Identity Systems Engineer; CyberArk
Listed on 2026-07-04
-
IT/Tech
Cybersecurity, Systems Engineer
Location: Greater London
Job Title:
Identity Systems Engineer
Reporting to:
Manager, Identity and Access Management
Position Type:
Permanent, 35 hours per week
Hybrid
Why Tokio Marine HCC?Standing still is not an option in the current world of Insurance. TMHCC are one of the world’s leading Specialty Insurers. With deep expertise in our chosen lines of business, our unparalleled track record and a solid balance sheet, TMHCC evaluates and manages risk like no one else in the industry. Looking beyond profit, empowering our people and delivering on our commitments are at the core of our customer values, and so is a desire to grow and provide creative and innovative solutions to our clients.
Job Purpose:The Infrastructure Collaboration Engineering team is seeking a highly experienced Senior Identity & Privileged Access Management (PAM) Engineer with expertise in enterprise Identity and Access Management, with primary specialization in Cyber Ark. This role will serve as the technical lead and subject matter expert for Privileged Access Management (PAM), responsible for designing, architecting, implementing, operating, and maintaining Cyber Ark solutions integrated across Entra , Active Directory, and Okta environments.
The ideal candidate will possess deep end-to-end identity expertise while maintaining advanced hands‑on skills in Cyber Ark PAS, Privilege Cloud, EPM, Secrets Manager, and identity governance integration patterns.
Cyber Ark (Primary Skillset – Privileged Access Management)
- Proven expert knowledge of Cyber Ark Privilege Access Security (PAS) and/or Privilege Cloud architecture, deployment, and administration
- Design, implement, and maintain Cyber Ark Vault, CPM (Central Policy Manager), PSM (Privileged Session Manager), and PTA (Privilege Threat Analytics)
- Manage safes, platforms, account onboarding, credential rotation policies, and access controls
- Implement Just-in-Time (JIT) privileged access models integrated with Entra PIM and AD tiering
- Secure and rotate domain admin, enterprise admin, service accounts, application accounts, SSH keys, and cloud credentials
- Integrate Cyber Ark with Entra , Active Directory, and Okta for authentication and authorization workflows
- Deploy and manage Cyber Ark Endpoint Privilege Manager (EPM) for least privilege enforcement
- Implement Cyber Ark Secrets Manager / Conjur for Dev Ops and Kubernetes environments
- Develop automation using REST APIs, Power Shell, and Cyber Ark tools
- Design Cyber Ark disaster recovery and vault backup strategies
- Integrate Cyber Ark logs with SIEM platforms and support audit/compliance requirements
- Maintain alignment with Zero Trust security architecture principles
- Stay current on Cyber Ark roadmap, new features, and evolving PAM security threats
- Proven expert knowledge of Azure Entra such as Conditional Access Policies, Privileged Identity Manager and Application Registrations, integrated with Cyber Ark privileged access controls
- Strong understanding of PIM and the assignment of roles / IAM permissions on Management Groups, Subscriptions and Resources, aligned with Just-in-Time access principles
- Azure Infrastructure Management to include user accounts, groups, conditional policies, Intune management, mobile device management, and endpoint security
- Strong understanding of App registration, Enterprise Apps, SPN’s and managed identities with the understanding of least privileged administration when it comes to MS Graph API allocation of permissions and secure credential storage in Cyber Ark
- Strong understanding of multifactor authentication, SSPR and WHfB, ensuring secure privileged authentication workflows
- Strong Power Shell scripting Skills, automation, and scheduling skills when working with data in Azure and integrating with Cyber Ark APIs
- Good understanding of Intune polices management and autopilot
- An individual that stays abreast of the latest Entra , best practices, and security trends, and make recommendations for continuous improvement
- Strong background in Active Directory covering domains that span geo locations with numerous DCs and a user base of 5000+
- Strong understanding of DNS and GPOs, user object and OU administration
- So…
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search: