Apply on Kit Job: kitjob.ca/job/2g947p

Role: Senior Identity & Access Management (IAM) Engineer – CyberArk & Microsoft Entra ID

Location Toronto, Canada ON - M5S 1K9 (Hybrid)

Implementation partner - ********

End client - Confidential

Exp - 8+

Role Overview

We are seeking a seasoned Identity & Access Management (IAM) Engineer to support and enhance enterprise IAM and PAM capabilities. The role will focus on CyberArk Privileged Access Management, Microsoft Entra ID (Azure AD as IdP), and modern authentication technologies including SSO, OAuth/OIDC, and MFA across cloud and on‑prem environments.

The ideal candidate has hands-on delivery experience in large-scale enterprise or regulated environments (banking, financial services, healthcare, or similar).

Key Responsibilities

Identity Provider & Access Management

- Design, configure, and support Microsoft Entra ID (Azure AD) as the primary Identity Provider (IdP).
- Implement and manage Single Sign-On (SSO) for SaaS, cloud, and custom applications.
- Configure and support authentication protocols:
- OAuth 2.0
- OpenID Connect (OIDC)
- SAML 2.0
- Implement and maintain Multi-Factor Authentication (MFA) and Conditional Access policies.
- Support identity lifecycle management, RBAC, and least-privilege access models.

Privileged Access Management (CyberArk)

- Implement, administer, and support CyberArk PAM solutions, including:
- Vault
- CPM (Central Policy Manager)
- PSM / PSMP
- Onboard privileged accounts (Windows, Linux/Unix, DB, Application, Cloud).
- Manage password rotation, access workflows, and session monitoring.
- Perform CyberArk troubleshooting, upgrades, patching, and health checks.

Security,



Compliance & Operations

- Ensure IAM and PAM controls align with enterprise security standards and regulatory requirements (SOX, SOC2, ISO, etc.).
- Support internal and external audits related to identity and access.
- Work with Security, Infrastructure, Cloud, and Application teams on integrations.
- Provide L2/L3 operational support and incident resolution.
- Prepare technical documentation, runbooks, and SOPs.

Required Skills & Qualifications

Mandatory Skills

- 5–8 years of experience in Identity & Access Management.
- Strong hands-on experience with CyberArk PAM.
- Strong hands-on experience with Microsoft Entra ID (Azure AD) as an Identity Provider (IdP).
- Proven experience implementing:
- SSO
- OAuth 2.0
- OpenID Connect (OIDC)
- SAML 2.0
- MFA
- Solid understanding of Active Directory, LDAP, and authentication flows.
- Experience supporting enterprise-scale IAM solutions in production environments.

Preferred / Nice-to-Have

- Cloud exposure: GCP (preferred).
- Scripting experience (PowerShell, Python).
- IAM/PAM experience in financial services or regulated industries.
- Relevant certifications:
- CyberArk Certification (CDE, Sentry)
- Microsoft Identity & Security certifications

Soft Skills

- Strong analytical and troubleshooting abilities.
- Explicit communication with technical and non-technical stakeholders.
- Ability to work independently and within cross-functional teams.
- Experience working with distributed / global teams.

Education

- Bachelor’s degree in Computer Science, Engineering, Information Security, or equivalent experience.

--

Apply on Kit Job: kitjob.ca/job/2g947p

📌 Identity Management Consultant (Toronto)
🏢 Rivago Infotech
📍 Toronto