About Us:
EhsanLab is a leading software testing and cybersecurity company providing enterprise-grade solutions in quality assurance, penetration testing, identity security, and compliance. We serve startups, enterprises, and regulated industries that require secure, reliable, and scalable digital systems.
Our cybersecurity division is expanding, and we are hiring an experienced IAM/PAM – Identity Governance expert to join our security team.

About the Role

As an IAM/PAM Consultant – Identity Governance at EhsanLab, you will design, deploy, and manage identity security solutions supporting enterprise environments. This role focuses heavily on Identity Governance & Administration (IGA) while contributing to access lifecycle automation and privileged access security. You will work with IGA tools, PAM platforms, directory services, cloud identity, and integrations that support large-scale user environments.

Key Responsibilities:

  • Implement and maintain IGA solutions (SailPoint, Saviynt, One Identity, Omada).
  • Develop and optimize identity lifecycle workflows, access certifications, and governance policies.
  • Deploy, support, and maintain PAM platforms (CyberArk, BeyondTrust, Delinea, etc.).
  • Integrate IAM/PAM tools with HR systems, directories, and enterprise applications.
  • Conduct access reviews, role mining, and segregation-of-duties (SoD) analysis.
  • Implement SSO, MFA, RBAC, credential rotation, and identity federation.
  • Troubleshoot identity issues and provide operational support to internal and client teams.
  • Document configurations, policies, and operational procedures.
  • Collaborate with Security, Infrastructure, and Application teams to ensure robust identity architecture.

Required Qualifications:

  • 6+ years of hands-on experience in IAM/IGA/PAM engineering.
  • Practical experience with SailPoint, Saviynt, or similar IGA platforms.
  • Strong understanding of IAM fundamentals: SSO, MFA, RBAC, provisioning, directory services.
  • Experience deploying or managing PAM tools (CyberArk, BeyondTrust, etc.).
  • Knowledge of Active Directory, Azure AD, LDAP, SCIM, APIs, and automation scripting (Python/PowerShell).
  • Good understanding of security compliance frameworks (ISO 27001, NIST, Zero Trust principles).
  • Excellent problem-solving skills and ability to work independently.

 Nice to Have:

  • Experience in cloud IAM (AWS IAM, Azure IAM, GCP IAM).
  • Certifications such as CISSP, CISM, Security+, or vendor-specific IAM/PAM certs.
  • Background in Identity architecture or access risk management.

What We Offer:

  • Competitive salary linked to the USD exchange rate.
  • Opportunity to work with a global team on innovative projects.
  • Flexible remote work arrangements.
  • Continuous professional development and learning opportunities.

How to Apply:

Please submit your resume using the application form below.
If you’re passionate about identity security and governance, we’d love to meet you.

Deadline: Open until filled.

Job Category: Engineering
Job Type: Full-time
Job Location: Hybrid

Apply for this position

Maximum allowed file size is 16 MB. Allowed Type(s): .pdf