Systems Engineer, Saviynt & CyberArk

A Day in Your Life at MKS

The Engineer / Product Manager will be responsible for ongoing operation of the Saviynt Identity Governance & Administration (IGA) platform and the corporate PAM solution as well as designing, expanding and implementing new requirements. This role includes leading technical initiatives and ensuring platform stability. As a technical expert, you will provide technical leadership and coordinate with support teams in delivering secure and efficient identity solutions across the organization.

The successful candidate will be a highly passionate, and self-driven individual who loves to learn, solve problems, and contribute to the team's advancement.

You Will Make an Impact By

• Platform Ownership
  • Serve as the subject matter expert (SME) for Saviynt IGA and CyberArk (PAM solution)
  • Oversee configuration, customization, and integration of Saviynt and CyberArk with enterprise systems.
  • Ensure platform scalability, performance, and compliance with security standards.
  • Own all cost related issues (run / maintain / operate)
  • Vendor and partner management for the given applications

• Technical  Leadership
  • Work closely with IT leadership on coordinating workload distribution and providing technical guidance.
  • Provide mentorship to a team of IDAM engineers, responsible for daily operations and enhancements.
  • Define best practices and enforce coding, configuration, and operational standards.

• Identity Lifecycle Management
  • Design and maintain workflows for user provisioning, de-provisioning, and access reviews.
  • Implement role-based access control (RBAC) and attribute-based access control (ABAC) models.

• Integration & Automation
  • Develop connectors and integrations between Saviynt/CyberArk and applications (on-prem and cloud).
  • Automate identity processes using APIs, scripts, and Saviynt/CyberArk capabilities.

• Security & Compliance
  • Ensure adherence to regulatory requirements (e.g., SOX, GDPR).
  • Conduct periodic access certifications and audits.
  • Implement controls for privileged access management.

• Incident & Problem Management
  • Troubleshoot and resolve platform issues.
  • Perform root cause analysis and implement preventive measures.

• Continuous Improvement
  • Stay updated on Saviynt and CyberArk product roadmap and IDAM industry trends.
  • Drive innovation and recommend enhancements to improve efficiency and security.
• Performing other security-related duties as requested

Skills You Bring:

• Strong hands-on experience with Saviynt IGA platform (configuration, workflows, connectors)
• Strong experience with PAM solution CyberArk
• Knowledge of directory services (Active Directory, LDAP), SSO, and federation protocols (SAML, OAuth, OIDC).
• Familiarity with APIs, REST, and scripting languages (PowerShell, Python).
• Proven ability to lead technical teams and manage complex projects.
• Strong problem-solving and analytical skills with minimal supervision and escalate issues as appropriate
• Excellent communication skills for collaboration with stakeholders and vendors.
• Working with an international team and stakeholders (USA, India, Germany, …)

Requirements

• 5+ years in IAM engineering roles, with at least 2 years focused on Saviynt.
• 2+ years in PAM solutions – focused on CyberArk
• Experience in large-scale enterprise environments.
• Demonstrated understanding of risk and compliance frameworks
• Excellent documentation, written and communication skills
• Must be a detail-oriented, well-organized, self-starter able to work in a dynamic environment with the ability to perform multiple tasks
• Highly motivated individual with the ability to self-start, prioritize, and multi-task

Preferred Requirements:

• Certification in Saviynt, CyberArk
• Scripting and/or programming skills in technologies, such as PowerShell, SQL, Python, and JSON
• Strong interpersonal and communication skills and the ability to collaborate and work effectively with a wide range of cross-functional teams, vendors, and time zones
• Experience with REST protocols
• Familiarity with standards for SSO technologies such as SAML2, OAuth2
• Must be a team player
• Demonstrated ability to learn new IT and security concepts and technologies quickly

Physical Demands and Working Conditions:

• Perform activities such as sitting, standing, or typing for extended periods of time
• Regularly requires good manual dexterity and coordination
• Must be able to communicate information and ideas so others will understand
• Must be able to exchange accurate information
• The ability to observe documents and details at close range (within a few feet of the observer)
• Operates in a professional office environment
• Constantly operates a computer and other office productivity machinery
• Noise level in the work environment is usually average

This position is onsite and must be within commutable distance to our location in Andover, MA. Relocation benefits are not available for this position.

We are interested in a qualified candidates eligible to work in the United States and will not be sponsoring work visas for this position, at this time. 

MKS is an equal opportunity employer, including disability, veteran status and all categories protected by law. Please review our EOE statements for additional details. MKS is generally only hiring candidates who reside in states where we are registered to do business.

Compensation and Benefits:

• Salary Pay Range: $ 71,000 - $118,000 per year. This range is a good faith estimate of the expected salary range for this position, based on a wide range of factors including qualifications, experience and training, operational and business needs and other considerations permitted by law. 

• Bonus: This position is eligible for a discretionary annual bonus, in an amount to be determined by MKS [or as applicable].

• Benefits: MKS offers a comprehensive benefits package, including health insurance coverage (medical, dental and vision), 401(k) with company match, life and disability insurance, 12 paid holidays, sick time, 15 paid vacation days, [6 weeks fully paid] parental leave, adoption assistance and tuition reimbursement [and for participation in any stock programs, signing bonus, etc.

#LI-MH1

Globally, our policy is to recruit individuals from wide and diverse backgrounds. However, certain positions require access to controlled goods and technologies subject to the International Traffic in Arms Regulations (ITAR) or Export Administration Regulations (EAR). Applicants for these positions may need to be “U.S. persons.” “U.S. persons” are generally defined as U.S. citizens, noncitizen nationals, lawful permanent residents (or, green card holders), individuals granted asylum, and individuals admitted as refugees.

MKS Inc. and its affiliates and subsidiaries (“MKS”) is an affirmative action and equal opportunity employer: diverse candidates are encouraged to apply. We win as a team and are committed to recruiting and hiring qualified applicants regardless of race, color, national origin, sex (including pregnancy and pregnancy-related conditions), religion, age, ancestry, physical or mental disability or handicap, marital status, membership in the uniformed services, veteran status, sexual orientation, gender identity or expression, genetic information, or any other category protected by applicable law. Hiring decisions are based on merit, qualifications and business needs. We conduct background checks and drug screens, in accordance with applicable law and company policies.  MKS is generally only hiring candidates who reside in states where we are registered to do business.

It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.

MKS is committed to working with and providing reasonable accommodations to qualified individuals with disabilities. If you need a reasonable accommodation during the application or interview process due to a disability, please contact us at: accommodationsatMKS@mksinst.com .

If applying for a specific job, please include the requisition number (ex: RXXXX), the title and location of the role