Senior Security Engineer, IAM

For over 75 years, BIC has been creating ingeniously simple and joyful products that are a part of every heart and home. As a member of our team, you’ll be a part of reigniting a beloved brand as we continue to reimagine everyday essentials in new, sustainable and responsible ways. Our "roll up your sleeves and get the job done" approach to work creates an environment where self‑starters, problem solvers and innovative thinkers thrive. BIC team members are empowered to take ownership of their careers and bring their unique perspectives to the table to make a meaningful impact on our mission. It’s a colorful world – make your mark by joining the BIC team today. Job Description As Senior Security Engineer, Identity, you will: Collaborate and partner with global teams, cross‑functional teams and third parties to configure, test and deploy the IGA and PAM solutions, along with developing lifecycle events, connect HR systems and applications, identify and vault privileged accounts, and other engineering duties as assigned. Assist the implementation team with the build, test and deployment of SailPoint ISC to support hire‑to‑retire lifecycle events for provisioning/deprovisioning, birthright access, RBAC and access recertifications for connected systems, configure and maintain rules, workflows, certifications, roles, and provisioning policies. Assist the team with build, test and deployment of CyberArk, including design, configuration and enforcement of PAM policies and best practices to secure privileged credentials through vaulting, password rotation and session recording. Work with application teams and stakeholders to integrate business‑critical systems with SailPoint, assisting data normalization and cleanup, document requirements and design flows for lifecycle events. Conduct inventory assessments and environment scans to identify privileged accounts, engage with account owners to vault accounts, maintain compliance standards for rotating account passwords, troubleshoot connection issues and design solutions to expand the PAM program through maturity. Support the day‑to‑day operations of SailPoint and CyberArk, including monitoring system performance, troubleshooting issues, supporting patches and upgrades, building custom reports and dashboards, and working with stakeholders to troubleshoot, refine and improve existing lifecycle events or gather requirements for new lifecycle events to support business outcomes and expand PAM account inventory. Continue to execute on the Identity roadmap to mature both programs, engaging with business customers to solicit feedback and architect solutions to promote process efficiency while closing risks associated with inappropriate or inconsistent access. Typical Challenges IAM – Initial connectors to applications and associated data cleanup, troubleshooting and working with application SMEs to resolve failed tasks for provisioning or deprovisioning, care and cleaning of systems to ensure aggregations are working as designed and lifecycle events are processing. Gathering requirements for new systems to be connected and incorporating them with existing lifecycle events. Change management to ensure application and requestors understand the role the IGA system plays in the hire‑to‑retire process as well as collaborating with HR to support their Success Factors roadmap. Working with the ServiceNow team to design and update forms as needed to support request/approval/fulfillment processes. PAM – Initial application implementation and associated data cleanup; defining and identifying accounts and users, getting their accounts under CyberArk’s control with rotation and checkout processes. Qualifications Minimum 4 years of direct experience with SailPoint (preferably ISC), including LCE configurations as well as working with various application definition types, user access review campaign configuration, RBAC and birthright provisioning flows. Extensive knowledge of identity best practices, familiarity with HCM systems (Success Factors/Workday) and ServiceNow. Experience with PAM solutions (preferably CyberArk) is a plus, understanding of privileged account lifecycle and least‑privilege enforcement. Experience with Powershell scripting. Self‑starter, innovation mindset. Customer service mindset. Ability to influence and cooperate with a non‑technical audience. Agility is a must. Fluent (C1 level) English is required; You will be part of a global team. Please send your resume in English. BIC is an Equal Opportunity Employer. We strongly commit to hiring people with different backgrounds and experiences to help us build better products, make better decisions, and better serve our customers. We do not discriminate based upon race, religion, color, national origin, gender, sexual orientation, veteran status, disability status, or similar characteristics. All employment is decided based on qualifications, merit, and business need. BIC is not seeking assistance or accepting unsolicited resumes from search firms for this employment opportunity. Regardless of past practice, all resumes submitted by search firms to any team member at BIC via email, or directly to a BIC team member in any form without a valid written search agreement in place for that position will be deemed the sole property of BIC, and no fee will be paid in the event the candidate is hired by BIC as a result of the referral or through other means. #J-18808-Ljbffr