Senior Staff Engineer, PAM and AD

Join a Challenger

Being a traditional bank just isn’t our thing. We are big believers in innovating the banking experience because we believe Canadians deserve better options, and we challenge ourselves and our teams to creatively transform what’s possible in banking. Our team is made up of inquisitive and agile minds that find smarter ways of doing things. If you’re not afraid of taking on big challenges and redefining the future, you belong with us. You’ll get to work with people who will encourage you to reach new heights. We like to keep things fun, ask questions and learn together.

We are a big (and growing!) family. Overall we serve more than 670,000 people across Canada through Equitable Bank, Canada's Challenger Bank™, and have been around for more than 50 years. Equitable Bank's wholly-owned subsidiary, Concentra Bank, supports credit unions across Canada that serve more than six million members. Together we have over $125 billion in combined assets under management and administration, with a clear mandate to drive change in Canadian banking to enrich people's lives. Our customers have named our EQ Bank digital platform (eqbank.ca) one of the top banks in Canada on the Forbes World's Best Banks list since 2021. 

The Work

This position is a senior-level role requiring at least 10 years of work experience. The Privileged Access Management (PAM) Engineer is responsible for designing, implementing, and administering EQ Bank’s PAM solutions, with a primary focus on integrating PAM capabilities with Active Directory (AD) and Microsoft Entra ID (formerly Azure AD). This role is crucial in securing privileged accounts, implementing least-privilege access, and enhancing the organization’s security posture across hybrid environments. Additionally, the PAM Engineer will mentor intermediate and junior staff, helping them become more knowledgeable and effective in their roles.

The Core Responsibilities!

• Design, implement, and manage PAM solutions to secure privileged accounts across on-premises and cloud environments.
• Integrate PAM systems with AD, Entra ID, and other identity sources for seamless authentication and access management.
• Develop and enforce least-privilege access policies and ensure proper segregation of duties. 
• Configure and manage privileged access workflows for user provisioning, deprovisioning, and access requests.
• Monitor and audit privileged sessions to detect and respond to unauthorized access attempts.
• Collaborate with cybersecurity teams to align PAM practices with the organization’s overall security strategy.
• Conduct regular health checks and maintenance of PAM systems to ensure high availability and performance.
• Implement and maintain Multi-Factor Authentication (MFA) policies for privileged accounts.
• Develop and maintain detailed documentation for PAM processes, configurations, and policies.
• Work with the IT team to ensure secure remote access for privileged users.
• Lead PAM-related projects, including upgrades, migrations, and integration with other security tools.

Let's Talk About!

• Minimum of 10 years of experience in an IT support and/or engineering role for corporate applications.
• Strong knowledge of Privileged Access Management (PAM) solutions, such as Hashicorp’s Vault/Boundary, CyberArk or BeyondTrust.
• Deep understanding of Active Directory and Microsoft Entra ID, including hybrid identity integration.
• Familiarity with Multi-Factor Authentication (MFA) and conditional access policies for privileged accounts.
• Proficiency in scripting languages, such as PowerShell and/or Power Automate for automating PAM tasks and integrations.
• Knowledge of identity governance principles, including least privilege and Role-Based Access Control (RBAC).
• Experience with PAM-related protocols and technologies, such as RDP, SSH, and VPN.
• Ability to educate and influence non-technical stakeholders on PAM best practices.
• High attention to detail and ability to adhere to strict security protocols.
• Ability to work effectively within a team and independently as required.

What we offer [For full-time permanent roles]

💰 Competitive discretionary bonus 

✨ Market leading RRSP match program

🩺  Medical, dental, vision, life, and disability benefits

📝  Employee Share Purchase Plan

👶🏽 Maternity/Parental top-up while you care for your little one

🏝 Generous vacation policy and personal days

🖥  Virtual events to connect with your fellow colleagues

🎓  Annual professional development allowance and a comprehensive Career Development program

💛  A fulfilling opportunity to join one of the top FinTechs and help create a new kind of banking experience

Equitable Bank is deeply committed to inclusion. Our organization is stronger and our employees thrive when we honour and celebrate everyone’s diverse experiences and perspectives. In tandem with that commitment, we support and encourage our staff to grow not just in their career path, but personally as well. 

We commit to providing a barrier-free recruitment process and work environment for all applicants. Please let us know of any accommodations needed so that you can bring your best self to the application process and beyond. All candidates considered for hire must successfully pass a criminal background check and credit check to qualify for hire. While we appreciate your interest in applying, an Equitable recruiter will only contact leading candidates whose skills and qualifications closely match the requirements of the position.

We can’t wait to get to know you!