AM / PAM PKI Engineer (CyberArk, mPass) – Identity Security Specialist

AM / PAM PKI Engineer (CyberArk, mPass) – Identity Security Specialist

Location: Riyadh, Saudi Arabia
Department: Cybersecurity – Identity & Access Management (IAM)
Eligibility: Saudi Nationals Only

About the Role

We are looking for a highly capable AM / PAM PKI Engineer to strengthen and evolve our enterprise identity security landscape. This role sits at the core of our cybersecurity operations, focusing on Multi-Factor Authentication (MFA), Privileged Access Management (PAM), and future Identity Governance and PKI initiatives.

You will play a key role in stabilizing day-to-day IAM operations while driving strategic improvements, onboarding programs, and future transformation initiatives including Windows Hello for Business, IGA adoption, and next-generation PAM solutions.

Key Responsibilities

MFA Engineering – Cerebra mPass

• Design, configure, and manage MFA policies, integrations, and user onboarding using Cerebra mPass
• Integrate MFA with enterprise systems including VPN, remote access, cloud platforms, and internal applications
• Monitor authentication flows, troubleshoot access issues, and enhance system reliability and user experience
• Lead and support the migration roadmap from mPass to Windows Hello for Business, including pilots, risk mitigation, and cutover activities

Privileged Access Management – CyberArk (Current) / BeyondTrust (Future)

• Operate and scale CyberArk environments, including safes, platforms, CPM/PSM health, and privileged account onboarding
• Enforce PAM best practices such as credential rotation, RBAC, vault policies, and session monitoring
• Drive operational excellence in privileged access governance, including break-glass procedures and access workflows
• Support evaluation and future implementation of BeyondTrust, including migration planning and operational design

Identity Governance (IGA) – Future Readiness

• Support readiness for IGA implementation, including joiner/mover/leaver processes and segregation of duties (SoD)
• Define connector requirements, reporting structures, and access review campaigns
• Contribute to implementation planning and development of operational runbooks

PKI & Certificate Management – Thales HSM (Future)

• Coordinate certificate lifecycle management across enterprise systems
• Maintain certificate inventory, renewal tracking, and operational processes
• Collaborate with Active Directory and PKI stakeholders on integrations
• Support planning for HSM-backed PKI environments, including key management, dual control, and CRL/OCSP readiness

Operations, Compliance & Governance

• Ensure IAM, MFA, and PAM events are integrated with SIEM for monitoring and alerting
• Maintain system health KPIs and continuously reduce alert noise
• Execute changes via ITSM processes with proper validation, rollback, and documentation
• Lead or support root cause analysis (RCA) for major incidents
• Develop SOPs, runbooks, and hardening guidelines
• Produce audit-ready documentation aligned with KSA cybersecurity and compliance standards

Automation & Optimization

• Develop automation scripts using PowerShell, Python, and REST APIs
• Automate onboarding, credential rotations, reporting, and health checks
• Continuously improve operational efficiency through scripting and tooling enhancements

Candidate Profile

Required Qualifications

• Saudi National with a Bachelor’s degree or equivalent practical experience
• 5+ years of experience in Identity & Access Management (IAM)
• Strong hands-on experience with MFA platforms (Cerebra mPass or equivalent) and CyberArk PAM
• Solid understanding of authentication protocols and identity frameworks (SAML, OAuth 2.0, OpenID Connect, AD, LDAP)
• Proven troubleshooting, stakeholder management, and documentation skills
• Strong scripting capabilities (PowerShell or Python) with API integration experience

Preferred Qualifications

• Experience with enterprise MFA rollout and user adoption strategies
• Exposure to Windows Hello for Business, SailPoint (IGA), or BeyondTrust (PAM)
• Experience in regulated environments with strong audit and compliance requirements
• Relevant certifications (CyberArk, Microsoft Identity, CISSP, CISM, ITIL) are a plus

Working Model

• Based in Riyadh with standard business hours
• Flexibility to support after-hours or weekend activities for planned changes and critical incidents

Why Join Us

• Be part of a high-impact cybersecurity function within a leading enterprise environment
• Work on cutting-edge IAM transformation initiatives across MFA, PAM, IGA, and PKI
• Gain exposure to large-scale, regulated environments with complex identity challenges
• Competitive compensation and strong career growth opportunities
• Collaborative, high-performance culture with real ownership and influence