Identity Systems Engineer (CyberArk)

Job Title: Identity Systems Engineer

Reporting to: Manager Identity and Access Management

Position Type: Permanent 35 hours per week

Hybrid

Overview:

Why Tokio Marine HCC

Standing still is not an option in the current world of Insurance. TMHCC are one of the worlds leading Specialty Insurers. With deep expertise in our chosen lines of business our unparalleled track record and a solid balance sheet TMHCC evaluates and manages risk like no one else in the industry. Looking beyond profit empowering our people and delivering on our commitments are at the core of our customer values and so is a desire to grow and provide creative and innovative solutions to our clients.

Job Purpose:

The Infrastructure Collaboration Engineering team is seeking a highly experienced Senior Identity & Privileged Access Management (PAM) Engineer with expertise in enterprise Identity and Access Management with primary specialization in CyberArk.

This role will serve as the technical lead and subject matter expert for Privileged Access Management (PAM) responsible for designing architecting implementing operating and maintaining CyberArk solutions integrated across Entra ID Active Directory and Okta environments.

The ideal candidate will possess deep end-to-end identity expertise while maintaining advanced hands-on skills in CyberArk PAS Privilege Cloud EPM Secrets Manager and identity governance integration patterns.

Key Responsibilities:

CyberArk (Primary Skillset Privileged Access Management)

Proven expert knowledge of CyberArk Privilege Access Security (PAS) and/or Privilege Cloud architecture deployment and administration
Design implement and maintain CyberArk Vault CPM (Central Policy Manager) PSM (Privileged Session Manager) and PTA (Privilege Threat Analytics)
Manage safes platforms account onboarding credential rotation policies and access controls
Implement Just-in-Time (JIT) privileged access models integrated with Entra PIM and AD tiering
Secure and rotate domain admin enterprise admin service accounts application accounts SSH keys and cloud credentials
Integrate CyberArk with Entra ID Active Directory and Okta for authentication and authorization workflows
Deploy and manage CyberArk Endpoint Privilege Manager (EPM) for least privilege enforcement
Implement CyberArk Secrets Manager / Conjur for DevOps and Kubernetes environments
Develop automation using REST APIs PowerShell and CyberArk tools
Design CyberArk disaster recovery and vault backup strategies
Integrate CyberArk logs with SIEM platforms and support audit/compliance requirements
Maintain alignment with Zero Trust security architecture principles
Stay current on CyberArk roadmap new features and evolving PAM security threats

Entra

Proven expert knowledge of Azure Entra ID capabilities such as Conditional Access Policies Privileged Identity Manager and Application Registrations integrated with CyberArk privileged access controls
Strong understanding of PIM and the assignment of roles / IAM permissions on Management Groups Subscriptions and Resources aligned with Just-in-Time access principles
Azure Infrastructure Management to include user accounts groups conditional policies Intune management mobile device management and endpoint security
Strong understanding of App registration Enterprise Apps SPNs and managed identities with the understanding of least privileged administration when it comes to MS Graph API allocation of permissions and secure credential storage in CyberArk
Strong understanding of multifactor authentication SSPR and WHfB ensuring secure privileged authentication workflows
Strong PowerShell scripting Skills automation and scheduling skills when working with data in Azure and integrating with CyberArk APIs
Good understanding of Intune polices management and autopilot
An individual that stays abreast of the latest Entra ID features best practices and security trends and make recommendations for continuous improvement

Active Directory

Strong background in Active Directory covering domains that span geo locations with numerous DCs and a user base of 5000 Strong understanding of DNS and GPOs user object and OU administration
Solid understanding of Microsoft Tiering IAM and PAM concepts with CyberArk vaulting integration for Tier 0 accounts
Strong knowledge of server operating systems from Windows 2016 to Windows 2025
Strong understanding of the FSMO roles when it comes to maintaining the security and the integrity of the domain
Strong understanding of the delegation of permissions across the domain OU structure aligned with least privilege principles
Strong PowerShell scripting skills automation and scheduling skills including AD account onboarding into CyberArk
Solid understanding of the recovery steps needed to recover a domain in the event of a disaster

OKTA

Able to demonstrate a strong understanding of IAM concepts including identity federation SSO SAML OAuth OIDC MFA role-based access control (RBAC) and least privilege principles integrated with CyberArk privileged authentication workflows
Able to provide Okta subject matter expertise to a variety of program stakeholders on application integration IAM functionality and Oktas feature roadmap
Capable of designing and implementing Okta platform configurations to align with overall solution architecture and customer requirements while integrating CyberArk for privileged user authentication
Willing to collaborate with Solution Architects other solution component SMEs and stakeholders to develop and refine solution requirements ensuring secure and efficient access for on-premises and cloud-based applications and resources
Able to drive and support customer application integrations into Okta-based IAM solutions and align privileged access controls through CyberArk
Troubleshoot and resolve technical issues before during and after application integration

Skills and Experience Specification:

Competencies

Planning

Follow work plans established timelines and predefined goals for assigned work.

Meet commitments on deadlines.

Communication

Communicate activities results and observations with employees and management as appropriate.

Cost Management

Identify areas for improvement in existing business practices.

Perform work thoroughly in a cost-efficient manner and at a high productivity level.

Business Controls and Policies

Comply with all corporate policies and procedures.

Report any breakdowns in controls to management.

Conduct all activities in a safe manner.

People Management

No people management responsibility.

Other

Excellent troubleshooting architectural and documentation skills

Knowledge and experience with Rubrik advantageous.

Microsoft Azure or Okta certification are highly beneficial.

Tokio Marine HCC is a leading specialty insurance group with offices in the United States the United Kingdom Europe and other locations. With the strength and stability that comes from being a member of the Tokio Marine group and more than forty years of growth profitability and stability we offer important insurance products that most people do not even know exist.

The Tokio Marine HCC Group of companies is an equal opportunity employer. Please visit for more information about our companies.

• #LI-PS1