At a Glance
- Tasks: Lead the design and implementation of CyberArk solutions for secure access management.
- Company: Join Tokio Marine HCC, a top specialty insurer with a global presence.
- Benefits: Enjoy a competitive salary, hybrid work, and opportunities for professional growth.
- Other info: Dynamic team environment with excellent career advancement opportunities.
- Why this job: Make a real impact in cybersecurity while working with cutting-edge technologies.
- Qualifications: Expertise in CyberArk, Azure Entra ID, and strong PowerShell skills required.
The predicted salary is between 60000 - 80000 £ per year.
Reporting to: Manager, Identity and Access Management
Position Type: Permanent, 35 hours per week Hybrid
Why Tokio Marine HCC? Standing still is not an option in the current world of Insurance. TMHCC are one of the world’s leading Specialty Insurers. With deep expertise in our chosen lines of business, our unparalleled track record and a solid balance sheet, TMHCC evaluates and manages risk like no one else in the industry. Looking beyond profit, empowering our people and delivering on our commitments are at the core of our customer values, and so is a desire to grow and provide creative and innovative solutions to our clients.
Job Purpose: The Infrastructure Collaboration Engineering team is seeking a highly experienced Senior Identity & Privileged Access Management (PAM) Engineer with expertise in enterprise Identity and Access Management, with primary specialization in CyberArk. This role will serve as the technical lead and subject matter expert for Privileged Access Management (PAM), responsible for designing, architecting, implementing, operating, and maintaining CyberArk solutions integrated across Entra ID, Active Directory, and Okta environments. The ideal candidate will possess deep end-to-end identity expertise while maintaining advanced hands‑on skills in CyberArk PAS, Privilege Cloud, EPM, Secrets Manager, and identity governance integration patterns.
Key Responsibilities:
- Proven expert knowledge of CyberArk Privilege Access Security (PAS) and/or Privilege Cloud architecture, deployment, and administration
- Design, implement, and maintain CyberArk Vault, CPM (Central Policy Manager), PSM (Privileged Session Manager), and PTA (Privilege Threat Analytics)
- Manage safes, platforms, account onboarding, credential rotation policies, and access controls
- Implement Just-in-Time (JIT) privileged access models integrated with Entra PIM and AD tiering
- Secure and rotate domain admin, enterprise admin, service accounts, application accounts, SSH keys, and cloud credentials
- Integrate CyberArk with Entra ID, Active Directory, and Okta for authentication and authorization workflows
- Deploy and manage CyberArk Endpoint Privilege Manager (EPM) for least privilege enforcement
- Implement CyberArk Secrets Manager / Conjur for DevOps and Kubernetes environments
- Develop automation using REST APIs, PowerShell, and CyberArk tools
- Design CyberArk disaster recovery and vault backup strategies
- Integrate CyberArk logs with SIEM platforms and support audit/compliance requirements
- Maintain alignment with Zero Trust security architecture principles
- Stay current on CyberArk roadmap, new features, and evolving PAM security threats
Entra:
- Proven expert knowledge of Azure Entra ID capabilities such as Conditional Access Policies, Privileged Identity Manager and Application Registrations, integrated with CyberArk privileged access controls
- Strong understanding of PIM and the assignment of roles / IAM permissions on Management Groups, Subscriptions and Resources, aligned with Just-in-Time access principles
- Azure Infrastructure Management to include user accounts, groups, conditional policies, Intune management, mobile device management, and endpoint security
- Strong understanding of App registration, Enterprise Apps, SPN’s and managed identities with the understanding of least privileged administration when it comes to MS Graph API allocation of permissions and secure credential storage in CyberArk
- Strong understanding of multifactor authentication, SSPR and WHfB, ensuring secure privileged authentication workflows
- Strong PowerShell scripting Skills, automation, and scheduling skills when working with data in Azure and integrating with CyberArk APIs
- Good understanding of Intune polices management and autopilot
- An individual that stays abreast of the latest Entra ID features, best practices, and security trends, and make recommendations for continuous improvement
Active Directory:
- Strong background in Active Directory covering domains that span geo locations with numerous DCs and a user base of 5000+
- Strong understanding of DNS and GPOs, user object and OU administration
- Solid understanding of Microsoft Tiering, IAM, and PAM concepts with CyberArk vaulting integration for Tier 0 accounts
- Strong knowledge of server operating systems from Windows 2016 to Windows 2025
- Strong understanding of the FSMO roles when it comes to maintaining the security and the integrity of the domain
- Strong understanding of the delegation of permissions across the domain OU structure aligned with least privilege principles
- Strong PowerShell scripting skills, automation, and scheduling skills including AD account onboarding into CyberArk
- Solid understanding of the recovery steps needed to recover a domain in the event of a disaster
Okta:
- Able to demonstrate a strong understanding of IAM concepts, including identity federation, SSO, SAML, OAuth, OIDC, MFA, role-based access control (RBAC), and least privilege principles, integrated with CyberArk privileged authentication workflows
- Able to provide Okta subject matter expertise to a variety of program stakeholders on application integration, IAM functionality, and Okta’s feature roadmap
- Capable of designing and implementing Okta platform configurations to align with overall solution architecture and customer requirements while integrating CyberArk for privileged user authentication
- Willing to collaborate with Solution Architects, other solution component SMEs and stakeholders to develop and refine solution requirements, ensuring secure and efficient access for on‑premises and cloud‑based applications and resources
- Able to drive and support customer application integrations into Okta-based IAM solutions and align privileged access controls through CyberArk
- Troubleshoot and resolve technical issues before, during and after application integration
Skills and Experience Specification:
- Competencies Planning: Follow work plans, established timelines, and predefined goals for assigned work. Meet commitments on deadlines.
