IAM Engineer
GBS Chevron Global Business Services (GBS), located in Buenos Aires (Puerto Madero), Argentina, is accepting applications for the position of IAM Engineer. Successful candidates will join the IT Organization, which is part of a multifunction service and technical center with a workforce of more than 1800 employees that deliver business services and solutions to the corporation across the globe.
The IAM Engineer will be responsible for designing, engineering, and implementing secure, reliable, and scalable Identity and Access Management (IAM) solutions for Operational Technology (OT) environments. The role will focus on enabling secure access, strengthening identity controls, and supporting OT cybersecurity safeguards while aligning with corporate standards, architecture principles, and operational requirements.
This position requires close collaboration with product teams, architects, cybersecurity specialists, infrastructure teams, network teams, vendors, and business unit stakeholders to ensure IAM solutions are properly designed, integrated, deployed, documented, and supported across on-premises and hybrid OT environments.
The IAM Engineer will play a key role in building secure-by-design IAM capabilities for OT, including Secure Remote Access, Multi-Factor Authentication (MFA), Privileged Access Management (PAM), password management, identity governance, non-human identity controls, Active Directory integration, and automation of operational processes.
Key responsibilities
Design and engineer IAM solutions for OT environments: Develop secure, reliable, and scalable IAM architectures that address OT-specific requirements, including availability, operational continuity, segmentation, compliance, and cyber resilience.
Engineer Secure Remote Access solutions: Design, engineer and enhance secure remote access patterns that enable controlled connectivity from enterprise or external networks into OT environments through approved architectures, secure protocols, MFA, access controls, and segmented network paths. Ensure solutions avoid direct uncontrolled access into critical OT zones.
Apply IAM principles from an IT/OT cybersecurity perspective: Build and enhance IAM capabilities that support Zero Trust principles adapted to OT environments, including least privilege, role-based access control, strong authentication, account ownership, access reviews, and secure-by-design implementation practices.
Support MFA solution design and integration: Evaluate, engineer, and integrate Multi-Factor Authentication capabilities for on-premises, and hybrid use cases, with emphasis on phishing-resistant authentication methods where applicable and practical for OT operations.
Engineer IAM lifecycle and governance capabilities: Design and engineer solutions for user lifecycle management, access provisioning and deprovisioning, access reviews, role and group management, identity governance, and compliance reporting.
Support password management and privileged access controls: Design, engineer and enhance solutions for password management, privileged account management, credential vaulting, shared account governance, service account management, and auditability of credential usage in OT environments.
Integrate IAM solutions with OT infrastructure: Work with Active Directory, Windows/Linux servers, virtualization platforms, databases, certificates, network controls, and related infrastructure components to ensure IAM solutions are integrated securely and reliably.
Contribute to OT network and access design: Apply foundational knowledge of OT network architecture, including zones and conduits, micro-segmentation, firewalls, routers, switches, secure protocols, and DMZ patterns, to support secure IAM and remote access solution designs.
Automate operational and maintenance processes: Use scripting and automation tools such as Ansible, PowerShell, APIs, or similar technologies to automate repeatable IAM administration, deployment, configuration, evidence collection, and run-and-maintain activities.
Create and maintain technical documentation: Develop high-quality documentation in English, including solution designs, implementation guides, operational procedures, end-user guides, troubleshooting documentation, and knowledge articles.
Collaborate with vendors and stakeholders: Work with internal teams, vendors, and implementation partners to validate technical designs, resolve issues, coordinate deployments, and ensure solutions meet business, cybersecurity, and OT operational needs.
Required Qualifications and Experience
Experience designing, engineering, implementing, or supporting IAM, cybersecurity, infrastructure, or enterprise application solutions.
Strong understanding of Identity and Access Management concepts, including authentication, authorization, least privilege, role-based access control, access reviews, user lifecycle management, and account governance.
Working knowledge of OT environments, industrial networks, Process Control Networks, DMZ architectures, or infrastructure supporting critical operations.
Experience with on-premises infrastructure, including Windows Server and/or Linux Server environments.
Knowledge of Active Directory, group management, domain services, authentication protocols, service accounts, privileged accounts, and access control models.
Familiarity with Secure Remote Access concepts, including jump servers, Remote Desktop Services, VPN or gateway-based access, session control, segmentation, and MFA integration.
Knowledge of MFA technologies and modern authentication patterns, including phishing-resistant approaches where applicable.
Understanding of PAM, password management, credential vaulting, and privileged account governance.
Foundational understanding of networking concepts, including firewalls, routing, switching, secure communication protocols, network segmentation, micro-segmentation, and zones and conduits.
Ability to design solutions that balance cybersecurity requirements with OT operational continuity and reliability.
Experience creating technical documentation, procedures, and user-facing guidance in English.
Ability to work collaboratively with technical teams, cybersecurity teams, business stakeholders, and vendors.
Soft Skills
Strong stakeholder and vendor management skills.
Ability to communicate clearly with both technical and non-technical audiences.
Strong analytical and problem-solving skills.
Proactive mindset with the ability to identify risks, gaps, and improvement opportunities.
Team-oriented and collaborative working style.
Adaptable and comfortable working in complex, evolving technical environments.
Strong ownership mindset and ability to drive tasks from design through implementation and support transition.
Ability to produce clear, structured, and professional documentation.
Relocation Options:
Relocation may be considered.
International Considerations:
Expatriate assignments will not be considered
Chevron participates in E-Verify in certain locations as required by law.
Security pay context
Based on 1,667 disclosed Security salaries on RoleSuite, the role pays a median of $142K/year, with most offers between $114K and $180K (10th–90th percentile: $95K–$216K).
See the full Security salary breakdown →