IAM/PAM PKI Engineer-Saudi National

Apply Now โ†—
๐Ÿ“ Amman๐Ÿ“ Amman, , Jordan๐Ÿ“ joFull time

About this role

Company Description

IT Security C&T is an innovative, fast-growing security consulting and training company. Our management team combined with our consultants and engineers work together to deliver comprehensive security solutions to our customers around the MENA region.
IT Security C&T is continuously expanding its team of qualified professionals for a wide range of opportunities.ย Interested candidates are required to apply via our Career webpage on our website (www.itsecurityct.com)

ย 

Job Description

Operate and improve enterprise Identity security capabilities with focus on Cerebra mPass (MFA) and CyberArk (PAM). You will stabilize day to day operations, drive onboarding and policy improvements, and prepare the roadmap for Windows Hello for Business migration and future adoption of SailPoint (IGA), BeyondTrust (PAM), and Thales HSM for PKI. Strong troubleshooting, documentation, and audit evidence discipline are essential.

Key Responsibilities

MFA. Cerebra mPass

  • Design, configure, and support Cerebra mPass MFA policies, integrations, and user onboarding.
  • Integrate MFA with enterprise systems (VPN, remote access, cloud apps, internal applications) using standard authentication protocols.
  • Monitor authentication flows, troubleshoot access issues, and improve reliability and user experience.
  • Prepare and execute the migration roadmap from mPass to Windows Hello for Business, including pilot planning, risk management, and cutover support.

PAM. CyberArk (Current). BeyondTrust (Future)

  • Operate and scale CyberArk (safes, platforms, CPM/PSM health, onboarding, rotations, access workflows).
  • Drive privileged account onboarding and operational hygiene (break glass, vault policies, RBAC, session controls).
  • Support evaluation and future rollout of BeyondTrust as needed (requirements, migration planning, operational model).

IGA. SailPoint (Future)

  • Support readiness for IGA adoption (joiner mover leaver flows, SoD concepts, connector requirements, campaign approach, reporting needs).
  • Contribute to implementation planning and operational runbooks once adopted.

PKI coordination. Thales HSM (Future)

  • Coordinate certificate lifecycle processes and integrations with the AD and PKI stakeholders.
  • Support discovery, inventory, renewal tracking, and certificate operational processes.
  • Participate in planning for HSM-backed PKI with Thales (key ceremony concepts, dual control, CRL/OCSP operational readiness). Note: day to day AD CS administration is owned by the AD team.

Operations, compliance, and delivery hygiene

  • Ensure IAM, MFA, and PAM events are visible in SIEM. Maintain health KPIs and reduce alert noise.
  • Execute changes via ITSM with clear testing, validation, rollback, and post change checks.
  • Lead or support RCA for major incidents. Publish SOPs, runbooks, and hardening guidance.
  • Produce audit ready evidence aligned with KSA cybersecurity requirements, including access controls and privileged access governance.

Automation

  • Use PowerShell, Python, and REST APIs to automate onboarding, rotations, reporting, and operational checks.

Qualifications

Required Qualifications

  • Saudi national. Bachelorโ€™s degree or equivalent experience.
  • Typically 5+ years in IAM. Hands on experience in MFA and PAM operations at enterprise scale.
  • Strong experience with Cerebra mPass (or equivalent MFA platform) and CyberArk.
  • Solid understanding of authentication and identity concepts, including SAML, OAuth 2.0, OpenID Connect, AD and LDAP.
  • Strong troubleshooting, stakeholder communication, and documentation skills.
  • Practical scripting skills (PowerShell or Python). Comfortable with REST APIs.

Preferred Qualifications

  • Experience with enterprise MFA rollout and user adoption strategies.
  • Exposure to Windows Hello for Business, SailPoint, or BeyondTrust.
  • Experience operating in regulated environments with strong evidence and audit readiness.
  • Certifications are a plus (CyberArk, Microsoft Identity, CISSP/CISM, ITIL).

Additional Information

Job Location: KSA

Frequently Asked Questions

Is the salary disclosed for the IAM/PAM PKI Engineer-Saudi National position at itsecurityct1?
The salary for this IAM/PAM PKI Engineer-Saudi National role at itsecurityct1 is not publicly listed. Click "Apply Now" to learn more about the compensation package on their official careers page.
Where is the IAM/PAM PKI Engineer-Saudi National position at itsecurityct1 located?
This IAM/PAM PKI Engineer-Saudi National role at itsecurityct1 is based in Amman, Amman, , Jordan, jo. The position is listed as on-site or hybrid. Check the full job description or apply directly to confirm the work arrangement.
Is the IAM/PAM PKI Engineer-Saudi National role at itsecurityct1 full-time or part-time?
This is listed as a Full time position. It is posted as a IAM/PAM PKI Engineer-Saudi National role at itsecurityct1.
How do I apply for the IAM/PAM PKI Engineer-Saudi National position at itsecurityct1?
Click the "Apply Now" button on this page. You will be redirected to itsecurityct1's official application portal hosted on smartrecruiters where you can submit your application directly.
When was the IAM/PAM PKI Engineer-Saudi National job at itsecurityct1 posted?
This IAM/PAM PKI Engineer-Saudi National position at itsecurityct1 was posted on Jan 14, 2026. Apply as soon as possible โ€” early applications are often reviewed first.
IAM/PAM PKI Engineer-Saudi National
itsecurityct1
Apply for this role โ†—

You'll be redirected to itsecurityct1's official application page on SmartRecruiters.