Principal I – Identity & Access Management (IAM) Security Engineer Mexico City

Location: Mexico City – Insurgentes Sur
Work Model: 100% On-site
Schedule: Monday to Friday, 9:00 AM – 6:00 PM
Industry: Pharmaceutical (end client)

Position Summary
We are seeking a Principal I – Identity & Access Management (IAM) Security professional to join the IT Security organization of a leading Pharmaceutical company. This role is responsible for leading the design, implementation, and optimization of secure, scalable IAM capabilities, with a strong focus on Privileged Access Management (PAM).

This position plays a strategic and hands-on role in protecting critical digital platforms, enforcing security standards, and ensuring compliance within a highly regulated environment. The role is based on-site in South Mexico City (Insurgentes Sur).

Key Responsibilities

• Lead the design and implementation of enterprise IAM solutions, with a primary focus on Privileged Access Management (PAM).
• Architect and manage PAM capabilities, including:
  • Secure vaulting of privileged credentials
  • Automatic password rotation for human and non-human accounts
  • Credential checkout and check-in workflows
  • API-based secrets retrieval for applications and CI/CD pipelines
  • Encryption of credentials at rest and in transit
• Develop, enforce, and promote adoption of IAM and PAM security policies and standards.
• Collaborate with IT, infrastructure, application, and security teams to integrate IAM solutions across the enterprise.
• Support security and risk assessments to identify, prioritize, and remediate IAM-related vulnerabilities.
• Provide technical leadership, mentorship, and guidance to IAM and security team members.
• Identify and implement automation opportunities and continuous improvements within IAM and PAM platforms.
• Act as a subject matter expert, providing strategic guidance on IAM architecture, security best practices, and emerging threats.
• Evaluate existing IAM and security systems, perform regular maintenance, and ensure reliability and operational excellence of identity services.

Qualifications & Experience

• 8–10 years of total experience in Identity & Access Management, cybersecurity, or related engineering roles.
• Strong hands-on experience with Privileged Access Management (PAM) solutions (3–4+ years).
• Advanced PowerShell scripting skills for automation and administration.
• Deep expertise in Microsoft Active Directory environments.
• Strong knowledge of Public Key Infrastructure (PKI), including MS-PKI, DigiCert PKI, AWS certificates, and Entra ID certificates.
• Proven experience in IAM engineering and/or architecture roles.
• Solid understanding of enterprise security controls, authentication, authorization, and compliance requirements.
• Advanced English proficiency (written and spoken).

Additional Information / Benefits

• On-site position located in Insurgentes Sur, Mexico City.
• Office facilities include on-site parking and cafeteria service.
• Opportunity to work with a global Pharmaceutical client in a highly critical and regulated environment.
• High-impact, senior-level role with strong technical ownership and visibility.