Privileged Access Management (PAM) Engineer

About The Position

Requirements

• 2 to 5 years of hands-on experience administering enterprise PAM solutions such as CyberArk.
• Strong understanding of privileged access concepts including: Credential vaulting Session monitoring and recording JIT elevation & PIM Password rotation Tiering/Zero Trust/least privilege
• Expertise with Windows/MacOS/Linux administration, Active Directory/Entra ID, cloud IAM roles (Azure, AWS, GCP), and integration of privileged accounts across these systems.
• Scripting & Automation: Proficiency in PowerShell, APIs, JSON, and automation frameworks. Experience automating password rotation, onboarding workflows, and data collection.
• Soft Skills: Strong analytical abilities and troubleshooting skills for complex privileged access scenarios. Excellent communication skills and ability to translate technical concepts to nontechnical partners. Demonstrated cross-functional collaboration with security, engineering, and operations teams.
• Compliance & Security Knowledge: Familiarity with audits, risk controls, and compliance frameworks (SOX, SOC2, ISO 27001). Experience supporting audit evidence gathering and implementing controls to reduce privileged access risk.

Responsibilities

• Privileged Access Platform Administration Deploy, configure, and maintain the enterprise PAM platform (e.g., CyberArk) including credential vaulting, session management, password rotation, and just In time (JIT) access. Manage platform components such as vault servers, connectors, session recording infrastructure, credential providers, and privileged session gateways. Ensure high availability, performance optimization, and adherence to operational SLAs.
• Privileged Account & Credential Lifecycle Management Onboard and maintain privileged accounts across Windows, Linux, network devices, databases, cloud platforms (Azure, AWS, GCP), and SaaS admin consoles. Implement automated password rotation, check-in/checkout workflows, and lifecycle governance for service accounts, application credentials, and secrets. Maintain least privilege standards, including enforcement of cloud only admin accounts and removal of unnecessary or stale privileged principals.
• JIT Access, PIM/PAM Integration & Access Elevation Administer justintime elevation policies for cloud roles (e.g., Entra PIM) and integrate them with the enterprise PAM strategy. Configure approval workflows, MFA enforcement, activation duration settings, and monitoring for high-risk role activation. Ensure alignment between PIM (role elevation) and PAM (credential vaulting/session control) platforms.
• Security, Compliance & Audit Support Maintain controls required for SOX, SOC2, ISO, and internal/external audit reviews of privileged access activity. Support regular access reviews for privileged accounts and roles, collaborating with managers and system owners. Provide evidence for audits related to privileged access, session logs, credential governance, and administrative workflows.
• Automation, Scripting & Operational Efficiency Develop and maintain automation (e.g., PowerShell, Python, APIs) for onboarding, credential rotation, vault management, and reporting. Build integrations between PAM and enterprise systems such as ServiceNow, SIEM, CMDB, IGA platforms, and cloud identity services. Streamline manual processes and reduce ticket volume through automation and mature workflow design.
• Monitoring & Incident Response Monitor for suspicious privileged behavior, anomalous sign-ins, risky activations, or vault activity using SIEM and platform analytics. Maintain and periodically validate breakglass/emergency access controls across critical systems. Serve as an escalation point for privileged access issues or failures impacting operations.
• Cross Functional Collaboration & Governance Partner with infrastructure, application, cloud, and security teams to enforce standards for privileged access governance. Assist system owners in identifying what constitutes privileged access and mapping roles, entitlements, and required controls. Contribute to PAM roadmap planning, tool evaluations, and ongoing PAM maturity initiatives.