security engineer

EPAM provides digital platform engineering and software development services, focusing on complex business challenges through innovative technology solutions.

• Implement, configure and operate IAM solutions and controls based on defined architecture and standards;
• Maintain identity lifecycle processes including automated provisioning and deprovisioning;
• Configure core IAM capabilities such as SSO, federation, MFA, passwordless authentication, conditional access and RBAC/ABAC models;
• Develop and deploy IAM integrations with cloud platforms, SaaS applications, enterprise systems and databases;
• Execute access certification campaigns, perform entitlement clean-up and configure segregation-of-duties rules;
• Operate Privileged Access Management controls including credential vaulting, secrets rotation and session management;
• Develop automation scripts, workflows and IAM tooling using PowerShell, Python, REST APIs, SCIM or Terraform;
• Monitor IAM platform health, troubleshoot incidents and perform configuration hardening;
• Maintain IAM logging, alerting, monitoring and backup procedures;
• Deploy AI-assisted automations and agentic workflows for daily IAM operations;
• Integrate AI agents and LLM-backed automations into IAM systems via function calling, SCIM, REST and webhooks;
• Develop and maintain reusable prompts and templates, and implement retrieval over IAM documentation;
• Implement output verification, human-in-the-loop approval gates and rollback paths for AI workflows;
• Implement security and privacy controls for IAM AI usage including prompt-injection resistance and data redaction;
• Monitor AI-assisted automations, measure impact and produce operational documentation.

• Bachelor's degree in Computer Science, Cybersecurity, Engineering or equivalent experience;
• 2+ Years of hands-on experience implementing or operating Identity and Access Management solutions;
• Experience with at least one enterprise IAM, IGA, PAM or federation platform;
• Understanding of IAM concepts including identity lifecycle, authentication, authorization, SSO, federation, MFA, RBAC/ABAC and privileged access;
• Knowledge of IAM protocols such as SAML, OAuth 2.0, OpenID Connect, SCIM, LDAP and Kerberos;
• Experience configuring IAM controls, policies, connectors and access governance workflows;
• Working knowledge of cloud IAM concepts across Azure, AWS or GCP;
• Scripting and automation experience using PowerShell, Python, Bash, REST APIs, SCIM or Terraform;
• Ability to work with developers, architects, infrastructure engineers and compliance teams;
• Competency to follow and improve defined security processes;
• Practical understanding of AI-assisted productivity, building AI agents, prompt engineering and secure AI tool usage;
• Good communication skills for technical and non-technical stakeholders;
• Nice to have: Familiarity with Microsoft Entra ID, Active Directory, Okta, Ping Identity, ForgeRock, Auth0, SailPoint, Saviynt or CyberArk, experience with CIAM, B2B/B2C identity, SIEM/SOAR integrations, CI/CD-based IAM deployment, configuration-as-code, automated testing, AI/LLM platforms like Azure OpenAI, Amazon Bedrock, Microsoft Copilot Studio, LangChain, AutoGen, Power Automate, understanding of AI security risks, relevant certifications such as SC-300, CISSP, CISM, CISA, CCSK, CCSP, SSCP, AI-900 or AWS Certified AI Practitioner.

• No conditions specified