Privileged Access Management Engineer

Join Mizuho as Privileged Access Management Engineer!

Mizuho’s Identity and Access Management (IAM) team is undergoing an exciting transformation. We're building a dedicated high performing IAM function that is central to the firm's cybersecurity and regulatory strategy. Our environment is dynamic, growing, and rich with opportunity. You’ll work alongside a talented group of professionals who are passionate about solving complex access challenges, automating at scale, and strengthening security posture across both on-premises and cloud environments. This is a unique chance to join our team that's shaping the future of IAM at a major financial institution.

We are seeking a CyberArk Engineer to support the implementation, operation, and ongoing management of our Privileged Access Management (PAM) platform. The role is responsible for securing privileged and service accounts, ensuring compliance with security standards, and supporting enterprise users and applications.

This hands-on engineering role focuses on delivering secure and scalable solutions for managing privileged accounts used by servers, applications, services, APIs, and cloud workloads. The ideal candidate has deep expertise in CyberArk and related technologies.

This role is critical to strengthening the firm's identity security posture, enabling secure cloud adoption, and supporting compliance with regulatory and internal control requirements

Key Responsibilities:

Core CyberArk / PAM Engineering

• Design, implement, and maintain CyberArk Privileged Access Management (PAM) solutions to secure privileged, service, and application accounts across enterprise environments.
• Configure and manage CyberArk components including Digital Vault, PVWA, CPM, PSM, and connectors (Windows, Unix, Database, Cloud where applicable).
• Create and manage safes, platforms, access policies, and permissions in accordance with least‑privilege and security standards.
• Build automations to support the core PAM activities.

Privileged Account Onboarding & Lifecycle Management

• Lead onboarding of privileged and service accounts into CyberArk, including inventory validation, account vaulting, and enabling password rotation.
• Work closely with infrastructure and application teams to identify dependencies and ensure password changes do not disrupt services.
• Manage account lifecycle activities such as modifications, offboarding, and exception handling.

Password & Session Management

• Implement and monitor automated password rotation and reconciliation for managed accounts.
• Configure and support Privileged Session Management (PSM) for secure access and session recording.
• Troubleshoot password rotation failures, access issues, and CPM/PSM errors.

Operations, Monitoring & Support

• Provide L2/L3 operational support, including root‑cause analysis and coordination with vendors or internal teams.
• Maintain and update runbooks, SOPs, and operational documentation for CyberArk processes.

Compliance, Audit & Governance

• Support audit and regulatory requirements by generating CyberArk reports, access certifications, and compliance evidence.
• Participate in periodic privileged access recertifications and remediation of findings.
• Ensure CyberArk configurations align with IAM standards, internal policies, and regulatory frameworks (e.g., SOX, ISO, internal audits).

Integration & Automation

• Integrate CyberArk with IAM tools (e.g., SailPoint), Active Directory, ServiceNow and other enterprise applications.
• Support use of CyberArk REST APIs and Central Credential Provider (CCP) for application integrations and automation.
• Assist with automation and reconciliation processes related to privileged account discovery and onboarding.

Stakeholder Collaboration

• Act as a subject‑matter expert (SME) for CyberArk/PAM, advising application, infrastructure, and security teams.
• Coordinate with IAM Governance, Risk, Compliance, and Audit teams on PAM‑related initiatives.
• Participate in design and architecture discussions to identify gaps and drive scalable, automation-friendly improvements.

Nice to Have

• Experience with cloud PAM (AWS, Azure, GCP)
• Scripting (PowerShell, Python) for automation
• CyberArk certifications (CPC, CDE, Defender)

Required Qualifications

• 7+ years of experience in Identity & Access Management, cybersecurity engineering, or related infrastructure security roles, with a strong focus on Privileged Access Management.
• Demonstrated experience with CyberArk.
• Experience in enterprise environments (Windows, Unix, databases, service accounts).
• Familiarity with security controls and regulatory expectations related to identity, credential, and Privileged Access Management (e.g., SOX, NIST).
• Strong collaboration and communication skills, with the ability to work effectively across infrastructure, cloud, security, and DevOps teams.

The expected base salary ranges from $81,000 - $150,000. Salary offers are based on a wide range of factors including relevant skills, training, experience, education, and, where applicable, certifications and licenses obtained. Market and organizational factors are also considered. In addition to salary and a generous employee benefits package, including Medical, Dental and 401K plans, successful candidates are also eligible to receive a discretionary bonus.

#LI-Hybrid

Other requirements

Mizuho has in place a hybrid working program, with varying opportunities for remote work depending on the nature of the role, needs of your department, as well as local laws and regulatory obligations. Roles in some of our departments have greater in-office requirements that will be communicated to you as part of the recruitment process.   

Company Overview

Mizuho Financial Group, Inc. is the 15th largest bank in the world as measured by total assets of ~$2 trillion. Mizuho's 60,000 employees worldwide offer comprehensive financial services to clients in 35 countries and 800 offices throughout the Americas, EMEA and Asia. Mizuho Americas is a leading provider of corporate and investment banking services to clients in the US, Canada, and Latin America. Through its acquisition of Greenhill​, Mizuho provides M&A, restructuring and private capital advisory capabilities across Americas, Europe and Asia. Mizuho Americas employs approximately 3,500 professionals, and its capabilities span corporate and investment banking, capital markets, equity and fixed income sales & trading, derivatives, FX, custody and research. Visit www.mizuhoamericas.com.​​

Mizuho Americas offers a competitive total rewards package.

We are an EEO/AA Employer - M/F/Disability/Veteran.

We participate in the E-Verify program.

We maintain a drug-free workplace and reserve the right to require pre- and post-hire drug testing as permitted by applicable law.

#LI-MIZUHO