
- Manage privileged identities for administrative, infrastructure, cloud, and application accounts
- Eliminate shared, standing, and unmanaged privileged accounts through vaulting, just-in-time (JIT) access, and session recording
- Ensure privileged access is time-bound, approved, logged, and auditable
- Lead initiatives to identify and remediate over-provisioned access, orphaned accounts, and excessive entitlements
- Design and operate access review and certification processes in collaboration with GRC and business owners
- Integrate IAM with HR systems and ITSM to automate joiner, mover, and leaver workflows
- Partner with Risk and GRC teams to align IAM/PAM controls to ISO 27001, NIST, CIS Controls, and regulatory requirements
- Perform periodic access risk assessments and provide remediation recommendations
- Develop metrics that demonstrate risk reduction, such as decreased standing privileged access, faster de-provisioning, and reduced audit findings
- Support security incident investigations related to identity misuse, credential compromise, or privilege escalation
- Ensure IAM and PAM logs integrate with SIEM and monitoring platforms for visibility and alerting
Technical Experience
- 5 years of experience in information security or identity engineering, with deep focus on IAM and/or PAM programs
- Hands-on experience designing, implementing, and operating enterprise IAM and PAM platforms (e.g., Azure AD / Entra ID, Okta, Ping, CyberArk, BeyondTrust, Delinea, HashiCorp Vault, or comparable solutions)
- Proven experience building and maintaining RBAC models, automating joiner-mover-leaver workflows, and leading entitlement cleanup initiatives
- Strong working knowledge of modern authentication and authorization protocols (SAML, OAuth, OIDC, LDAP, Kerberos)
- Experience integrating identity systems across cloud platforms, SaaS applications, on-prem infrastructure, and CI/CD pipelines
- Demonstrated experience reducing access-related audit findings and closing identity control gaps
- Working knowledge of common security and compliance frameworks (e.g., ISO 27001 Annex A, NIST SP 800-53, CIS Controls), with emphasis on access control and identity safeguards
- Ability to translate security and compliance requirements into practical, scalable identity controls that support business operations
- Effective partner to IT, Security, HR, and business teams to align identity controls with real-world workflows
- Comfortable communicating access risk, least-privilege principles, and control decisions to both technical and non-technical stakeholders
- Organized and process-oriented, with the judgment to balance security rigor, operational efficiency, and user experience
- Exposure to regulated environments such as SOX, PCI-DSS, HIPAA, or similar compliance frameworks
- Experience working with identity governance (IGA) platforms, access reviews, or access analytics
- Relevant security or identity certifications (e.g., CISSP, CISM, GIAC, or IAM/PAM vendor certifications) are beneficial but not required