Position Summary:
The Identity and Access Management (IAM) Lead Engineer will work in the Merrick Bank and CardWorks security team. They will responsible for day-to-day activities regarding identity and access creation, risk-based access control, attribute-based access control, role-based access control, privileged access management, access modifications, and access terminations. They will be the primary contact for support of tools within the information security team from an IAM perspective.
The IAM Lead Engineer will design solutions, engineer integrations, set up processes, provide reporting, instruct other teams on said processes and integrations, and manage tools and data.
They implement, operate, monitor, and improve information security processes and systems that protect the companies’ data, customers, and computer systems from business disruption, data/identity compromise, cyber fraud, and regulatory criticism.
Essential Functions:
Privileged Access Management (PAM) Tool Ownership & Administration
Expectation: Serves as the primary engineer responsible for the PAM platform’s daily function, configuration, and reliability.
Administer access to the PAM platforms, including onboarding users, roles, and entitlements within the tools
Configure privileged access workflows, credential vaulting, rotation, session controls, and integrations
IAM Platform Support & Engineering Enablement
Expectation: Serves as the primary engineer responsible for the PAM platform’s daily function, configuration, and reliability.
Detective IAM Controls & Security Operations Support
Expectation: Actively supports monitoring, investigation, and response activities related to IAM security signals.
Collaboration, Documentation & Continuous Improvement
Expectation: Operates as a dependable engineering partner who improves IAM services through execution and feedback.
Education and Experience
Technical knowledge of IAM concepts including authentication, authorization, federation, directory services, identity lifecycle, access governance, and privileged access.
Active Directory, Group Policy, Kerberos, LDAP, Windows Server
Preferred certifications: CISSP, CISM, Microsoft Identity certifications, or vendor certifications (SailPoint, Delinea).
Summary of Qualifications
Ability to analyze, interpret, and correct data inconsistencies, errors, gaps, and inaccuracies for impact.
Strong understanding of IAM principles, including details for least privileged, joiner, mover, and leaver operations.
Knowledge of client-server applications, multi-tier web applications, relational databases, and cloud IAM and security tools.
Ideally, the qualified candidate will work at the following location(s): Woodbury, NY; Pittsburgh, PA. A hybrid work model or fully remote model can be considered based on hiring manager decision and priorities of the role.
The salary range for this position, if located in NY Metro/NY State is $154,564 to $171,738. However, please note that the salary range will vary for other geographic areas.
#INDHP
Our Employee Value Proposition
- Competitive Pay, including a Bonus Target or Variable Pay Incentive Program
- Benefits Package -Medical, Dental, and Vision (plus much more)
- 401(k) Plan with Company Match
- Short- & Long-Term Disability
- Wellness Programs
- Group Life and AD&D Insurance
- Paid Vacation, Sick Days and bank Holidays
- Employee Engagement Activities including Employee Appreciation Day, DEI Employee Resource Groups, Corporate Social Responsibility, Service Recognition
We offer a total rewards package comprised of a competitive base rate of pay, variable pay incentive programs based on the role, and a comprehensive benefit suite. Offered rates of pay are determined based on job-related knowledge, relevant experience, skills, certifications, and geographic location.
