Identity & PAM Security Engineer

About the role

This team is responsible for the security, stability, and scalability of the company's software systems and infrastructure. We monitor system performance, identify and mitigate risks, and ensure our platforms remain secure, resilient, and capable of supporting continued growth. As an Identity & PAM Security Engineer, you will be responsible for designing, implementing, and managing identity security controls across the enterprise. Your focus will include privileged access management, identity governance, service account security, and conditional access controls. Working closely with Security, Infrastructure, and Engineering teams, you will help ensure that access to critical systems and resources is secure, appropriately governed, and aligned with least-privilege principles. What you'll be doing Manage privileged access controls, including Privileged Identity Management (PIM), just-in-time (JIT) access, approval workflows, and privileged role assignments. Define and maintain administrative access processes for high-risk roles, privileged sessions, and break-glass accounts. Lead and support access review processes, track remediation activities, and ensure access rights remain aligned with least-privilege principles. Manage the lifecycle of service and machine accounts, including ownership, permissions, credential rotation, monitoring, and decommissioning. Configure, maintain, and monitor conditional access policies, multi-factor authentication (MFA), and identity risk controls. Design and implement automation for identity workflows, approvals, access validation, reporting, and remediation activities. Collaborate with Security, Infrastructure, and Engineering teams to strengthen identity security across cloud and enterprise environments. Support security audits, incident response activities, and identity-related investigations. Contribute to the ongoing improvement of identity governance, privileged access management, and security operations practices. What you'll bring 4+ years of experience in Identity and Access Management (IAM), Cloud Security, Infrastructure Security, or Security Engineering. Hands-on experience administering and securing Microsoft Entra ID and Google Cloud IAM environments. Strong understanding of identity security concepts including least privilege, role-based access control (RBAC), multi-factor authentication (MFA), conditional access, access governance, and privileged access management. Experience managing service accounts, machine identities, secrets, API keys, and credential rotation processes. Experience building automation using workflow management platforms, APIs, PowerShell, Python, or similar technologies. Strong analytical and problem-solving skills with a security-first mindset. Excellent documentation, communication, and stakeholder management skills. Ability to work effectively in a fast-paced, distributed environment. Even better if Experience implementing or operating Privileged Access Management (PAM) solutions at scale. Familiarity with Identity Governance and Administration (IGA) frameworks and best practices. Experience integrating identity security controls into cloud-native environments and automation pipelines. Exposure to security monitoring, SIEM platforms, or log analysis tools. Relevant certifications such as SC-300, AZ-500, CISSP, CCSP, or equivalent. Role specific tools Microsoft Entra ID Privileged Identity Management (PIM) Conditional Access Multi-Factor Authentication (MFA) Google Cloud IAM Service Account Management Workflow Management Platforms HashiCorp Vault Azure Key Vault Google Secret Manager PowerShell Python REST APIs SIEM and Log Analysis Tools What's in it for you Sporty is a remote-first company in pursuit of sustainability A competitive salary plus individual performance-based bonuses every quarter 28 days paid annual leave Core working hours of 10am-3pm in your local time zone, with flexibility outside of these hours Referral bonuses and flash bonuses Top-of-the-line equipment Annual company retreats that provide opportunities to connect and collaborate with colleagues from around the world If you're interested, we encourage you to apply. Every application is reviewed by a member of our team, and we aim to respond within 48 hours.