Senior Systems Engineer

**The**Opportunity**:Reporting to the Manager of IAM & Collaboration Services, the Systems Engineer (IAM) is responsible for configuring, maintaining and improving Avantor's enterprise Active Directory environment.The position will work across IT teams to deliver AD and IAM best practices for on-premise and cloud-based solutions for employees, contractors, vendors and guests.The Systems Engineer (IAM) will provide global support for core Active Directory services, AD Federation services, Identity & Access Management services and Active Directory management tools.The **Senior Identity Access Management (IAM) Engineer** will lead the implementation, administration, and optimization of IAM systems across enterprise environments.This role is essential for maintaining security, compliance, and operational efficiency in unregulated, government-regulated, and cloud-based environments.The Engineer will collaborate with cross-functional teams, provide expert guidance on IAM and PAM practices, and ensure secure management of identities, accounts, and privileged access.The Senior IAM Engineer will provide global 3rd level support and troubleshooting for Saviynt, CyberArk, Active Directory services, EntraID services, related AD management tools and cloud single sign-on integrations.**Key Responsibilities**Saviynt Identity Governance Administration (IGA)- Design, implement, and optimize Identity Governance Administration (IGA) workflows, access policies, and role-based access controls (RBAC).- Review orphaned accounts, excessive privileges, and policy violations.- Manages identity attributes, entitlements, and access rights.- Automates identity synchronization across cloud and on-premises systems.- Implements approval workflows to enforce security policies before granting access.- Enables access delegation and emergency access (Break Glass Accounts) when needed.- Uses Role Mining & Role Engineering to define least-privileged access.- Automates periodic access certifications for user accounts and entitlements.- Tracks all user access changes, requests, and approvals for auditability.- Generates detailed audit reports to meet compliance requirements.CyberArk Privileged Access Management- Design, deploy, and maintain CyberArk solutions, including Enterprise Password Vault (EPV), Privileged Session Manager (PSM), and Central Policy Manager (CPM).- Develop privileged access policies, procedures, and standards aligned with industry best practices and regulatory compliance (e.g., CMMC, PCI-DSS, HIPAA).- Monitor, audit, and optimize CyberArk configurations and policies to mitigate security risks.- Integrate CyberArk with identity providers (e.g., Active Directory, Azure AD, LDAP) and other IT infrastructure.- Automate PAM processes using scripting languages like PowerShell or Python.- Lead incident response activities for privileged access abuse or unauthorized access attempts.Identity and Access Management- Support and enhance IAM tools and services, focusing on secure user privileges, credential management, and access control.- Configure and optimize identity systems, including Active Directory, Azure AD, LDAP, PKI, and SSO/2FA solutions.- Lead IAM-related projects, including domain consolidations, decommissioning, and cloud migrations.- Develop processes for IAM governance, compliance, and reporting.- Define and implement workflows for user provisioning, deprovisioning, and role management.- Troubleshoot and resolve IAM and PAM-related issues.Collaboration and Leadership- Collaborate with IT, security, and compliance teams to design and implement IAM and PAM strategies.- Ensure alignment of IAM solutions with organizational security and compliance requirements.- Represent the IAM function during audits, assessments, and stakeholder discussions.**Qualifications**Education and Certifications- Bachelor's degree in Computer Science, Information Systems, or related field (or equivalent experience).- Active CyberArk Defender and Sentry certifications required are a plus.- Additional certifications (e.g., Microsoft, AWS, Azure, CISSP) are a plus.Experience- 10+ years of IT experience with a focus on IAM and security solutions.- 5+ years of experience with IAM Tools like Saviynt implementations and management.- Proven expertise in Active Directory, Azure AD, LDAP, PKI, SSO, and 2FA systems.- Hands-on experience with scripting (PowerShell, Python, Java or other) for automation and system integration.Skills and Abilities- Deep understanding of privileged access management principles, including least privilege enforcement and session monitoring.- Strong knowledge of Active Directory services, group policies, DNS, and certificate services.- Proficiency in integrating IAM tools with cloud environments (e.g., AWS, Azure).- Excellent troubleshooting, analytical thinking, and communication skills.- Ability to define and drive projects from concept to completion, ensuring align