Senior PBAC Engineer

The Senior PBAC Engineer is responsible for architecting, deploying, and operating secure application infrastructure that aligns with business needs. This role focuses on developing scalable and resilient security solutions to support business initiatives.

Req# 1025895901

Responsibilities

• Design and build security solutions with minimal daily oversight
• Develop and implement security architectures and strategies to safeguard information systems and assets
• Ensure technology integration complies with Information Security policies, standards, and business objectives
• Mentor team members and associates in security best practices
• Stay current with security technology trends and related issues
• Develop long-term strategies for supported security systems
• Design and implement PBAC platform components, including a central Policy Decision Point (PDP) with high availability, performance, and scalability
• Integrate distributed Policy Enforcement Points (PEPs) with API gateways, SSO platforms, and target applications
• Coordinate attribute aggregation across identity, risk, device, transaction, location, and other enterprise data sources for policy decisions
• Implement audit and compliance pipelines by streaming PBAC decision logs to SIEM/compliance dashboards and supporting reporting needs
• Support delegated administration workflows and governance models for policy control across business units, IT, risk, and compliance stakeholders

Requirements

• 7+ years of experience with PBAC implementations, including platform onboarding, policy lifecycle management, and integration patterns for policy decisioning and enforcement (PDP/PEP model)
• Experience implementing PBAC across pilot applications and scaling to broader adoption, including policy development and enforcement integration into applications and/or gateways
• Proficiency in JavaScript, Java, or Python
• General knowledge of Active Directory (AD) or other LDAP Directory Services, Intrusion Detection, Security Policies/GPOs, OS hardening, Single Sign-On (SSO), Federation (SAML and/or OIDC), Multi-Factor Authentication (MFA), Certificates/Public Key Infrastructure (PKI), Identity Management concepts, Cloud Technology, and device authentication

We offer

• Extended Healthcare with Prescription Drugs, Dental and Vision, and Healthcare Spending Account (Company Paid)
• Life and AD\&D Insurance (Company Paid)
• Employee Assistance Program (Company Paid)
• Telehealth (Company Paid)
• Short-term Disability (Company Paid)
• Long-Term Disability
• Paid Time Off (including vacation and sick days)
• Registered Retirement Savings Plan (RRSP) with Company match
• Maternity/Parental/Adoption Leave Top-up
• Employee Stock Purchase Program
• Critical Illness Insurance
• Employee Discounts
• Unlimited access to Eurostaffs learning solutions

EPAM is a leading global provider of digital platform engineering and development services. We are committed to having a positive impact on our clients, our employees, and our communities. We embrace a dynamic and inclusive culture. Here you will collaborate with multi-national teams, contribute to a myriad of innovative projects that deliver the most creative and cutting-edge solutions, and have an opportunity to continuously learn and grow. No matter where you are located, you will join a dedicated, creative, and diverse community that will help you discover your fullest potential.

Engineer the Future with a Career at EPAM

This posting includes a base salary range EPAM Canada would reasonably expect to pay the selected candidate. Individual compensation offers within the range are based on a variety of factors, including, but not limited to, experience, credentials, education, training, the demand for the role, skillset, and overall business and local labour market considerations. Most candidates are hired at a salary within the range disclosed. Salary range: CA$137,000-CA$156,000. In addition, the details highlighted in this job posting above are a general description of all other expected benefits and compensation for the position.

EPAM Canada welcomes and encourages applications from candidates with disabilities. Please contact WFA Human Resource CA [email protected] if you have questions in this regard, or if you require an accommodation to complete the application process. Click here to review EPAM’s Accessibility for Ontarians with Disabilities Accessibility Policies and Multi-Year Access.

An artificial intelligence system is software that is developed with one or more techniques that can, for a given set of human-defined objectives, using algorithmic information processing, generate outputs such as content, predictions, recommendations, or decisions with varying levels of autonomy (“AI”). Tasks that humans have traditionally done by thinking and reasoning are increasingly being done by, or with the help of, AI to help create efficiencies.EPAM may use AI during the recruitment process, in connection with collecting or processing your personal data. Some (non-exhaustive) examples of tasks that EPAM may use AI for include conducting initial screening, creating transcripts of interviews, and assessing applications/CVs against defined job description criteria to make suggestions to the individuals evaluating your candidacy.Your personal data and the results of any processing are not shared with AI applications outside of EPAM infrastructure. While EPAM may use AI to help create efficiencies during the recruitment process, EPAM does not use AI to make hiring decisions, which is done by EPAM Talent Acquisition and management.