Back to SearchFind a vacancy that works for you. Send us your CV to receive a personalized offer.
Find me a job
We are looking for a Lead PBAC Engineer to drive the architecture, deployment, and operation of a secure application infrastructure that aligns with business needs. This position centers on defining the strategic direction for scalable and resilient security solutions that support enterprise-wide business initiatives.
Within this role, the Lead IAM Engineer will own PBAC (Policy-Based Access Control) capabilities end-to-end, such as centralized policy decisioning, distributed policy enforcement integration, attribute/context aggregation, and auditability to satisfy security and compliance expectations. The role also includes leading a team of engineers and shaping the long-term PBAC roadmap across the organization.
- Operate as an autonomous technical leader, setting direction for the design and delivery of security solutions across multiple teams and initiatives
- Define and own security architectures and strategies to safeguard information system resources and assets at the enterprise scale
- Drive the integration of technology that upholds the Information Security policies and standards, as well as meets firm business objectives
- Lead, mentor, and develop engineers and other associates in security best practices, fostering a culture of technical excellence
- Set the vision for security technology adoption by monitoring industry direction, trends, and emerging threats, and translating them into actionable roadmaps
- Define and execute the long-term strategy for supported security systems, aligning technical roadmaps with business priorities
- Architect and lead the implementation of PBAC platform components, including a central Policy Decision Point (PDP) with high availability, performance, and scale
- Establish enterprise-wide patterns for distributed Policy Enforcement Points (PEPs), integrating enforcement with API gateways, SSO platforms, and target applications
- Define the framework for attribute aggregation across identity, risk, device, transaction, location, and other enterprise data sources required for policy decisions
- Design audit and compliance pipelines by streaming PBAC decision logs to SIEM/compliance dashboards and supporting enterprise reporting needs
- Establish delegated administration workflows and governance models for policy control across business units, IT, risk, and compliance stakeholders
- Partner with senior leadership and key stakeholders to influence security strategy, secure funding, and align PBAC initiatives with broader organizational goals
- 5+ years of experience with PBAC implementations, including platform onboarding, policy lifecycle management, and integration patterns for policy decisioning and enforcement (PDP/PEP model)
- 1+ years of experience leading PBAC programs from pilot applications through enterprise-wide adoption, including policy development and enforcement integration into applications and/or gateways
- Demonstrated experience leading technical teams, mentoring engineers, and driving architectural decisions across multiple stakeholders
- Proficiency in JavaScript, Java, or Python
- Strong expertise in Active Directory (AD) or other LDAP Directory Services, Intrusion Detection, and Security Policies / GPOs
- Deep understanding of Operating System (OS) hardening, Single Sign-on (SSO), and Federation (SAML and/or OIDC)
- Solid knowledge of Multi-Factor Authentication (MFA), Certificates/Public Key Infrastructure (PKI), and Identity Management concepts
- Excellent command of written and spoken English (B2+ level)
- Hands-on experience architecting solutions on cloud platforms
- Familiarity with device authentication
- Experience leading security initiatives in large-scale enterprise environments