Job Description

Senior Identity and Access Management Engineer

Department: Information Security Department

Employment Type: Full Time

Location: Kazakhstan

We are looking for a Senior IAM/PAM Engineer with strong PAM expertise and hands-on experience working with vendor platforms, including SailPoint.
The role combines both engineering and analytical responsibilities: building and enhancing connectors and scripts, designing and maintaining RBAC/ABAC models, automating JML processes, configuring access policies and certification campaigns, and driving IAM process maturity in line with Zero Trust principles.
We expect a mature, autonomous senior professional who can independently own solutions, improve processes, and act as a trusted expert in collaboration with business stakeholders and vendors.

Key Responsibilities

• Design, deploy, and manage IAM/IGA/PAM solutions;
• Build and fine-tune system connectors using IAM/IGA/PAM solutions;
• Integrate identity data sources such as HR and ITSM systems;
• Manage and fine-tune identity lifecycle processes: Joiner, Mover, Leaver (JML);
• Automate access provisioning and deprovisioning across using APIs, SCIM, or middleware;
• Configure access reviews, certification campaigns, and policy enforcement;
• Collaborate with IT support, infrastructure, HR, and system owner teams to align IAM processes with security standards;
• Support Zero Trust implementation and develop robust RBAC/ABAC models;
• Investigate IAM-related incidents, ensure audit readiness (SOX, GDPR, ISO 27001, NIST);
• Maintain documentation for IAM architecture, processes, and controls.

Skills, Knowledge and Expertise

Must-Have:
4–6+ years of experience in IAM / PAM / Information Security;

• Proven hands-on experience with IAM/IGA solutions:
  • Source configuration, policy setup, provisioning rules.
  • Identity correlation, transformation rules, and workflows.
  • Certification campaigns and access governance.
• Knowledge of Google Workspace, GCP IAM, AWS IAM and Jira cloud;
• Knowledge of IAM protocols: SAML, SCIM, OAuth 2.0, OpenID Connect;
• Hands-on experience with building globalRBAC/ABAC access models and their maintenance;
• Working knowledge of Zero Trust, least privilege, and JIT provisioning principles;
• Proficiency in scripting or programming (e.g., Python, PowerShell, Java, REST APIs);
• Experience with Git and IAM process automation;
• English proficiency: Upper-Intermediate (B2) or higher.

Nice to Have:

• Experience integrating with HR and ITSM systems;
• Experience integrating finance systems (e.g., Netsuite, ZIP, Yokoy);
• Experience with IAM/IGA systems (e.g., Sailpoint, Okta, One Identity);
• Experience with PAM systems (e.g., Teleport, Boundary, CyberArk)
• Experience migrating from legacy IAM systems to cloud-native platforms;
• Relevant certifications CISSP / CIMP / Azure / Okta / AWS / Sailpoint certifications.

Conditions & Benefits

• Stable salary, official employment
• Health insurance
• Hybrid work mode and flexile schedule
• Relocation package offered for candidates from other regions
• Access to professional counseling services including psychological, financial, and legal support
• Discount club membership
• Diverse internal training programs
• Partially or fully payed additional training courses
• All necessary work equipment