Systems Engineer - Senior

Arch Global Services (Philippines) Inc. is a proud member of the Arch Capital Group LLC (www.archgroup.com), a globally recognized leader in insurance, reinsurance, and mortgage insurance solutions.

Established as the Group’s Global Service Operations (GSO) hub in the Philippines, Arch Global Services delivers critical support to Arch Capital’s worldwide network. We provide high-quality, high-impact business services across key areas such as Finance, IT, Risk, Actuarial, Operations, Project Management, Data & Analytics, and Shared Services.

At Arch, we believe in empowering our people with meaningful work, continuous learning, and a collaborative culture that values innovation, agility, and integrity. Our dynamic Manila and Cebu-based teams play a vital role in driving operational excellence and digital transformation for the Arch enterprise.

Joining Arch Global Services means being part of a fast-growing, high-performing organization that offers global exposure, professional development, and a strong commitment to work-life balance. If you’re looking to grow your career in a company that values talent, purpose, and potential — we invite you to build your future with us.

Be part of something bigger. Be part of Arch. Where the people is our biggest asset!

The Senior Systems Engineer is primarily responsible for the administration and operation of the firm’s enterprise identity and privileged access platforms, with primary focus on Microsoft Entra ID infrastructure, identity governance, and CyberArk privileged access management. This role requires in-depth knowledge of Entra ID (Azure AD), Active Directory, Conditional Access, Privileged Identity Management (PIM), and CyberArk, along with strong proficiency in PowerShell automation. A solid understanding of hybrid identity (Entra Connect), identity protocols, and secure access controls is essential.

The ideal candidate is a hands-on engineer with strong troubleshooting capabilities, a self-starter mindset, and demonstrated experience delivering identity and access initiatives from design through implementation in a global enterprise environment.

Job Responsibilities:

· Identity & Access Management

o Manage identity lifecycle processes (joiner/mover/leaver)

o Implement Conditional Access, MFA, and risk-based controls

o Maintain role-based access models

o Administer enterprise applications and SSO integrations

· Active Directory

o Plan and Deploy AD Sites and Services, Promote/Demote Domain Controllers

o AD user migration using ADMT and Quest

o Support Multiple AD forests and trust between them

o Automate AD health checks, Identity Lifecyle management, etc.

o Setup and review AD health assessments to remediate any vulnerabilities

· Privileged Access (CyberArk)

o Operate CyberArk PAM platform

o Manage privileged account onboarding and credential rotation

o Implement just-in-time access

o Align CyberArk with Entra PIM

· Secure Cloud Administration

o Manage Microsoft Entra ID

o Protect administrative roles and tenant configurations

o Support secure application onboarding

· Identity Integration & Transformation

o Support hybrid identity (Entra Connect)

o Assist with M&A integrations

o Drive cloud-native identity adoption

· Automation & Operations

o Automate tasks using PowerShell

o Improve monitoring and reporting

o Support identity incident escalation

· Serve as an escalation point and provide guidance and direction for the resolution of escalated issues and/or complex production, application or system problems

· Must be able to accommodate schedule flexibility to deal with escalations and occasional changes during non-core business hours

Required Skills/Experience

· 5+ years in identity or security engineering

· Experience with Entra ID, Conditional Access, MFA

· Experience with CyberArk or similar PAM tools

· Knowledge of identity protocols (SAML, OAuth, OIDC)

· Knowledge of Kerberos, LDAP, Active Directory, ADFS, DNS, DHCP.

· Very good knowledge of Azure AD, Conditional Access, MFA, O365 licensing etc.

· Expert knowledge of Windows servers, Active Directory, ADFS, GPOs in a Windows Server 2012 R2 and 2016 environment

Desired Skills/Experience

· Ability to effectively plan, facilitate, and participate in meetings with employees from all organizational levels

· Effectively use teamwork to contribute to a high morale/high-performance team culture, leading by example

· Demonstrate the ability to work in an open way, willingness to share knowledge and resources and to educate others within a global team

· Effective team player and collaborator

· Strong skills in prioritization and reprioritization to react to a dynamic environment as Arch continues to evolve

· Excellent interpersonal and communication skills, including strong listening skills

· Ability to effectively communicate business and technical information to audiences with varying backgrounds

· Ability to communicate with offshore teams and technical development teams

· Good documentation and presentation skills

· Ability to interact with management in a professional manner

• 4-year college degree in Information Technology or similar field

• Technical degree or certifications preferred but not required

• Industry specific training or designation a plus