Privileged Access Management Engineer
About the role
Mizuho’s Identity and Access Management (IAM) team is transforming to become a central pillar of the firm's cybersecurity and regulatory strategy. This role plays a crucial part in securing privileged and service accounts, ensuring compliance, and supporting enterprise users and applications.
Responsibilities
Design, implement, and maintain CyberArk Privileged Access Management (PAM) solutions to secure privileged, service, and application accounts across enterprise environments.
Configure and manage CyberArk components including Digital Vault, PVWA, CPM, PSM, and connectors (Windows, Unix, Database, Cloud where applicable).
Create and manage safes, platforms, access policies, and permissions in accordance with least-privilege and security standards.
Build automations to support the core PAM activities.
Lead onboarding of privileged and service accounts into CyberArk, including inventory validation, account vaulting, and enabling password rotation.
Work closely with infrastructure and application teams to identify dependencies and ensure password changes do not disrupt services.
Manage account lifecycle activities such as modifications, offboarding, and exception handling.
Implement and monitor automated password rotation and reconciliation for managed accounts.
Configure and support Privileged Session Management (PSM) for secure access and session recording.
Troubleshoot password rotation failures, access issues, and CPM/PSM errors.
Provide L2/L3 operational support, including root-cause analysis and coordination with vendors or internal teams.
Maintain and update runbooks, SOPs, and operational documentation for CyberArk processes.
Support audit and regulatory requirements by generating CyberArk reports, access certifications, and compliance evidence.
Participate in periodic privileged access recertifications and remediation of findings.
Ensure CyberArk configurations align with IAM standards, internal policies, and regulatory frameworks (e.g., SOX, ISO, internal audits).
Integrate CyberArk with IAM tools (e.g., SailPoint), Active Directory, ServiceNow and other enterprise applications.
Support use of CyberArk REST APIs and Central Credential Provider (CCP) for application integrations and automation.
Aid in automation and reconciliation processes related to privileged account discovery and onboarding.
Act as a subject-matter expert (SME) for CyberArk/PAM, advising application, infrastructure, and security teams.
Collaborate with IAM Governance, Risk, Compliance, and Audit teams on PAM-related initiatives.
Participate in design and architecture discussions to identify gaps and drive scalable, automation-friendly improvements.
Qualifications
7+ years of experience in Identity & Access Management, cybersecurity engineering, or related infrastructure security roles, with a strong focus on Privileged Access Management.
Demonstrated experience with CyberArk.
Experience in enterprise environments (Windows, Unix, databases, service accounts).
Familiarity with security controls and regulatory expectations related to identity, credential, and Privileged Access Management (e.g., SOX, NIST).
Strong collaboration and communication skills, with the ability to work effectively across infrastructure, cloud, security, and DevOps teams.
Benefits
The expected base salary ranges from $81,000 - $150,000. Salary offers are based on a wide range of factors including relevant skills, training, experience, education, and, where applicable, certifications and licenses obtained. Market and organizational factors are also considered. In addition to salary and a generous employee benefits package, including Medical, Dental and 401K plans, successful candidates are also eligible to receive a discretionary bonus.