Sr. Identity Access Management (IAM) Engineer
Hyundai Capital America

Description

Who We Are

Through our service brands Hyundai Motor Finance, Genesis Finance, and Kia Finance, Hyundai Capital America offers a wide range of financial products tailored to meet the needs of Hyundai, Genesis, and Kia customers and dealerships. We provide vehicle financing, leasing, subscription, and insurance solutions to over 3 million consumers and businesses. Embodying our commitment to grow, innovate, and diversify, we strive to reimagine the customer and dealer experience and launch innovative new products that broaden our market reach. We believe that success comes from within and are proud to support our team members through skill development and career advancement. Hyundai Capital America is an Equal Opportunity Employer committed to creating a diverse and inclusive culture for our workforce. We are a values-driven company dedicated to supporting both internal and external communities through volunteering, philanthropy, and the empowerment of our Employee Resource Groups. Together, we strive to be the leader in financing freedom of movement.

We Take Care of Our People

Along with competitive pay, as an employee of HCA, you are eligible for:

• Medical, dental, and vision plans with no-cost and low-cost options

• Annual employer HSA contribution

• 401(k) matching and immediate vesting

• Vehicle purchase and lease discounts, plus monthly vehicle allowances by job level:

o Associate / Sr. Associate: $350

o Manager / Sr. Manager: $600

o Director: $800

o Executive Director: $900

o VP or Above: $1,000

• 100% employer-paid life and disability insurance

• No-cost health and wellbeing programs, including a gym benefit

• Six weeks of paid parental leave

• Paid Volunteer Time Off, plus a company donation to a charity of your choice

What to Expect

The Sr. Identity & Access Management (IAM) Engineer - CyberArk will serve as the technical lead for the organization's Privileged Access Management (PAM) and Identity platforms, with a primary focus on CyberArk Privilege Cloud. This role is hands-on and operationally focused, and is responsible for the design, configuration, security, and day-to-day management of CyberArk Privilege Cloud, including PSM and CPM infrastructure components. In addition, the role will provide technical leadership and architectural guidance across the broader IAM ecosystem, including SailPoint (IGA) and Ping Identity (authentication and federation)..

What You Will Do

1. Privileged Access Management - CyberArk

• Serve as the primary technical owner for CyberArk Privilege Cloud.

• Design, configure, and manage CyberArk PSM and CPM components, including connectors, platform onboarding, and vault integrations.

• Onboard, manage, and maintain privileged accounts across on prem and cloud environments.

• Implement and maintain session management, credential rotation, and least privilege controls.

• Troubleshoot and resolve complex CyberArk-related incidents and performance issues.

• Lead upgrades, configuration changes, and feature enablement within CyberArk Privilege Cloud.
2. MSP Direction and Operational Oversight

• Provide technical direction and day-to-day oversight of the MSP supporting CyberArk.

• Review MSP deliverables, configurations, and operational activities for quality, security, and compliance.

• Define runbooks, SOPs, and escalation procedures for PAM operations.

• Act as the escalation point for complex issues.
3. IAM Platform Engineering & Integration

• Provide hands-on engineering support and architectural guidance for SailPoint (identity governance) and Ping Identity (SSO, MFA, federation).

• Partner with infrastructure, application, and cloud teams to integrate IAM and PAM controls into enterprise platforms and business applications.

• Contribute to AWS IAM platform engineering and best practices

• Support lifecycle automation, access reviews, authentication flows, and entitlement management across IAM systems.

• Ensure consistent application of IAM standards, patterns, and security best practices.

• Create and maintain architecture diagrams, technical documentation, and operational runbooks.

• Collaborate with Security Operations, Infrastructure, Cloud, and Application teams to improve identity security posture.
4. Security, Risk, and Compliance Alignment

• Ensure PAM and IAM solutions align with regulatory and audit requirements (e.g., SOX, PCI, SOC 2, ISO 27001).

• Support audits by providing evidence, documentation, and technical explanations of IAM and PAM controls.

• Identify and remediate access-related risks, including orphaned accounts, excessive privileges, and policy gaps.

Qualifications

What You Will Bring

• Minimum 8 years of progressive experience in Identity & Access Management or cybersecurity engineering roles.

• Hands-on experience with CyberArk, including Privilege Cloud, PSM, and CPM.

• Experience working in regulated or security sensitive environments.

• Experience providing technical oversight or leadership for managed service providers (MSP/MSSP).

• Hands on experience supporting or integrating SailPoint and Ping Identity platforms preferred.

• Experience with AWS IAM capabilities and best practices preferred.

• Experience in financial services, with an understanding of financial threats (e.g., fraud, data breaches) and regulations (e.g., PCI DSS, Korean SOX, GDPR) preferred.

• Bachelor's degree in Computer Science, Information Systems, Cybersecurity, (or equivalent experience/degree).

• CyberArk certifications (e.g., Defender, Sentry) preferred.

• IAM or security certifications such as CISSP, CISM, or equivalent preferred.
Technical Skills:

• Deep expertise in Privileged Access Management (PAM) concepts and implementations.

• Strong working knowledge of CyberArk Privilege Cloud, PSM, CPM, and credential vaulting.

• Working knowledge of SailPoint IdentityIQ/IdentityNow and Ping Identity (PingFederate, PingAccess, PingOne).

• Understanding of authentication protocols (SAML, OIDC, OAuth, LDAP).

• Familiarity with cloud and hybrid environments, specifically AWS IAM capabilities and best practices.

• Experience with scripting or automation (PowerShell, Python) is a plus.

• Familiarity with automation and scripting (Python, PowerShell, Terraform) for bulk onboarding or interacting with Cyberark infrastructure.

• Proficiency in IAM frameworks and protocols (SAML, OIDC, OAuth 2.0, MFA, etc.)
Soft Skills:

• Strong problem-solving and troubleshooting skills.

• Excellent communication skills to articulate technical concepts to technical and non-technical stakeholders.

• Ability to provide clear technical direction to internal teams and external partners.

• Strategic thinker with the ability to align cybersecurity architectures with business and regulatory goals.

• Detail oriented with a strong focus on security, reliability, and operational excellence.

Work Environment

Employees in this class are subject to extended periods of sitting, standing, and walking, vision to monitor and moderate noise levels. Work is performed in an at home and office environment.

The posted salary range for this job takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; geographic location, and other business and organizational needs. Successful candidates may be hired anywhere in the salary range based on these factors. It is uncommon to hire candidates at or near the top of the range.

California Privacy Notice

This notice only applies to our applicants who reside in the State of California.

The latest version of our Privacy Policy can be found here . This Privacy Policy provides you with notice, at or before the point of collection, about the categories of personal information to be collected from you, the purposes for which your personal information is collected or used, and whether that information is sold or shared, so that you can exercise meaningful control over our use of your personal information. We are providing this notice to comply with the California Consumer Privacy Act of 2018, as amended as amended by the California Privacy Rights Act of 2020 ("CCPA").

If you have any questions about CCPA regarding California residents or HCA team members, please contact the Privacy Team at Privacy2@hcs.com .