We are seeking a Senior PBAC Engineer to help architect, deploy, and operate a secure application infrastructure that aligns with business needs. This role focuses on developing scalable and resilient security solutions to support business initiatives.
In this role, the Senior IAM Engineer will focus on PBAC (Policy-Based Access Control) capabilities, including centralized policy decisioning, distributed policy enforcement integration, attribute/context aggregation, and auditability to meet security and compliance expectations.
Responsibilities
-
Operate as a self-driven contributor with minimal daily oversight, designing and building security solutions
-
Design and implement security architectures and strategies to safeguard information system resources and assets
-
Ensure integration of technology that upholds the Information Security policies and standards, as well as meets firm business objectives
-
Mentor fellow team members and other associates in security best practices
-
Maintain awareness of security technology direction, trends, and related issues
-
Develop long-term strategy for supported security systems
-
Architect and implement PBAC platform components, including a central Policy Decision Point (PDP) with high availability, performance, and scale
-
Enable distributed Policy Enforcement Points (PEPs) by integrating enforcement with API gateways, SSO platforms, and target applications as needed
-
Coordinate attribute aggregation across identity, risk, device, transaction, location, and other enterprise data sources required for policy decisions
-
Implement audit and compliance pipelines by streaming PBAC decision logs to SIEM/compliance dashboards and supporting reporting needs
-
Support delegated administration workflows and governance models for policy control across business units, IT, risk, and compliance stakeholders
Requirements
-
3+ years of experience with PBAC implementations, including platform onboarding, policy lifecycle management, and integration patterns for policy decisioning and enforcement (PDP/PEP model)
-
Background in implementing PBAC across pilot applications and scaling to broader adoption, including policy development and enforcement integration into applications and/or gateways
-
Proficiency in JavaScript, Java, or Python
-
Familiarity with Active Directory (AD) or other LDAP Directory Services, Intrusion Detection, and Security Policies / GPOs
-
Understanding of Operating System (OS) hardening, Single Sign-on (SSO), and Federation (SAML and/or OIDC)
-
Knowledge of Multi-Factor Authentication (MFA), Certificates/Public Key Infrastructure (PKI), and Identity Management concepts
-
Proficient communication skills in English (B2 level or higher)
Nice to have
-
Experience working with cloud platforms
-
Familiarity with device authentication
We offer
-
International projects with top brands
-
Work with global teams of highly skilled, diverse peers
-
Healthcare benefits
-
Employee financial programs
-
Paid time off and sick leave
-
Upskilling, reskilling and certification courses
-
Unlimited access to the LinkedIn Learning library and 22,000+ courses
-
Global career opportunities
-
Volunteer and community involvement opportunities
-
EPAM Employee Groups
-
Award-winning culture recognized by Glassdoor, Newsweek and LinkedIn
