We are seeking an AI-Augmented IAM Security Engineer to handle the hands-on implementation, configuration, automation and day-to-day operation of enterprise Identity and Access Management. This is a delivery-and-operations role that works within the designs, standards, role models and policies set by IAM architects and security leadership. The focus is building, configuring, scripting, running and troubleshooting IAM, not defining target-state architecture, role models or governance policy.
Responsibilities
- Implement, configure and operate IAM solutions and controls based on architecture, standards and designs defined by IAM architects and security leadership
- Maintain identity lifecycle (Joiner / Mover / Leaver) processes, including automated provisioning and deprovisioning across target systems
- Configure core IAM capabilities, including SSO, federation, MFA and passwordless authentication, conditional access, RBAC/ABAC role models and least-privilege access
- Develop and deploy IAM integrations and connectors with cloud platforms, SaaS applications, enterprise systems, directories, authoritative source systems, databases and APIs
- Execute access certification and review campaigns, perform entitlement clean-up and configure segregation-of-duties (SoD) rules according to access policies defined by architects and the business
- Operate Privileged Access Management controls, including credential vaulting, secrets rotation, session management and just-in-time and just-enough access
- Develop automation scripts, workflows and IAM tooling using PowerShell, Python, REST APIs, SCIM, Terraform or similar technologies
- Monitor IAM platform health, troubleshoot and resolve incidents and access issues, and perform patching, upgrades and configuration hardening
- Maintain IAM logging, alerting and monitoring, and run backup and recovery procedures according to defined runbooks and resilience requirements
- Deploy AI-assisted automations and agentic workflows that reduce manual effort across daily IAM operations, such as access request triage, entitlement analysis, anomaly detection, root-cause analysis, privileged access review support, compliance evidence collection and documentation generation
- Integrate AI agents and LLM-backed automations into IAM systems and operational pipelines, connecting models to internal tools, APIs, directories, ticketing and IAM platforms via function calling, SCIM, REST and webhooks
- Develop and maintain reusable prompts, structured-prompting patterns and prompt templates, and implement retrieval over IAM policies, role catalogs, runbooks and documentation (for example RAG) so AI assistants answer from current authoritative internal sources
- Implement output verification, human-in-the-loop approval gates and rollback paths in AI-assisted IAM workflows, so no AI-driven change reaches production access without review
- Implement security and privacy controls for IAM AI usage, including least-privilege access for agents, secrets and credential handling, prompt-injection resistance, redaction of sensitive identity data and full auditability of AI-driven actions
- Monitor AI-assisted IAM automations in production, measure their accuracy and impact, continuously tune prompts, tools and workflows, and produce operational documentation, runbooks and standard operating procedures while supporting audits and compliance evidence requests
Requirements
- Bachelor's degree in Computer Science, Cybersecurity, Engineering or equivalent practical experience
- 2+ years of hands-on experience implementing or operating Identity and Access Management solutions
- Experience with at least one enterprise IAM, IGA, PAM or federation platform
- Understanding of IAM concepts, including identity lifecycle, authentication and authorization, SSO, federation, MFA, RBAC/ABAC, least privilege and privileged access
- Knowledge of common IAM protocols and standards such as SAML, OAuth 2.0 and OpenID Connect, alongside SCIM, LDAP and Kerberos
- Experience configuring IAM controls, policies, connectors and access governance workflows
- Working knowledge of cloud IAM concepts across at least one major cloud platform such as Azure, AWS or GCP
- Scripting and automation experience using at least one of PowerShell, Python, Bash, REST APIs, SCIM or Terraform
- Capability to work closely with developers, architects, infrastructure engineers, security operations, compliance teams and business stakeholders
- Competency to follow, maintain and improve defined IAM and security processes, executing changes from tickets, runbooks and designs while escalating design-level questions
- Practical understanding of AI-assisted productivity and automation beyond basic chatbot usage, including building AI agents, automating repetitive IAM tasks, integrating LLMs with tools and documents, prompt engineering and using AI tools securely with awareness of sensitive identity data
- Good communication skills and the ability to explain IAM issues, technical decisions and remediation steps to both technical and non-technical stakeholders
Nice to have
- Familiarity with IAM platforms such as Microsoft Entra ID, Active Directory and Okta, alongside Ping Identity, ForgeRock, Auth0, SailPoint, Saviynt or CyberArk
- Experience with CIAM, B2B/B2C identity, customer identity, external identity or partner access scenarios, plus SIEM/SOAR integrations for IAM monitoring, alerting and automated response
- Experience with CI/CD-based IAM deployment, configuration-as-code and automated testing of IAM changes
- Familiarity with AI/LLM platforms or frameworks such as Azure OpenAI, Amazon Bedrock and Microsoft Copilot Studio, alongside LangChain, AutoGen or Power Automate
- Understanding of AI security risks, including data leakage, prompt injection, excessive agency, insecure tool use, model governance and sensitive identity data exposure
- SC-300, Okta Certified Professional / Administrator / Consultant, SailPoint, Saviynt, CyberArk or Ping Identity certifications, CISSP, CISM, CISA, CCSK, CCSP, SSCP, AI-900 or AWS Certified AI Practitioner
We offer
- We gather like-minded people:
- Engineering community of industry professionals
- Friendly team and enjoyable working environment
- Flexible schedule and opportunity to work remotely within Poland
- Chance to work abroad for up to 60 days annually
- Business-driven relocation opportunities
- We provide growth opportunities:
- Outstanding career roadmap
- Leadership development, career advising, soft skills, and well-being programs
- Certification (GCP, Azure, AWS)
- Unlimited access to LinkedIn Learning, Get Abstract, Cloud Guru
- English classes
- We cover it all:
- Stable income (Employment Contract or B2B)
- Participation in the Employee Stock Purchase Plan
- Benefits package (health insurance, multisport, shopping vouchers)
- Strategically located offices featuring entertainment and relaxation zones, table tennis and football, free snacks, fantastic coffee, and more
- Referral bonuses
- Corporate, social and well-being events
- Please, note:
- The set of bonuses might vary based on the role you apply for – specifics will be discussed with our recruiter during the general interview.
- We will reach out to selected candidates exclusively.
EPAM is a leading global provider of digital platform engineering and development services. We are committed to having a positive impact on our customers, our employees, and our communities. We embrace a dynamic and inclusive culture. Here you will collaborate with multi-national teams, contribute to a myriad of innovative projects that deliver the most creative and cutting-edge solutions, and have an opportunity to continuously learn and grow. No matter where you are located, you will join a dedicated, creative, and diverse community that will help you discover your fullest potential.