[Remote] Business Analyst - Policy-Based Access Control (PBAC) / Identity & Access Management (IAM)

Note: The job is a remote job and is open to candidates in USA. EPAM Systems is seeking an experienced Business Analyst to help translate business needs into scalable security solutions, ensuring alignment between stakeholders and engineering teams. The ideal candidate will have strong analytical skills and deep knowledge of IAM concepts and policy-driven access models.

Responsibilities

• Be self-driven with minimal daily oversight; gather, analyze, and document business and functional requirements
• Collaborate with business stakeholders, security architects, and engineering teams to define PBAC use cases and access control models
• Translate business requirements into policy definitions, decision flows, and acceptance criteria for implementation teams
• Facilitate workshops to identify access scenarios across workforce and customer-facing applications, including edge cases and regulatory needs
• Define and document attributes required for PBAC decisioning, including identity, role, device, transaction, risk, and contextual data elements
• Work with engineering teams to ensure proper integration points for Policy Decision Point (PDP) and Policy Enforcement Points (PEP) are well understood and implemented
• Support development and validation of policy rules (both graphical and code-based representations where applicable)
• Document end-to-end workflows, including policy lifecycle, exception handling, and audit requirements
• Partner with compliance and risk teams to ensure policies meet regulatory and audit expectations, including traceability and reporting
• Support user acceptance testing (UAT) by defining test scenarios, validating outcomes, and ensuring alignment with business intent
• Maintain clear and structured documentation including BRDs, FRDs, process flows, and decision matrices

Skills

• 5–8+ years of experience as a Business Analyst in the IAM/Security domain
• Strong experience with PBAC, ABAC, or IAM implementations, including requirement gathering for policy-based access control models
• Proficiency in documentation and analysis tools (e.g., Confluence, JIRA, Visio, Lucidchart)
• Strong understanding of IAM concepts including SSO, Federation (SAML/OIDC), MFA, Directory Services, and access governance
• Ability to work effectively with cross-functional teams including security, engineering, product, and compliance
• Excellent communication and stakeholder management skills

Company Overview

Company H1B Sponsorship