Service Account Governance Engineer
Project description
Join our Development Centre in Bucharest and become a member of our open-minded, progressive and professional team. In this role you will be working for one of our world-famous clients. The Chief Security Office (CSO) of our client comprises the Chief Information Security Office (CISO) and the Corporate Security unit. The CISO organization guarantees information security for our client. On top of attractive salary and benefits package, Luxoft will invest into your professional training, and allow you to grow your professional career.
Responsibilities
- - Perform a comprehensive assessment of the existing service account landscape. - Identify critical challenges such as unmanaged accounts, excessive privileges, missing rotation, and lack of visibility. - Evaluate practices across on-prem, cloud, hybrid, and application environments. - Conduct risk assessments to prioritize remediation. - Own and evolve the enterprise service account governance framework. - Define naming conventions, ownership models, classification tiers, and approval workflows. - Ensure alignment with compliance standards (ISO 27001, SOC2, PCI DSS). - Design a future-proof service account management architecture. - Develop a multi-year roadmap to transition from current-state gaps to a mature model. - Architect integrations between IAM, PAM, CI/CD, cloud platforms, and secrets management. - Recommend technologies to improve automation and monitoring. - Enhance detection of anomalous service account behavior, lateral movement, and credential misuse. - Support investigations involving service accounts. - Implement guardrails to prevent unauthorized creation or misuse.
SKILLS
Must have
- - 10+ years in IAM, Security Engineering, or Privileged Access Governance. - Expertise in service account lifecycle management, PAM platforms, IAM systems, and directory services. - Strong automation skills (PowerShell, Python, REST APIs). - Experience conducting current-state assessments and designing target-state architectures. - Deep understanding of least privilege, credential hygiene, machine identity security, and secrets management.
Nice to have
- Experience with Zero Trust identity models. - Exposure to SOC/ATR environments. - Certifications such as CISSP, SC-300, SC-100, CyberArk, Azure Security, AWS Security.
