Lead PBAC Engineer

EPAM·Mexico·Удалённо·6д. назад

We are looking for a Lead PBAC Engineer to drive the architecture, deployment, and operation of a secure application infrastructure that aligns with business needs. This position centers on defining the strategic direction for scalable and resilient security solutions that support enterprise-wide business initiatives.

Within this role, the Lead IAM Engineer will own PBAC (Policy-Based Access Control) capabilities end-to-end, such as centralized policy decisioning, distributed policy enforcement integration, attribute/context aggregation, and auditability to satisfy security and compliance expectations. The role also includes leading a team of engineers and shaping the long-term PBAC roadmap across the organization.

Responsibilities

Operate as an autonomous technical leader, setting direction for the design and delivery of security solutions across multiple teams and initiatives
Define and own security architectures and strategies to safeguard information system resources and assets at the enterprise scale
Drive the integration of technology that upholds the Information Security policies and standards, as well as meets firm business objectives
Lead, mentor, and develop engineers and other associates in security best practices, fostering a culture of technical excellence
Set the vision for security technology adoption by monitoring industry direction, trends, and emerging threats, and translating them into actionable roadmaps
Define and execute the long-term strategy for supported security systems, aligning technical roadmaps with business priorities
Architect and lead the implementation of PBAC platform components, including a central Policy Decision Point (PDP) with high availability, performance, and scale
Establish enterprise-wide patterns for distributed Policy Enforcement Points (PEPs), integrating enforcement with API gateways, SSO platforms, and target applications
Define the framework for attribute aggregation across identity, risk, device, transaction, location, and other enterprise data sources required for policy decisions
Design audit and compliance pipelines by streaming PBAC decision logs to SIEM/compliance dashboards and supporting enterprise reporting needs
Establish delegated administration workflows and governance models for policy control across business units, IT, risk, and compliance stakeholders
Partner with senior leadership and key stakeholders to influence security strategy, secure funding, and align PBAC initiatives with broader organizational goals

Requirements

5+ years of experience with PBAC implementations, including platform onboarding, policy lifecycle management, and integration patterns for policy decisioning and enforcement (PDP/PEP model)
1+ years of experience leading PBAC programs from pilot applications through enterprise-wide adoption, including policy development and enforcement integration into applications and/or gateways
Demonstrated experience leading technical teams, mentoring engineers, and driving architectural decisions across multiple stakeholders
Proficiency in JavaScript, Java, or Python
Strong expertise in Active Directory (AD) or other LDAP Directory Services, Intrusion Detection, and Security Policies / GPOs
Deep understanding of Operating System (OS) hardening, Single Sign-on (SSO), and Federation (SAML and/or OIDC)
Solid knowledge of Multi-Factor Authentication (MFA), Certificates/Public Key Infrastructure (PKI), and Identity Management concepts
Excellent command of written and spoken English (B2+ level)