JSC Georgian Card is looking for an IAM Security Engineer to join our team.


As the IAM Security Engineer at JSC Georgian Card, you will build, configure, and maintain the identity and access management platforms that secure the organization’s systems. You will be responsible for engineering single sign-on, multi-factor authentication, and conditional access; designing RBAC roles; and automating joiner-mover-leaver lifecycle workflows. You will also integrate applications, run identity-governance campaigns, and support privileged access management. If you are an engineering-minded, analytical, and collaborative professional who can design and implement robust identity controls, this position is for you.


What you will do:

  • Configure and maintain SSO, MFA, and conditional access policies across the IAM platform;

  • Implement and operate Zero Trust Network Access (ZTNA) for application access, replacing legacy VPN;

  • Integrate applications with the IAM platform via SAML, OIDC/OAuth, and SCIM provisioning;

  • Design and maintain RBAC roles, entitlements, and birthright access aligned to least privilege;

  • Automate joiner-mover-leaver lifecycle workflows and provisioning across connected systems;

  • Build and run identity-governance access-certification campaigns and remediate exceptions;

  • Support privileged access management, including credential vaulting, session management, and just-in-time access;

  • Serve as the technical escalation point for Level 1 on IAM platform issues and access logic;

  • Investigate access-related incidents and implement corrective controls;

  • Translate PCI DSS access-control requirements into enforceable IAM controls and validate them;

  • Maintain technical documentation, including role models, integration designs, and runbooks;

  • Mentor Level 1 engineers on IAM tooling and processes.


What you have:

  • Bachelor’s degree in Computer Science, Information Security, IT, or a related field; equivalent practical experience also considered;

  • Minimum 3 years of experience in IAM, information security, or identity engineering;

  • Hands-on experience with at least one enterprise IAM/SSO platform (Microsoft Entra ID, Keycloak, Okta, Ping, or ForgeRock);

  • Practical experience configuring SSO, MFA, conditional access, and integrating applications via SAML, OIDC/OAuth, and SCIM;

  • Hands-on experience with Zero Trust Network Access (ZTNA) solutions (e.g., Zscaler Private Access, Microsoft Entra Private Access, Cloudflare Access);

  • Experience with directory services (Active Directory, Entra ID, LDAP), including group and role design;

  • Working knowledge of identity governance (IGA) tooling (e.g., SailPoint, Saviynt, or Entra ID Governance) and access certification;

  • Familiarity with privileged access management (e.g., CyberArk, BeyondTrust, or Delinea);

  • Scripting and automation proficiency in PowerShell, Python, or Graph/REST APIs;

  • Practical knowledge of PCI DSS Requirements 7 and 8, ISO/IEC 27001, and segregation-of-duties principles;

  • English proficiency sufficient for technical documentation, vendor communication, and reporting;

  • Engineering mindset, analytical and detail-oriented, clear communicator, self-directed with a collaborative attitude.

Preferred:

  • Professional certifications such as Microsoft SC-300, Okta Certified Administrator/Consultant, SailPoint IdentityNow, CISSP, or equivalent;

What we offer:

  • Interesting and challenging job;

  • Competitive base salary, learning and developing opportunities.

Interested? Please fill in the information, attach your CV and submit by clicking “apply for position now”. The deadline for submitting applications is 15 Jul, 2026

Apply for position now