Senior PBAC Engineer

We are seeking a Senior PBAC Engineer to help architect, deploy, and operate a secure application infrastructure that aligns with business needs. This role focuses on developing scalable and resilient security solutions to support business initiatives.
In this role, the Senior IAM Engineer will focus on PBAC (Policy-Based Access Control) capabilities, including centralized policy decisioning, distributed policy enforcement integration, attribute/context aggregation, and auditability to meet security and compliance expectations.
Responsibilities
Operate as a self-driven contributor with minimal daily oversight, designing and building security solutions
Design and implement security architectures and strategies to safeguard information system resources and assets
Ensure integration of technology that upholds the Information Security policies and standards, as well as meets firm business objectives
Mentor fellow team members and other associates in security best practices
Maintain awareness of security technology direction, trends, and related issues
Develop long-term strategy for supported security systems
Architect and implement PBAC platform components, including a central Policy Decision Point (PDP) with high availability, performance, and scale
Enable distributed Policy Enforcement Points (PEPs) by integrating enforcement with API gateways, SSO platforms, and target applications as needed
Coordinate attribute aggregation across identity, risk, device, transaction, location, and other enterprise data sources required for policy decisions
Implement audit and compliance pipelines by streaming PBAC decision logs to SIEM/compliance dashboards and supporting reporting needs
Support delegated administration workflows and governance models for policy control across business units, IT, risk, and compliance stakeholders
Requirements
3+ years of experience with PBAC implementations, including platform onboarding, policy lifecycle management, and integration patterns for policy decisioning and enforcement (PDP/PEP model)
Background in implementing PBAC across pilot applications and scaling to broader adoption, including policy development and enforcement integration into applications and/or gateways
Proficiency in JavaScript, Java, or Python
Familiarity with Active Directory (AD) or other LDAP Directory Services, Intrusion Detection, and Security Policies / GPOs
Understanding of Operating System (OS) hardening, Single Sign-on (SSO), and Federation (SAML and/or OIDC)
Knowledge of Multi-Factor Authentication (MFA), Certificates/Public Key Infrastructure (PKI), and Identity Management concepts
Proficient communication skills in English (B2 level or higher)
Nice to have
Experience working with cloud platforms
Familiarity with device authentication