Sr. Cybersecurity Specialist

Senior Cybersecurity Specialist (IAM)

Location: Must live within 200 miles of Nassau County, New York

(Required to be onsite a few days per quarter)

Role Overview

This is a senior-level IAM engineering and governance role responsible for defining IAM requirements, designing enterprise access workflows, and driving remediation and compliance across a complex hybrid environment. While not a hands-on configuration position, it requires deep technical expertise in CyberArk, SailPoint, and Okta, with the ability to architect policies, validate controls, and guide technical teams on implementation.

The role ensures the security, reliability, and audit readiness of all identity, authentication, and privileged access processes. You will partner with infrastructure, cloud, cyber operations, and application teams to enforce IAM standards, evaluate risks, and continuously improve access controls.

Core Responsibilities

IAM Architecture & Requirements Engineering

• Define enterprise IAM requirements, standards, and control objectives across SSO, MFA, PAM, and identity lifecycle workflows.
• Translate business/security needs into policy, process, and technical control designs for CyberArk, SailPoint, and Okta.
• Develop architecture-aligned access workflows for onboarding, offboarding, role changes, and privileged access requests.

Identity Governance & Access Control

• Drive policy creation and enforcement for provisioning, de-provisioning, and recertification.
• Design and maintain RBAC, least privilege models, and JIT access frameworks.
• Lead remediation efforts for SoD conflicts, excessive access, stale accounts, and privileged account drift.

Authentication & Federation Governance

• Oversee federation and authentication standards (SAML, OAuth, OIDC) across cloud and on-prem systems.
• Validate integration patterns for Active Directory, Azure AD, LDAP, and enterprise SaaS IAM controls.

Cloud & Hybrid IAM Risk Management

• Define IAM guardrails for AWS/Azure, ensuring proper role design, trust relationships, and identity boundaries.
• Evaluate cloud IAM architectures for compliance against internal standards and frameworks (SOX, NIST).

Audit, Monitoring & Remediation

• Lead IAM components of ITGC, SOX, and risk assessments; coordinate evidence and remediation.
• Review logs, entitlement data, and access patterns to identify control gaps or threats.
• Support incident response with access-related root cause analysis and corrective action plans.

Automation, Standards & Workflow Optimization

• Define automation requirements for IAM processes; guide scripting/automation teams (PowerShell, Python).
• Establish workflows and governance models for identity lifecycle, privileged access, and federation.

Cross-Team Leadership

• Communicate technical IAM risks, requirements, and remediation strategies to security, IT, and business leaders.
• Serve as the subject matter expert for CyberArk, SailPoint, and Okta architecture, standards, and best practices.

Qualifications

• Bachelor’s degree (or 10 years cyber experience in lieu of degree).
• 6 years in IAM engineering, security architecture, or enterprise access governance.
• Expertise with CyberArk, SailPoint, and Okta in large enterprise ecosystems.
• Deep understanding of authentication standards (SAML, OAuth, OIDC) and directory services.
• Knowledge of SOX, NIST, CIS, and cloud IAM frameworks.
• Scripting familiarity (PowerShell, Python, Bash) for reviewing, designing, or defining automation workflows.
• Strong communication and technical leadership skills.

Preferred Certifications

• CISSP, CISM, or IAM-focused certifications
• Experience integrating IAM with CI/CD pipelines
• Familiarity with API/SDK security patterns

Must be a U.S. citizen or lawful permanent resident (green card holder) due to regulatory and security requirements for this position.