IAM Intern

Overview

At Applied IAM, we treat identity as the control plane for modern security. As an IAM Intern, you'll get direct, hands-on exposure to enterprise Identity and Access Management across real client environments. This isn't a shadow-and-observe role. You'll contribute to active delivery work with a primary focus on Privileged Access Management using CyberArk, build practical IAM skills, and leave with a clear understanding of how privileged access is secured, automated, and monitored at scale. For interns who show strong progress, there is opportunity to extend your scope into adjacent IAM tooling such as SailPoint for identity governance or Keeper Security for enterprise password management.

Core Responsibilities

• Support the IAM engineering team in administering on-premises CyberArk PAM components including the Digital Vault, CPM, PSM, PVWA, and CCP under senior engineer guidance
• Assist with service account and privileged account onboarding tasks including safe creation, platform assignment, permission configuration, and data validation across client environments
• Help build and maintain PowerShell and Python scripts for account onboarding automation, compliance data pulls, and operational reporting tasks
• Participate in CPM platform reviews and assist with troubleshooting credential rotation failures by analyzing logs, reviewing platform settings, and documenting findings
• Support PSM session management tasks including connection component reviews, session log analysis, and documentation of access patterns for client reporting
• Assist with CCP and CP/AIM configurations including AppID setup, safe permission assignments, and basic IIS-level reviews under engineer supervision
• Read and interpret CyberArk Vault logs, PVWA audit trails, and CPM activity logs to support compliance reporting and help identify anomalous privileged access activity
• Contribute to internal runbooks, onboarding guides, and knowledge base articles that standardize common PAM procedures across the team
• Support upgrade validation and pre/post upgrade testing checklists for CyberArk on-premises components
• Assist with generating recurring compliance summaries tracking account rotation status, safe membership, and session activity tied to SOX, PCI-DSS, or NIST requirements

Minimum Qualifications

• Currently pursuing or recently completed a Bachelor's or Master's degree in Computer Science, Cybersecurity, Information Technology, or a closely related field
• An understanding of basic IT infrastructure concepts including networking (TCP/IP, DNS), operating systems (Windows/Linux), and how users and systems authenticate
• An understanding of Active Directory, user accounts, and group-based access at a foundational level
• Comfort reading and interpreting logs (system events, admin actions, audit trails) and documenting what you find clearly
• Basic scripting ability in PowerShell or Python, even if self-taught or coursework-based
• Interest in privileged access management, identity security, and enterprise security architecture
• Clear written communication and comfort collaborating in a structured, client-facing team environment
• Authorization to work in the United States

Preferred Qualifications

• Exposure to CyberArk through coursework, home labs, CyberArk's self-study materials, or personal projects
• Familiarity with PAM concepts such as credential rotation, session recording, least privilege, and service account management
• Basic understanding of REST APIs (HTTP methods, JSON, token-based authentication) and comfort using tools like Postman or cURL
• Awareness of common privileged access attack paths such as credential stuffing, pass-the-hash, and privilege escalation
• Familiarity with SSL/TLS and certificate concepts as they relate to secure system communications
• Basic cloud familiarity (AWS, Azure, or GCP) and willingness to learn how privileged access extends into cloud environments
• Evidence of practical work such as home lab documentation, GitHub scripts, write-ups, or detection experiments
• Comfort using Git/GitHub for version control and team collaboration

Growth Opportunities

Interns who build a strong foundation in CyberArk and demonstrate curiosity across the broader IAM landscape have the opportunity to extend their scope into adjacent tooling. This may include identity governance work using SailPoint IdentityNow or IdentityIQ, or enterprise credential management using Keeper Security. These extensions are driven by your progress, initiative, and client project needs, and serve as a natural bridge toward a full-time Associate IAM Engineer role.

What You’ll Get