Security Engineer (IAM/PAM)

About FuturWork

FuturWork is an European tech consulting ecosystem operating across Belgium and France. Our Cybersecurity practice helps enterprises build resilient, compliant, and operationally mature security postures. We work with clients in energy, finance, healthcare, and critical infrastructure.

We are an AI-first consulting firm. Our engineers are expected to leverage AI agents and automation to move faster, document smarter, and deliver more value  not just execute tickets.

Role Overview

As a Security Engineer specializing in IAM and PAM, you design and implement the identity architectures that keep our clients' most critical systems secure. You are the person who decides who gets in, under what conditions, and with what level of oversight.

This is a hands-on technical role.You will work embedded with client teams, deploying and configuring enterprise-grade IAM and PAM platforms, enforcing Zero Trust principles, and reducing the attack surface across hybrid and multi-cloud environments.

WHATYOU'LL DO

–   Design and implement IAM architectures: role-based access control (RBAC), attribute-based access control(ABAC), federated identity, SSO

–   Deploy and operate PAM solutions (CyberArk, BeyondTrust, Delinea) across on-premise and cloud environments

–   Enforce Zero Trust principles: least privilege, just-in-time access, continuous authentication

–   Integrate identity platforms with cloud providers (Azure AD / Entra ID, AWS IAM, GCP IAM)

–   Conduct access reviews, privilege audits, and identity hygiene assessments

–   Produce technical documentation, architecture diagrams, and operational runbooks

–   Collaborate with GRC consultants to align identity controls with NIS2, ISO 27001, and DORA requirements

–   Use AI-assisted tools to accelerate configuration, documentation, and anomaly detection

WHATWE'RE LOOKING FOR

–   3–6 years of experience in identity and access management, privileged access management, or security engineering

–   Hands-on experience with atl east one PAM platform (CyberArk, BeyondTrust, Delinea) and one IAM platform(Okta, Azure AD / Entra ID, SailPoint)

–   Solid understanding of ZeroTrust architecture and modern authentication protocols (SAML, OAuth2, OIDC)

–   Experience working in hybrid environments (on-premise + cloud)

–   French fluency required; professional English is a strong plus

–   Comfortable working client-facing — you can explain technical decisions to a security manager

–   AI-curious: you actively look for ways to automate repetitive engineering tasks

NICE TO HAVE

–   Certifications: CyberArk Certified Delivery Engineer, Microsoft SC-300, SailPoint Identity Now certification

–   Experience with IGA(Identity Governance & Administration) platforms

–   Exposure to cloud-native identity services and workload identity management

–   Scripting skills for automation: PowerShell, Python, or Terraform

CyberArk / BeyondTrust

Azure AD / Entra ID

Zero Trust

RBAC / ABAC

OAuth2 / SAML

‍

WHYFUTURWORK

–   Work on complex, real-worldidentity challenges — not proof-of-concepts

–   AI-augmented engineering:internal tooling to reduce toil and increase your delivery bandwidth

–   Access to FuturWork Academyfor continuous upskilling and certification support

–   Transparent salary modeland clear technical career path

–   Hybrid model from our Parisoffice

–   Be part of a growingcybersecurity practice with direct access to leadership

‍

He builds and operates the identity infrastructure. Concretely: he deploys CyberArk or BeyondTrust, configures who gets access to what, enforces least privilege and Zero Trust across hybrid environments. He integrates identity platforms with Azure AD, AWS IAM, and the like. He's deep technical — less client-facing than a GRC consultant, more in the systems. He also runs access reviews and privilege audits to make sure nothing drifts over time.