Senior Identity and Access Management Engineer

Senior Identity and Access Management Engineer Department: Information Security Department Employment Type: Full Time Location: Kazakhstan Description We are looking for a Senior IAM/PAM Engineer with strong PAM expertise and hands-on experience working with vendor platforms, including SailPoint.

The role combines both engineering and analytical

responsibilities: building and enhancing connectors and scripts, designing and maintaining RBAC/ABAC models, automating JML processes, configuring access policies and certification campaigns, and driving IAM process maturity in line with Zero Trust principles. We expect a mature, autonomous senior professional who can independently own solutions, improve processes, and act as a trusted expert in collaboration with business stakeholders and vendors. Key

Responsibilities Design, deploy, and manage IAM/IGA/PAM solutions; Build and fine-tune system connectors using IAM/IGA/PAM solutions; Integrate identity data sources such as HR and ITSM systems; Manage and fine-tune identity lifecycle processes: Joiner, Mover, Leaver (JML); Automate access provisioning and deprovisioning across using APIs, SCIM, or middleware; Configure access reviews, certification campaigns, and policy enforcement; Collaborate with IT support, infrastructure, HR, and system owner teams to align IAM processes with security standards; Support Zero Trust implementation and develop robust RBAC/ABAC models; Investigate IAM-related incidents, ensure audit readiness (SOX, GDPR, ISO 27001, NIST); Maintain documentation for IAM architecture, processes, and controls. Skills, Knowledge and Expertise Must-Have: 4–6+ years of experience in IAM / PAM / Information Security; Proven hands-on experience with IAM/IGA solutions: Source configuration, policy setup, provisioning rules. Identity correlation, transformation rules, and workflows. Certification campaigns and access governance. Knowledge of Google Workspace, GCP IAM, AWS IAM and Jira cloud; Knowledge of IAM protocols: SAML, SCIM, OAuth 2.0, OpenID Connect; Hands-on experience with building global RBAC/ABAC access models and their maintenance; Working knowledge of Zero Trust, least privilege, and JIT provisioning principles; Proficiency in scripting or programming (e.g., Python, PowerShell, Java, REST APIs); Experience with Git and IAM process automation; English proficiency: Upper-Intermediate (B2) or higher.