Identity & PAM Security Engineer

About the Role

This team is responsible for the security, stability, and scalability of the company's software systems and infrastructure. We monitor system performance, identify and mitigate risks, and ensure our platforms remain secure, resilient, and capable of supporting continued growth.

Your Responsibilities

• Manage privileged access controls, including Privileged Identity Management (PIM), just-in-time (JIT) access, approval workflows, and privileged role assignments.
• Define and maintain administrative access processes for high-risk roles, privileged sessions, and break-glass accounts.
• Lead and support access review processes, track remediation activities, and ensure access rights remain aligned with least-privilege principles.
• Manage the lifecycle of service and machine accounts, including ownership, permissions, credential rotation, monitoring, and decommissioning.
• Configure, maintain, and monitor conditional access policies, multi-factor authentication (MFA), and identity risk controls.
• Design and implement automation for identity workflows, approvals, access validation, reporting, and remediation activities.
• Collaborate with Security, Infrastructure, and Engineering teams to strengthen identity security across cloud and enterprise environments.
• Support security audits, incident response activities, and identity-related investigations.
• Contribute to the ongoing improvement of identity governance, privileged access management, and security operations practices.

What You'll Bring

• 4+ years of experience in Identity and Access Management (IAM), Cloud Security, Infrastructure Security, or Security Engineering.
• Hands-on experience administering and securing Microsoft Entra ID and Google Cloud IAM environments.
• Strong understanding of identity security concepts including least privilege, role-based access control (RBAC), multi-factor authentication (MFA), conditional access, access governance, and privileged access management.
• Experience managing service accounts, machine identities, secrets, API keys, and credential rotation processes.
• Experience building automation using workflow management platforms, APIs, PowerShell, Python, or similar technologies.
• Strong analytical and problem-solving skills with a security-first mindset.
• Excellent documentation, communication, and stakeholder management skills.
• Ability to work effectively in a fast-paced, distributed environment.

Even Better If You Have

• Experience implementing or operating Privileged Access Management (PAM) solutions at scale.
• Familiarity with Identity Governance and Administration (IGA) frameworks and best practices.
• Experience integrating identity security controls into cloud-native environments and automation pipelines.
• Exposure to security monitoring, SIEM platforms, or log analysis tools.
• Relevant certifications such as SC-300, AZ-500, CISSP, CCSP, or equivalent.

Role Specific Tools

• Microsoft Entra ID
• Privileged Identity Management (PIM)
• Conditional Access
• Multi-Factor Authentication (MFA)
• Google Cloud IAM
• Service Account Management
• Workflow Management Platforms
• HashiCorp Vault
• Azure Key Vault
• Google Secret Manager
• PowerShell
• Python
• REST APIs
• SIEM and Log Analysis Tools

What's In It For You

• Work for Sporty, a remote-first company committed to sustainability.
• Competitive salary plus individual performance-based bonuses each quarter.
• 28 days of paid annual leave.
• Core working hours of 10 am-3 pm in your local time zone, with flexibility outside these hours.
• Referral bonuses and flash bonuses.
• Top-of-the-line equipment.
• Annual company retreats for global team connection and collaboration.

How to Apply

If you're interested, we encourage you to apply. Every application is reviewed by a member of our team, and we aim to respond within 48 hours.