Senior Security Operations Engineer

The Senior Security Operations Engineer will be responsible for overseeing
Identity and Access Management (IAM) and Privileged Access Management (PAM) security operations within GFL. This role involves working daily with our IAM/PAM tools and platforms, ensuring secure access control, privilege management, and identity governance. The senior engineer will provide
technical leadership to junior team members and deliver security reporting
to management.
As part of the GFL IT Operations team, you will be deeply involved in modernizing IAM/PAM frameworks, securing cloud-hosted platforms, and ensuring that legacy products maintain compliance with security best practices.

 

Key Responsibilities

• Lead IAM/PAM Initiatives – Design, implement, and maintain Privileged Access Management (PAM) solutions (CyberArk) and Identity Governance & Administration (IGA) platforms (Saviynt, SailPoint).

• Enhance Zero Trust Security – Implement Zero Trust principles for identity security, including least privilege access, role-based access control (RBAC), and multi-factor authentication (MFA).

• Conduct IAM/PAM Risk Assessments – Identify security risks in identity workflows, privileged access, and account provisioning, providing recommendations for remediation.

• IAM Policy & Compliance Enforcement – Ensure IAM/PAM security policies comply with NIST, PCI-DSS, HIPAA, SOC 2, and ISO 27001 frameworks.

• Automate Identity & Privilege Management – Develop automated access provisioning, deprovisioning, and access review workflows using IAM tools and DevOps pipelines (Terraform, Ansible, GitHub).

• Harden Cloud-Based IAM Security – Secure AWS IAM configurations, federated access (SAML, OAuth), secrets management, and identity federation across cloud environments.

• Collaborate with IT & DevOps – Work with cross-functional teams to integrate IAM/PAM security controls within network, cloud, and application environments.

• Monitor & Respond to Identity Security Incidents – Investigate IAM/PAM-related security incidents, perform root cause analysis, and ensure proper audit logging.

• Develop IAM/PAM Documentation & Training – Maintain security documentation, including IAM governance policies, role-based access models, and security control standards.

• Stay Updated on IAM/PAM Security Trends – Continuously research new identity security threats, access control trends, and best practices to strengthen GFL’s security posture.

The culture:
GFL is committed to providing everyone with the opportunity to thrive, this means.

• Our working arrangements can be flexible to accommodate your priorities

• We have a training budget so you can keep your continuous personal development up to date

• Volunteering options available to engage with the wider community

• A respectful and considerate workspace, working alongside colleagues from across the wider business

• Recognition for a job well done and not just the superhuman push at the end

Requirements

• Bachelor's degree in computer science, Information Security, or a related field, or equivalent work experience.

• At least 5 years of experience in network and cloud security, with a strong focus on Identity and Access Management (IAM) and Privileged Access Management (PAM).

• 3+ years of hands-on experience with IAM/PAM solutions, including Saviynt, SailPoint, and CyberArk.

• Familiarity with Infrastructure as a Service (IaaS), Infrastructure as Code (IaC), and related concepts on Amazon Web Services (AWS).

• Experience designing and managing IAM/PAM frameworks, including role-based access control (RBAC), attribute-based access control (ABAC), and Zero Trust security models.

• Hands-on experience with Saviynt and SailPoint for Identity Governance & Administration (IGA), access certification, provisioning workflows, and automated access reviews.

• Strong expertise in CyberArk PAM solutions, including Vault, PSM, CPM, EPM, and Privileged Session Management for securing privileged accounts.

• Knowledge of cloud-based IAM security controls, including AWS IAM, identity federation, SSO, MFA, secrets management, and policy-based access controls.

• Skilled experience in Cloud Security Architecture and Cloud IAM security best practices, including tenant security, container security, network segmentation, and WAF configurations.

• Hands-on experience with security tools and technologies, such as SIEM (Splunk, Dynatrace, Sentinel), WAFs (Cloudflare, AWS WAF), vulnerability scanners, and firewalls (Fortinet, Cisco).

• Familiarity with IT service management processes, including change management, incident management, problem management, and configuration management.

• Knowledge of compliance frameworks (NIST, PCI-DSS, HIPAA, SOC 2, ISO 27001) and their impact on IAM/PAM security strategies.

• In-depth understanding of IAM automation with Terraform, Ansible, and DevSecOps pipelines (Azure DevOps, GitHub) for policy enforcement and security automation.

• Strong analytical, problem-solving, and troubleshooting skills, with the ability to represent technical viewpoints to diverse audiences.

 

We thank you for your interest. Only those selected for an interview will be contacted.

GFL is committed to equal opportunity for all, without regard to race, religion, color, national origin, citizenship, sex, sexual orientation, gender identity, age, veteran status, disability, genetic information, or any other protected characteristic. If you are interested in applying for employment and need special assistance or an accommodation to apply for a posted position, please contact myworkdayrecruitment@gflenv.com