Identity and Access Management and Privileged Access Management Engineer

Benefits

Additional Information

About InvoiceCloud : InvoiceCloud is a fast-growing fintech leader recognized with 20 major awards in 2025, including USA TODAY and Boston Globe Top Workplaces, multiple SaaS Awards wins for Best Solution for Finance and FinTech, and national customer service honors from Stevie and the Business Intelligence Group. Judges also highlighted our mission to reduce digital exclusion and restore simplicity and dignity to how people pay for essential services, as well as our leadership in AI maturity and responsible innovation. It's an award-winning, purpose-driven environment where top talent thrives. To learn more, visit InvoiceCloud.com . IAM/PAM Engineer I Job Details: We are seeking a highly skilled and security-focused IAM/PAM Engineer to support the Cybersecurity and Enterprise Technology organizations. This role is responsible for safeguarding access to Invoice Cloud's systems, applications, and cloud environments by designing, implementing, and operating scalable Identity and Access Management (IAM) and Privileged Access Management (PAM) controls. This role builds and maintains the guardrails that ensure the right people and services have the right access to the right resources at the right time. The IAM/PAM Engineer partners closely with IT, Security, Compliance, Infrastructure/Cloud Operations, HR, and application owners to enforce least privilege, strengthen authentication controls, automate identity governance workflows, and produce audit-ready access evidence. Success in this role means reducing identity-related risk, improving access hygiene, strengthening zero-trust alignment, and enhancing both security and usability across workforce and administrative access environments. Success Profile: This role is anchored in our company's core competencies. These competencies reflect the mindsets and behaviors that define success in this role. We outline how each competency translates into real-world actions and outcomes specific to this role. Results Driven Leads Identity Architecture & Access Control Design by designing and administering identity management solutions across hybrid cloud environments, ensuring scalable, secure authentication and authorization patterns - with a primary focus on privileged and non-human identity. Partners with IT to strengthen SSO & Authentication Controls (MFA, conditional access, device posture checks), contributing security requirements and control recommendations that drive measurable improvements in coverage and reduced authentication risk. Leads Privileged Access Management (PAM) Controls including credential vaulting, just-in-time (JIT) access, least privilege enforcement, and privileged session monitoring to reduce standing administrative risk. Leads Non-Human Identity (NHI) Lifecycle & Hygiene - discovering, inventorying, and governing service accounts, secrets, API keys, and machine identities; driving rotation, ownership assignment, and decommissioning of stale credentials. Delivers documented 30-, 150-, and 210-day outcomes including improved MFA coverage, reduced privileged-account sprawl, automated de-provisioning, and audit-ready reporting demonstrating improved access hygiene. Takes Ownership Partners with IT on Identity Governance & Joiner/Mover/Leaver (JML) processes, ensuring security control requirements and audit expectations are embedded in provisioning and de-provisioning workflows. Conducts structured Entitlement Reviews & Access Drift Remediation, investigating anomalies, resolving privilege creep, and maintaining zero-trust and least-privilege standards across all identities. Partners with Security, Compliance, IT, and application owners to define access standards, role models, and evidence requirements that align to regulatory and audit expectations. Supports Identity-Related Incident Response by investigating suspicious logins, credential compromise, and privilege misuse events, integrating IAM/PAM telemetry into monitoring and response processes. Drives Efficiency Integrates IAM/PAM Telemetry & Monitoring with security tooling to improve visibility into authentication patterns, privileged activity, and anomalous access behaviors. Standardizes IAM/PAM documentation including runbooks, operational procedures, escalation paths, and control evidence to ensure repeatable, audit-ready operations. Automates provisioning, access reviews, and reporting workflows using scripting and APIs (e.g., PowerShell, Python, Graph APIs), reducing manual effort and improving timeliness of access management processes. Embeds zero-trust and least-privilege principles into architecture reviews and change-management routines, ensuring identity considerations are consistently incorporated into system design decisions. Innovative Applies forward-looking identity security practices to evolve zero-trust alignment, improve user experience, and reduce friction while maintaining strong control enforcement. Leverages AI and automation to enhance anomaly

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at invoicecloud? Share your experience