AM / PAM PKI Engineer (CyberArk, mPass) – Identity Security Specialist

We are looking for a highly capable AM / PAM PKI Engineer to strengthen and evolve our enterprise identity security landscape. This role sits at the core of cybersecurity operations, focusing on Multi-Factor Authentication (MFA), Privileged Access Management (PAM), and future Identity Governance and PKI initiatives.

You will play a key role in stabilizing day-to-day IAM operations while driving strategic improvements, onboarding programs, and future transformation initiatives including Windows Hello for Business, IGA adoption, and next-generation PAM solutions.

Responsibilities

MFA Engineering – Cerebra mPass

• Design, configure, and manage MFA policies, integrations, and user onboarding using Cerebra mPass.
• Integrate MFA with enterprise systems including VPN, remote access, cloud platforms, and internal applications.
• Monitor authentication flows, troubleshoot access issues, and enhance system reliability and user experience.
• Lead and support the migration roadmap from mPass to Windows Hello for Business, including pilots, risk mitigation, and cutover activities.

Privileged Access Management – CyberArk & BeyondTrust

• Operate and scale CyberArk environments, including safes, platforms, CPM/PSM health, and privileged account onboarding.
• Enforce PAM best practices such as credential rotation, RBAC, vault policies, and session monitoring.
• Drive operational excellence in privileged access governance, including break-glass procedures and access workflows.
• Support evaluation and future implementation of BeyondTrust, including migration planning and operational design.

Identity Governance (IGA)

• Support readiness for IGA implementation, including joiner/mover/leaver processes and segregation of duties (SoD).
• Define connector requirements, reporting structures, and access review campaigns.
• Contribute to implementation planning and development of operational runbooks.

PKI & Certificate Management

• Coordinate certificate lifecycle management across enterprise systems.
• Maintain certificate inventory, renewal tracking, and operational processes.
• Collaborate with Active Directory and PKI stakeholders on integrations.
• Support planning for HSM-backed PKI environments, including key management, dual control, and CRL/OCSP readiness using Thales HSM.

Operations, Compliance & Governance

• Ensure IAM, MFA, and PAM events are integrated with SIEM for monitoring and alerting.
• Maintain system health KPIs and continuously reduce alert noise.
• Execute changes via ITSM processes with proper validation, rollback, and documentation.
• Lead or support root cause analysis (RCA) for major incidents.
• Develop SOPs, runbooks, and hardening guidelines.
• Produce audit-ready documentation aligned with KSA cybersecurity and compliance standards.

Automation & Optimization

• Develop automation scripts using PowerShell, Python, and REST APIs.
• Automate onboarding, credential rotations, reporting, and health checks.
• Continuously improve operational efficiency through scripting and tooling enhancements.

Requirements

• Eligibility: Saudi National only.
• Bachelor’s degree or equivalent practical experience.
• 5+ years of experience in Identity & Access Management (IAM).
• Strong hands-on experience with MFA platforms (Cerebra mPass or equivalent) and CyberArk PAM.
• Solid understanding of authentication protocols and identity frameworks (SAML, OAuth 2.0, OpenID Connect, AD, LDAP).
• Proven troubleshooting, stakeholder management, and documentation skills.
• Strong scripting capabilities (PowerShell or Python) with API integration experience.

Preferred Qualifications

• Experience with enterprise MFA rollout and user adoption strategies.
• Exposure to Windows Hello for Business, SailPoint (IGA), or BeyondTrust (PAM).
• Experience in regulated environments with strong audit and compliance requirements.
• Relevant certifications such as CyberArk, Microsoft Identity, CISSP, CISM, or ITIL.

Working Model

This position is based in Riyadh with standard business hours. Candidates must have the flexibility to support after-hours or weekend activities for planned changes and critical incidents.

Benefits

• High-impact cybersecurity role within a leading enterprise environment.
• Exposure to cutting-edge IAM transformation initiatives across MFA, PAM, IGA, and PKI.
• Experience in large-scale, regulated environments with complex identity challenges.
• Competitive compensation and strong career growth opportunities.
• Collaborative, high-performance culture with real ownership and influence.