- Communication: Communicate activities, results, and observations with employees and management as appropriate.
- Cost Management: Identify areas for improvement in existing business practices. Perform work thoroughly in a cost-efficient manner and at a high productivity level.
- Business Controls and Policies: Comply with all corporate policies and procedures. Report any breakdowns in controls to management. Conduct all activities in a safe manner.
- People Management: No people management responsibility.
- Other: Excellent troubleshooting, architectural, and documentation skills. Knowledge and experience with Rubrik advantageous. Microsoft, Azure or Okta certification are highly beneficial.
Tokio Marine HCC is a leading specialty insurance group with offices in the United States, the United Kingdom, Europe, and other locations. With the strength and stability that comes from being a member of the Tokio Marine group, and more than forty years of growth, profitability, and stability, we offer important insurance products that most people do not even know exist. The Tokio Marine HCC Group of companies is an equal opportunity employer.
Identity Systems Engineer (CyberArk) employer: Dormont Manufacturing Co
At Tokio Marine HCC, we pride ourselves on being a forward-thinking employer that values innovation and employee empowerment. Our hybrid work culture fosters collaboration while providing flexibility, and we are committed to the professional growth of our team members through continuous learning opportunities and a supportive environment. Join us in a role where your expertise in CyberArk will not only be recognised but also contribute to our mission of delivering exceptional insurance solutions globally.
StudySmarter Expert Advice🤫
We think this is how you could land Identity Systems Engineer (CyberArk)
✨Get Involved in the Cybersecurity Community
Diving into the cybersecurity community is key for landing that full-time gig. Join forums like Reddit's r/cybersecurity or attend local meetups to connect with industry veterans and other job seekers. Networking is everything in this field—don’t just be a passive lurker!
✨Show Off Your Skills with Capture the Flag Competitions
Participate in Capture the Flag (CTF) competitions; these are not just a fun way to boost your skills but also a chance to showcase your talent to potential employers. Many companies, including Dormont Manufacturing Co, love seeing candidates who actively engage in these challenges.
✨Tailor Your Online Presence
Make sure your LinkedIn and any professional profiles reflect your cybersecurity expertise. Share your projects, whether they’re personal or from a previous role, to catch the eye of hiring managers. This is how they’ll find your passion and commitment to the field!
✨Apply Directly Through Dormont Manufacturing Co
Don’t forget to head straight to our website and check out any openings for cybersecurity roles at Dormont Manufacturing Co. Applying directly can sometimes give you an edge, especially if you can mention that you've been following our work or engaging in the community.
We think you need these skills to ace Identity Systems Engineer (CyberArk)
Some tips for your application 🫡
Show off your technical skills:In cybersecurity, it's crucial to highlight your technical prowess. Make sure your CV showcases specific skills like network security, penetration testing, or threat analysis. If you have relevant certifications (like CEH or CISSP), pop those on the front page to grab attention!
Tailor your portfolio for the role:Even for a full-time role, a portfolio can set you apart. If you've worked on any cybersecurity projects—be it CTF challenges, security assessments, or research papers—include these in your application. This demonstrates not just your skills, but also your hands-on experience!
Use real-world examples:When writing your cover letter, don’t just stick to your qualifications. Share real-world examples of how you’ve tackled security issues or vulnerabilities. This gives the hiring team at Dormont Manufacturing Co insight into your practical problem-solving abilities and makes your application memorable.
Demonstrate your passion for cybersecurity:Cybersecurity is an ever-evolving field, so show us that you’re always learning! Mention any recent courses, webinars, or industry events you’ve attended. This not only exhibits your enthusiasm but also signals to Dormont Manufacturing Co that you’re committed to staying ahead in the game.
How to prepare for a job interview at Dormont Manufacturing Co
✨Sharpen Your Technical Skills
For a role in cybersecurity, it’s essential to be up-to-date with the latest tools and techniques. Brush up on your knowledge of firewalls, intrusion detection systems, and vulnerability assessment tools. Be ready to discuss specific scenarios where you’ve applied these skills, as hands-on experience can really set us apart in interviews.
✨Prepare for Scenario-Based Questions
Expect the interviewers at Dormont Manufacturing Co to throw in some hypothetical situations to see how you’d handle them. Think about common security breaches or incidents and be prepared to explain how you would respond. This not only shows your problem-solving skills but also your understanding of real-world cybersecurity challenges.
✨Highlight Your Certifications
Certifications like CompTIA Security+, CISSP, or CEH can give you a significant edge in a full-time role in cybersecurity. Make sure to mention these during your interview and be prepared to discuss what you learned through those certifications and how they relate to the position at Dormont Manufacturing Co.
✨Show Your Passion for Cybersecurity
Since you’re going for a full-time gig, showing genuine enthusiasm for the field can make all the difference. Share any personal projects, blogs, or communities you’re part of that relate to cybersecurity. This not only showcases your passion but also your commitment to staying engaged in this ever-evolving field.