IAM/ PAM Specialist

About Sopra Steria
Sopra Steria, a major Tech player in Europe with 50,000 employees in nearly 30 countries, is recognised for its consulting, digital services and solutions. It helps its clients drive their digital transformation and obtain tangible and sustainable benefits. The Group provides end-to-end solutions to make large companies and organisations more competitive by combining in-depth knowledge of a wide range of business sectors and innovative technologies with a collaborative approach. Sopra Steria places people at the heart of everything it does and is committed to putting digital to work for its clients in order to build a positive future for all. In 2024, the Group generated revenues of €5.8 billion.
The world is how we shape it.

Role Overview

The IAM/PAM Specialist will be responsible for designing, implementing, and managing enterprise Identity and Access Management (IAM) and Privileged Access Management (PAM) solutions across hybrid and multi-cloud environments. This role will focus on securing both user and privileged accounts, enforcing least privilege policies, integrating IAM/PAM platforms, and ensuring compliance with security governance frameworks and regulatory requirements. The ideal candidate will have deep hands-on expertise with CyberArk, HashiCorp Vault, SailPoint IdentityNow, and cloud IAM services in AWS or Azure.

Key Responsibilities

Identity and Access Management (IAM)

1. Manage the identity lifecycle: provisioning, modifying, and de-provisioning users, roles, and groups.
2. Implement identity federation across Active Directory (AD), LDAP, Azure AD, and third-party SaaS platforms.
3. Deploy authentication solutions including MFA, SSO (SAML, OIDC), and passwordless authentication.
4. Apply and maintain Role-Based Access Control (RBAC) policies.
5. Configure and manage cloud IAM services (either one):
6. AWS: IAM roles, JSON policies, SCPs, Identity Center (SSO), resource-based and identity-based policies.
7. Azure: Azure AD, Conditional Access, PIM, and Identity Governance.
8. Support and manage IGA solutions such as SailPoint IdentityNow, including certifications, access reviews, and policy enforcement.

Privileged Access Management (PAM)

1. Design, implement, and manage PAM solutions to secure and monitor privileged accounts.
2. Manage and configure CyberArk components (Vault, PVWA, PSM, CPM, EPM).
3. Administer and automate secret management with HashiCorp Vault.
4. Manage Azure privileged access using Entra PIM and Conditional Access.
5. Oversee AWS privileged access, including IAM roles, Secrets Manager, and SCP enforcement.
6. Integrate PAM platforms including SailPoint, ForgeRock, CyberArk.
7. Perform periodic audits, access reviews, and compliance reporting.

Desired Skills

1. PAM Tools: CyberArk, HashiCorp Vault.
2. IAM Tools: SailPoint IdentityNow, Microsoft Entra, AWS IAM.
3. Authentication Technologies: MFA, SSO, Passwordless Auth.
4. Access Control Models: PoLP, RBAC.
5. Cloud IAM Expertise: AWS IAM, SCPs, Azure AD, Conditional Access, PIM.
6. Integration Skills: API-based and directory-based integrations with IAM/PAM.
7. Knowledge of compliance frameworks (SOX, GDPR, ISO 27001, NIST).

Good to Have Skills

1. Knowledge of Zero Trust Architecture.
2. Experience with DevSecOps and CI/CD integrations for IAM/PAM.
3. Familiarity with AI/ML-based identity analytics.
4. Experience in hybrid cloud and multi-cloud identity management.

Total Experience Expected: 08-10 years

Bachelor’s degree in information technology, Cybersecurity, or a related field

Preferred Certifications

1. CyberArk Defender / Sentry / Guardian.
2. SailPoint Identity Now Certified Engineer.
3. Microsoft SC-300: Identity and Access Administrator.
4. CISSP or CRISC (security governance & risk focus).
5. Optional: Azure Administrator, AWS Certified Security – Specialty.

At our organization, we are committed to fighting against all forms of discrimination. We foster a work environment that is inclusive and respectful of all differences.

All of our positions are open to people with disabilities.