Engineer - Identity Management

About Grab and Our Workplace

Grab is Southeast Asia's leading superapp. From getting your favourite meals delivered to helping you manage your finances and getting around town hassle-free, we've got your back with everything. In Grab, purpose gives us joy and habits build excellence, while harnessing the power of Technology and AI to deliver the mission of driving Southeast Asia forward by economically empowering everyone, with heart, hunger, honour, and humility.

Life at Grab

At Grab, The Grab Way guides every Grabber, spelling out our mission, how we believe we can achieve it, and our operating principles - the 4Hs: Heart, Hunger, Honour and Humility. These principles guide and help us make decisions as we create economic empowerment for the people of Southeast Asia.

 

Get to know the team

Grabber Technology Solutions (GTS) aims to be a technology leader that provides predictive and seamless experiences to all Grab employees (Grabbers). We are a diverse team of technology practitioners looking to out-serve Grabbers with positive, personalised IT experiences. We are looking for individuals with similar customer-centric values to join our growing team

The Identity Management team manages identities and privileged access across Grab's enterprise infrastructure. The team maintains core identity and access solutions, securing Grab's privileged access landscape.

 

Get to know the role

As an Engineer - Identity Management, you'll support Grab's enterprise infrastructure with an emphasis on Identity and Privileged Access Management. The Identity Management team at Grab is committed to overseeing access to Grab's enterprise applications and safeguarding access to important systems and sensitive data. Our mission is "Empowering Grabbers with secure, seamless access to systems and data; simplify productivity and creating time for what matters".

Our responsibilities include ongoing monitoring, auditing, and regular reviews to uphold a access control environment. A mindset geared towards optimisation and automation is necessary , and foster relationships with partners throughout Grab. If you believe you have what it takes, we'd love to hear from you!

You will report to Manager II, Identity Management and will work onsite at our office in Bangalore, India.

 

The Daily Activities

An Engineer - Identity Management at Grab has a range of responsibilities:

 

Privileged Access Management & Engineering

• Implement and operate CyberArk solutions including Privilege Cloud, Secure Web Sessions (SWS), Remote Access, Conjur and Secure Cloud Access.
• Configure safes, platforms, credential rotation, session monitoring and access workflows to enforce least privilege and secure privileged access.
• Onboard applications, infrastructure and cloud environments into CyberArk, ensuring alignment with PAM standards.

 

Integration, Automation & Governance

• Develop automation - scripts or integrations to improve onboarding, credential management and overall PAM efficiency.
• Support audits and compliance by providing access evidence, logs and by ensuring effective operations of controls.
• Identify gaps in privileged access coverage and guide improvements across the environment.

 

Identity Operations

• Manage incidents and service requests related to Identity services, ensuring resolution and minimal disruption to operations.
• Configure and support the CyberArk Privileged Access Management (PAM) platform, ensuring stability, performance, and security.
• Provision and deprovision privileged access following the principles of least privilege, segregation of identities, and separation of responsibilities.
• Guide periodic access reviews for privileged accounts within CyberArk, ensuring ongoing compliance and appropriate access levels.
• Develop custom plugins and integrations within CyberArk to extend functionality and ensure interoperability with other enterprise systems.
• Support audits and forensic investigations by supplying compliance evidence, access logs, and other relevant data.
• Manage ticket queues, develop and track KPIs/KRIs to provide insights, and identify opportunities for operational improvements.
• Maintain documentation, including best practices, technical guides, and standard operating procedures.

Essential Requirements

• 4–6 years of strong hands-on experience in Identity & Access Management (IAM/PAM), with a primary focus on Privileged Access Management.
• Hands-on experience with CyberArk (not just familiarity or exposure), including:• Privilege Cloud
• Secure Web Sessions (SWS)
• Remote Access
• Conjur (Secrets Management)
• 2+ years of experience configuring safes, platforms, policies, credential rotation and session monitoring
• Use CyberArk APIs for plugins, automations and integrations.

• Demonstrated experience implementing, onboarding and operating CyberArk across applications, infrastructure and cloud environments.
• Hands-on experience with a Identity platform such as JumpCloud (preferred), Okta, Azure AD or similar.
• Experience with PAM principles (least privilege, just-in-time access, credential vaulting, session monitoring, segregation of responsibilities).
• Solid foundation in IAM concepts including identity lifecycle management, authentication, authorisation, SSO and access governance.
• Experience working with security, risk and compliance teams, including supporting audits and interactions with auditors.
• Experience automating and troubleshooting using scripting (Python, Bash, PowerShell or similar).
• Experience contributing to IAM/PAM implementations or transformation programmes, from design through execution.
• Proactiveness, and willingness to take responsibility end-to-end.
• Experience working with globally distributed teams, and the ability to explain technical concepts to diverse partners.

 

Desirable Requirements

• Familiarity with Asia-Pacific regulatory requirements, especially Monetary Authority of Singapore (MAS), related to user and access management
• Familiarity with modern identity stores will be an added advantage. This includes knowledge of federation standards like FIDO2, protocols such as SAML and OpenID Connect, and tools. Additionally, understanding of technical and procedural IAM for SaaS solutions will also be beneficial.
• CyberArk Defender, Sentry and Guardian certifications.
• CyberArk Distinguished Engineer (CDE) certification.
• Information Technology Infrastructure Library or other relevant industry certifications.
• Proficiency in information security domains includes risk and control assessments, access controls, and regulatory compliance. Additionally, it encompasses technology resiliency, risk and control governance and metrics, incident management, secure systems development lifecycle, vulnerability management, and data protection.

Life at Grab

We care about your well-being at Grab, here are some of the global benefits we offer:

• We have your back with Term Life Insurance and comprehensive Medical Insurance.
• With GrabFlex, create a benefits package that suits your needs and aspirations.
• Celebrate moments that matter in life with loved ones through Parental and Birthday leave, and give back to your communities through Love-all-Serve-all (LASA) volunteering leave
• We have a confidential Grabber Assistance Programme to guide and uplift you and your loved ones through life's challenges.

 

What we stand for at Grab

We are committed to building an inclusive and equitable workplace that enables diverse Grabbers to grow and perform at their best. As an equal opportunity employer, we consider all candidates fairly and equally regardless of nationality, ethnicity, religion, age, gender identity, sexual orientation, family commitments, physical and mental impairments or disabilities, and other attributes that make them unique.