About the job IAM/PAM PKI Engineer (mPass, CyberArk)
IAM/PAM PKI Engineer (mPass, CyberArk)
Location: Riyadh, Saudi Arabia
Department: Cybersecurity. Identity & Access Management
Nationality: Saudi nationals only
Job Summary
DXC is hiring an engineer to operate and improve enterprise Identity security
capabilities with focus on Cerebra mPass (MFA) and CyberArk (PAM). You will
stabilize day to day operations, drive onboarding and policy improvements, and prepare
the roadmap for Windows Hello for Business migration and future adoption of
SailPoint (IGA), BeyondTrust (PAM), and Thales HSM for PKI. Strong
troubleshooting, documentation, and audit evidence discipline are essential.
Key Responsibilities
MFA. Cerebra mPass
Design, configure, and support Cerebra mPass MFA policies, integrations, and
user onboarding.
Integrate MFA with enterprise systems (VPN, remote access, cloud apps, internal
applications) using standard authentication protocols.
Monitor authentication flows, troubleshoot access issues, and improve reliability
and user experience.
Prepare and execute the migration roadmap from mPass to Windows Hello for
Business, including pilot planning, risk management, and cutover support.
PAM. CyberArk (Current). BeyondTrust (Future)
Operate and scale CyberArk (safes, platforms, CPM/PSM health, onboarding,
rotations, access workflows).
Drive privileged account onboarding and operational hygiene (break glass, vault
policies, RBAC, session controls).
Support evaluation and future rollout of BeyondTrust as needed (requirements,
migration planning, operational model).
IGA. SailPoint (Future)
Support readiness for IGA adoption (joiner mover leaver flows, SoD concepts,
connector requirements, campaign approach, reporting needs).
Contribute to implementation planning and operational runbooks once adopted.
PKI coordination. Thales HSM (Future)
Coordinate certificate lifecycle processes and integrations with the AD and PKI
stakeholders.
Support discovery, inventory, renewal tracking, and certificate operational
processes.
Participate in planning for HSM-backed PKI with Thales (key ceremony
concepts, dual control, CRL/OCSP operational readiness). Note: day to day AD
CS administration is owned by the AD team.
Operations, compliance, and delivery hygiene
Ensure IAM, MFA, and PAM events are visible in SIEM. Maintain health KPIs and
reduce alert noise.
Execute changes via ITSM with clear testing, validation, rollback, and post
change checks.
Lead or support RCA for major incidents. Publish SOPs, runbooks, and
hardening guidance.
Produce audit ready evidence aligned with KSA cybersecurity requirements,
including access controls and privileged access governance.
Automation
Use PowerShell, Python, and REST APIs to automate onboarding, rotations,
reporting, and operational checks.
Required Qualifications
Saudi national. Bachelor’s degree or equivalent experience.
Typically 5+ years in IAM. Hands on experience in MFA and PAM operations at
enterprise scale.
Strong experience with Cerebra mPass (or equivalent MFA platform) and
CyberArk.
Solid understanding of authentication and identity concepts, including SAML,
OAuth 2.0, OpenID Connect, AD and LDAP.
Strong troubleshooting, stakeholder communication, and documentation skills.
Practical scripting skills (PowerShell or Python). Comfortable with REST APIs.
Preferred Qualifications
Experience with enterprise MFA rollout and user adoption strategies.
Exposure to Windows Hello for Business, SailPoint, or BeyondTrust.
Experience operating in regulated environments with strong evidence and audit
readiness.
Certifications are a plus (CyberArk, Microsoft Identity, CISSP/CISM, ITIL).
Working Model
Riyadh based. Standard business hours.
Occasional after hours or weekend windows for planned changes and critical
incidents.