Apply on Kit Job: kitjob.ca/job/2fx9ut

Role: Senior Identity & Access Management (IAM) Engineer – Cyber Ark & Microsoft Entra ID

Location Toronto, Canada ON - M5S 1K9 (Hybrid)

Contract

Role Overview

We are seeking a seasoned Identity & Access Management (IAM) Engineer to support and enhance enterprise IAM and PAM capabilities. The role will focus on Cyber Ark Privileged Access Management, Microsoft Entra ID (Azure AD as IdP), and modern authentication technologies including SSO, OAuth/OIDC, and MFA across cloud and on‑prem environments.

The ideal candidate has hands-on delivery experience in large-scale enterprise or regulated environments (banking, financial services, healthcare, or similar).

Key Responsibilities

Identity Provider & Access Management

- Design, configure, and support Microsoft Entra ID (Azure AD) as the primary Identity Provider (IdP).
- Implement and manage Single Sign-On (SSO) for SaaS, cloud, and custom applications.
- Configure and support authentication protocols:
- OAuth 2.0
- OpenID Connect (OIDC)
- SAML 2.0
- Implement and maintain Multi-Factor Authentication (MFA) and Conditional Access policies.
- Support identity lifecycle management, RBAC, and least-privilege access models.

Privileged Access Management (Cyber Ark)

- Implement, administer, and support Cyber Ark PAM solutions, including:
- Vault
- CPM (Central Policy Manager)
- PSM / PSMP
- Onboard privileged accounts (Windows, Linux/Unix, DB, Application, Cloud).
- Manage password rotation,



access workflows, and session monitoring.
- Perform Cyber Ark troubleshooting, upgrades, patching, and health checks.

Security, Compliance & Operations

- Ensure IAM and PAM controls align with enterprise security standards and regulatory requirements (SOX, SOC2, ISO, etc.).
- Support internal and external audits related to identity and access.
- Work with Security, Infrastructure, Cloud, and Application teams on integrations.
- Provide L2/L3 operational support and incident resolution.
- Prepare technical documentation, runbooks, and SOPs.

Required Skills & Qualifications

Mandatory Skills

- 5–8 years of experience in Identity & Access Management.
- Robust hands-on experience with Cyber Ark PAM.
- Strong hands-on experience with Microsoft Entra ID (Azure AD) as an Identity Provider (IdP).
- Proven experience implementing:
- SSO
- OAuth 2.0
- OpenID Connect (OIDC)
- SAML 2.0
- MFA
- Solid understanding of Active Directory, LDAP, and authentication flows.
- Experience supporting enterprise-scale IAM solutions in production environments.

Preferred / Nice-to-Have

- Cloud exposure: GCP (preferred).
- Scripting experience (Power Shell, Python).
- IAM/PAM experience in financial services or regulated industries.
- Relevant certifications:
- Cyber Ark Certification (CDE, Sentry)
- Microsoft Identity & Security certifications

Apply on Kit Job: kitjob.ca/job/2fx9ut

📌 Identity & Access Management (IAM) Engineer – CyberArk & Microsoft Entra ID (Toronto)
🏢 E-IT
📍 Toronto