Job Description
Company: 6AM City
Location: Raleigh, US
Role Description This role will be part of the IAM Architecture and Engineering function within SMBC. The individual will work with the Group Companies to provide elegant solutions that adhere to the core principles of Zero‑Trust, Just‑In‑Time and Just‑Enough‑Access while balancing it with a frictionless experience for end users and applications. The ideal candidate must be a subject‑matter expert in IAM and be aware of modern authentication protocols and industry standards.
The individual will play a key role in securing privileged identities, aligning PAM capabilities with zero‑trust and compliance frameworks, and using capabilities of products like CyberArk, Delinea (Thycotic), Microsoft Entra PIM, and other PAM toolsets.
Role Objectives Design and maintain end‑to‑end PAM architecture including vaulting, session monitoring, just‑in‑time access, and admin workflows
Lead deployment and configuration of CyberArk components (PVWA, CPM, PSM, Conjur, etc.)
Integrate CyberArk or Delinea Secret Server and/or other PAM tools into hybrid/cloud infrastructure
Implement and manage Microsoft Entra PIM for JIT elevation and role lifecycle controls
Architect and enforce least privilege models (RBAC, JIT, ABAC) across on‑prem and cloud platforms (Azure, AWS, GCP)
Partner with IAM, SOC, Security Architecture, Infrastructure and Application teams to enforce privilege identity policies
Automate PAM provisioning and approval workflows and integrate with Service Now
Maintain logging and monitoring of privilege activities and integration with SIEM tools like Microsoft Sentinel and Cribl
Document architecture, SOPs, onboarding processes, and contribute to policy documents
Research and evaluate PAM platforms, tools, and technologies that meet the organization’s needs
Provide guidance and mentorship to other team members on PAM best practices and emerging technologies
Provide guidance and documentation for Infrastructure/Database/Cloud/App teams to embed PAM services in their day‑to‑d
Source: BeBee