Senior Security Engineer - IAM

Overview

The Sr. Security Engineer - IAM is responsible for designing, implementing, and maintaining privileged access solutions to secure critical systems and accounts. This role focuses on managing privileged credentials, enforcing least privileged principles, and ensuring compliance with organizational and regulatory standards. The Sr. Security Engineer - IAM works closely with InfoSec, IT operations, and application teams to deploy and optimize the Delinea PAM solution.

Responsibilities

• Technical Operations & Administration: Administer day-to-day Delinea operations—tenant configuration, discovery, onboarding, policy management, upgrades/patching, backups, and health monitoring—to ensure availability and performance.
• Integration & Automation: Integrate Delinea with enterprise identity, endpoint, and security tooling (e.g., AD/Azure AD, SSO/MFA, SIEM, ITSM) and automate onboarding/rotation/workflows using APIs and scripting.
• Security & Compliance: Implement privileged access controls (least privilege, JIT/JEA, session controls, credential rotation) and produce audit-ready evidence aligned to internal standards and frameworks (e.g., SOX, PCI, ISO 27001).
• Support & Troubleshooting: Lead triage and resolution of PAM issues across agents, connectors, network paths, authentication flows, and platform services, performing root-cause analysis and preventive remediation.
• Documentation & Knowledge Transfer: Create and maintain operational runbooks, architecture diagrams, and configuration standards while training administrators and stakeholders to ensure consistent, scalable PAM operations
• Complete all responsibilities as outlined in the annual performance review and/or goal setting.
• Complete all special projects and other duties as assigned.
• Must be able to perform duties with or without reasonable accommodation.

This job description is intended to describe the general nature and level of work being performed and is not to be construed as an exhaustive list of responsibilities, duties and skills required. This job description does not constitute an employment agreement and is subject to change as the needs of Cotiviti and requirements of the job change.

Qualifications

• Bachelor’s degree in technology discipline or equivalent professional experience.
• 5+ years of experience in Privileged Access Management or related security roles.
• Relevant Security certifications (e.g., CISSP, CISM, CIAM) preferred.
• Delinea Platform Expertise: Hands-on engineering with Delinea components such as Secret Server (vaulting/rotation/workflows), Privilege Manager (endpoint least-privilege), and related connectors/agents, including upgrades, migrations, and performance tuning.
• Enterprise Infrastructure & Platforms: Strong administration and integration experience across Windows Server/Workstations, Linux (e.g., RHEL/Ubuntu), Active Directory/GPO, and virtualization platforms to onboard and manage privileged accounts at scale.
• Security & Authentication Technologies: Deep understanding of authentication/authorization and identity protocols—Kerberos/NTLM, LDAP/LDAPS, SAML/OIDC, RADIUS/TACACS+, PKI/certificates, and MFA—used to secure PAM access paths and admin workflows.
• Scripting & Automation: Ability to automate PAM lifecycle tasks (discovery, onboarding, credential rotation, reporting) using PowerShell/Python and Delinea REST APIs, including error handling, logging, and idempotent execution.
• Networking & Infrastructure: Proficient in troubleshooting and designing network connectivity for PAM components (DNS, TLS, firewalls/ports, proxies, load balancers) to support secure agent communications and distributed services.
• DevOps & Cloud Technologies: Experience integrating PAM into CI/CD and cloud operations using tools like Git, pipelines, IaC (Terraform/ARM/CloudFormation), and cloud IAM services (Azure/AWS/GCP) to manage privileged access in modern delivery environments.
• Strong analytical, problem-solving, and attention-to-detail skills; works independently with minimal supervision.
• Excellent communication and collaboration skills with IT, security teams, and business units.

Cognitive/Mental Requirements:

• Communicating with others to exchange information.
• Problem-solving and thinking critically.
• Completing tasks independently.
• Interpreting data
• Making timely decisions in the context of a workflow.
• Maintaining focus.
• Assessing the accuracy, neatness and thoroughness of the work assigned.
• Learning new tasks and completing tasks in situations that have a speed or productivity quota.
• Remembering and adhering to processes and protocols.
• Applying established protocols in a timely manner.

Working Conditions and Physical Requirements:

• Remaining in a stationary position, often standing or sitting for prolonged periods.
• Communicating with others to exchange information.
• Repeating motions that may include the wrists, hands, and/or fingers.
• Assessing accuracy, neatness, and thoroughness of work.
• Must be able to provide a dedicated, secure work area.
• Must be able to provide high-speed internet access/connectivity and office setup and maintenance.
• No adverse environmental conditions are expected.

Base compensation ranges from $120,000 to $150,000 per year. Specific offers are determined by various factors, such as experience, education, skills, certifications, and other business needs.

Cotiviti offers team members a competitive benefits package to address a wide range of personal and family needs, including medical, dental, vision, disability, and life insurance coverage, 401(k) savings plans, paid family leave, 9 paid holidays per year, and 17-27 days of Paid Time Off (PTO) per year, depending on specific level and length of service with Cotiviti. For information about our benefits package, please refer to our Careers page.

Date of Posting: 2/18/2026

We anticipate that the application window will close on 4/18/2026, but the application window may change depending on the volume of applications received or close immediately if a qualified candidate is selected.

#LI-REMOTE

#LI-AK1

#senior