Senior Security Operations Engineer

Description:

As part of the GFL IT Operations team, you will be deeply involved in modernizing IAM/PAM frameworks, securing cloud-hosted platforms, and ensuring that legacy products maintain compliance with security best practices.

Key Responsibilities

• Lead IAM/PAM Initiatives – Design, implement, and maintain Privileged Access Management (PAM) solutions (CyberArk) and Identity Governance & Administration (IGA) platforms (Saviynt, SailPoint).

• Enhance Zero Trust Security – Implement Zero Trust principles for identity security, including least privilege access, role-based access control (RBAC), and multi-factor authentication (MFA).

• Conduct IAM/PAM Risk Assessments – Identify security risks in identity workflows, privileged access, and account provisioning, providing recommendations for remediation.

• IAM Policy & Compliance Enforcement – Ensure IAM/PAM security policies comply with NIST, PCI-DSS, HIPAA, SOC 2, and ISO 27001 frameworks.

• Automate Identity & Privilege Management – Develop automated access provisioning, deprovisioning, and access review workflows using IAM tools and DevOps pipelines (Terraform, Ansible, GitHub).

• Harden Cloud-Based IAM Security – Secure AWS IAM configurations, federated access (SAML, OAuth), secrets management, and identity federation across cloud environments.

• Collaborate with IT & DevOps – Work with cross-functional teams to integrate IAM/PAM security controls within network, cloud, and application environments.

• Monitor & Respond to Identity Security Incidents – Investigate IAM/PAM-related security incidents, perform root cause analysis, and ensure proper audit logging.

• Develop IAM/PAM Documentation & Training – Maintain security documentation, including IAM governance policies, role-based access models, and security control standards.

• Stay Updated on IAM/PAM Security Trends – Continuously research new identity security threats, access control trends, and best practices to strengthen GFL’s security posture.

The culture:
GFL is committed to providing everyone with the opportunity to thrive, this means.

• Our working arrangements can be flexible to accommodate your priorities

• We have a training budget so you can keep your continuous personal development up to date

• Volunteering options available to engage with the wider community

• A respectful and considerate workspace, working alongside colleagues from across the wider business

• Recognition for a job well done and not just the superhuman push at the end

Requirements

• Bachelor's degree in computer science, Information Security, or a related field, or equivalent work experience.

• At least 5 years of experience in network and cloud security, with a strong focus on Identity and Access Management (IAM) and Privileged Access Management (PAM).

• 3+ years of hands-on experience with IAM/PAM solutions, including Saviynt, SailPoint, and CyberArk.

• Familiarity with Infrastructure as a Service (IaaS), Infrastructure as Code (IaC), and related concepts on Amazon Web Services (AWS).

• Experience designing and managing IAM/PAM frameworks, including role-based access control (RBAC), attribute-based access control (ABAC), and Zero Trust security models.

• Hands-on experience with Saviynt and SailPoint for Identity Governance & Administration (IGA), access certification, provisioning workflows, and automated access reviews.

• Strong expertise in CyberArk PAM solutions, including Vault, PSM, CPM, EPM, and Privileged Session Management for securing privileged accounts.

• Knowledge of cloud-based IAM security controls, including AWS IAM, identity federation, SSO, MFA, secrets management, and policy-based access controls.

• Skilled experience in Cloud Security Architecture and Cloud IAM security best practices, including tenant security, container security, network segmentation, and WAF configurations.

• Hands-on experience with security tools and technologies, such as SIEM (Splunk, Dynatrace, Sentinel), WAFs (Cloudflare, AWS WAF), vulnerability scanners, and firewalls (Fortinet, Cisco).

• Familiarity with IT service management processes, including change management, incident management, problem management, and configuration management.

• Knowledge of compliance frameworks (NIST, PCI-DSS, HIPAA, SOC 2, ISO 27001) and their impact on IAM/PAM security strategies.

• In-depth understanding of IAM automation with Terraform, Ansible, and DevSecOps pipelines (Azure DevOps, GitHub) for policy enforcement and security automation.

• Strong analytical, problem-solving, and troubleshooting skills, with the ability to represent technical viewpoints to diverse audiences.