IAMPAM PKI Engineer-Saudi National

Operate and improve enterprise Identity security capabilities with focus on Cerebra mPass (MFA) and CyberArk (PAM). You will stabilize day to day operations drive onboarding and policy improvements and prepare the roadmap for Windows Hello for Business migration and future adoption of SailPoint (IGA) BeyondTrust (PAM) and Thales HSM for PKI. Strong troubleshooting documentation and audit evidence discipline are essential.

Key Responsibilities

MFA. Cerebra mPass

• Design configure and support Cerebra mPass MFA policies integrations and user onboarding.
• Integrate MFA with enterprise systems (VPN remote access cloud apps internal applications) using standard authentication protocols.
• Monitor authentication flows troubleshoot access issues and improve reliability and user experience.
• Prepare and execute the migration roadmap from mPass to Windows Hello for Business including pilot planning risk management and cutover support.

PAM. CyberArk (Current). BeyondTrust (Future)

• Operate and scale CyberArk (safes platforms CPM/PSM health onboarding rotations access workflows).
• Drive privileged account onboarding and operational hygiene (break glass vault policies RBAC session controls).
• Support evaluation and future rollout of BeyondTrust as needed (requirements migration planning operational model).

IGA. SailPoint (Future)

• Support readiness for IGA adoption (joiner mover leaver flows SoD concepts connector requirements campaign approach reporting needs).
• Contribute to implementation planning and operational runbooks once adopted.

PKI coordination. Thales HSM (Future)

• Coordinate certificate lifecycle processes and integrations with the AD and PKI stakeholders.
• Support discovery inventory renewal tracking and certificate operational processes.
• Participate in planning for HSM-backed PKI with Thales (key ceremony concepts dual control CRL/OCSP operational readiness). Note: day to day AD CS administration is owned by the AD team.

Operations compliance and delivery hygiene

• Ensure IAM MFA and PAM events are visible in SIEM. Maintain health KPIs and reduce alert noise.
• Execute changes via ITSM with clear testing validation rollback and post change checks.
• Lead or support RCA for major incidents. Publish SOPs runbooks and hardening guidance.
• Produce audit ready evidence aligned with KSA cybersecurity requirements including access controls and privileged access governance.

Automation

• Use PowerShell Python and REST APIs to automate onboarding rotations reporting and operational checks.

Qualifications :

Required Qualifications

• Saudi national. Bachelors degree or equivalent experience.
• Typically 5 years in IAM. Hands on experience in MFA and PAM operations at enterprise scale.
• Strong experience with Cerebra mPass (or equivalent MFA platform) and CyberArk.
• Solid understanding of authentication and identity concepts including SAML OAuth 2.0 OpenID Connect AD and LDAP.
• Strong troubleshooting stakeholder communication and documentation skills.
• Practical scripting skills (PowerShell or Python). Comfortable with REST APIs.

Preferred Qualifications

• Experience with enterprise MFA rollout and user adoption strategies.
• Exposure to Windows Hello for Business SailPoint or BeyondTrust.
• Experience operating in regulated environments with strong evidence and audit readiness.
• Certifications are a plus (CyberArk Microsoft Identity CISSP/CISM ITIL).

Additional Information :

Job Location: KSA

Remote Work :

No

Employment Type :

Full-time