Senior Privileged Access Management Engineer

Zelis•Morristown, NJ

2d•Hybrid

About The Position

At Zelis, we Get Stuff Done. So, let’s get to it! A Little About Us Zelis is modernizing the healthcare financial experience across payers, providers, and healthcare consumers. We serve more than 750 payers, including the top five national health plans, regional health plans, TPAs and millions of healthcare providers and consumers across our platform of solutions. Zelis sees across the system to identify, optimize, and solve problems holistically with technology built by healthcare experts – driving real, measurable results for clients. A Little About You You bring a unique blend of personality and professional expertise to your work, inspiring others with your passion and dedication. Your career is a testament to your diverse experiences, community involvement, and the valuable lessons you've learned along the way. You are more than just your resume; you are a reflection of your achievements, the knowledge you've gained, and the personal interests that shape who you are. Position Overview Leads privileged access management and TLS certificate lifecycle activities for Zelis IT systems Senior Privileged Access Management (PAM) Engineer – Team Lead Overview We are seeking a highly skilled and motivated Senior PAM Engineer – Team Lead to join the Identity and Access Management (IAM) team. This is a hands-on technical leadership role, ideal for someone who thrives in dynamic environments and is passionate about Security, PAM, Automation, and Machine Identity Management. This is a hybrid role with the expectation to go into the office 1 day/week in the Morristown, NJ office This role will focus on CyberArk Privilege Cloud and Venafi TLS certificate management, supporting a hybrid enterprise environment spanning Active Directory, Azure, and AWS.

Requirements

Proven experience implementing and managing CyberArk Privilege Cloud in an enterprise environment, including vaulting, CPM, PSM, and session management.
Hands-on experience with Venafi (or similar certificate lifecycle management platforms) for managing TLS/SSL certificates at scale.
Strong understanding of PAM principles, including least privilege, credential management, session monitoring, JIT access, and privileged threat mitigation.
Experience working in hybrid environments with Active Directory, Azure AD, and AWS IAM.
Proficiency in scripting and automation (e.g., PowerShell, Python) and experience with automation platforms (e.g., Azure Automation, AWS Lambda, CI/CD pipelines).
Familiarity with authentication and authorization mechanisms, including Kerberos, LDAP, SAML, OAuth, OpenID Connect, and secrets/token-based authentication.
Experience integrating PAM solutions with enterprise systems using REST APIs, secure authentication methods, and service accounts.
Strong understanding of TLS/SSL, PKI concepts, certificate authorities, and cryptographic standards.
Excellent communication and collaboration skills, with the ability to work across technical and business teams.
Ability to lead technical initiatives and deliver results without direct managerial authority.

Nice To Haves

CyberArk certifications (e.g., CyberArk Defender, Sentry, or Guardian).
Experience with DevOps and secrets management tools (e.g., HashiCorp Vault, Kubernetes secrets, Azure Key Vault, AWS Secrets Manager).
Familiarity with compliance and regulatory frameworks (e.g., SOX, HIPAA, PCI-DSS, NIST).
Experience with cloud-native PAM capabilities (e.g., Azure Privileged Identity Management (PIM), AWS IAM Access Analyzer).
Knowledge of containerized and microservices environments and their impact on privileged access and certificate management.

Responsibilities

Manage and enhance privileged access lifecycle capabilities using CyberArk Privilege Cloud, including credential vaulting, session management, privileged session monitoring, and Just-in-Time (JIT) access.
Design and implement PAM solutions aligned with organizational security standards, including least privilege enforcement, credential rotation, session isolation, and privileged access workflows across enterprise systems.
Lead engineering initiatives to integrate PAM controls across infrastructure and applications, including Active Directory, Azure AD, AWS IAM, and cloud-native services.
Develop and maintain machine identity management solutions using Venafi, including TLS certificate lifecycle management, automation of certificate issuance/renewal, and integration with enterprise platforms and DevOps pipelines.
Architect and implement automation frameworks and accelerators to streamline PAM and certificate management processes, improving scalability, auditability, and operational efficiency.
Analyze and troubleshoot PAM and certificate management system issues, conducting root cause analysis and implementing durable solutions to improve system reliability and security posture.
Collaborate with infrastructure, security, DevOps, and application teams to onboard systems into CyberArk and Venafi, ensuring consistent enforcement of privileged access and certificate policies.
Monitor PAM and machine identity platforms to ensure performance, availability, and compliance with organizational policies and SOPs.
Lead response efforts for critical incidents involving privileged accounts or certificate outages.
Provide technical leadership and mentorship to junior engineers, promoting best practices in PAM, automation, and secure design.
Drive continuous improvement by researching emerging PAM and machine identity trends, including secrets management, workload identity, and cloud-native privilege models.
Develop and maintain documentation including architecture diagrams, onboarding guides, SOPs, and knowledge base articles for PAM and certificate management operations.

Benefits

flexible paid time off
holidays
parental leaves
life and disability insurance
health benefits including medical, dental, vision, and prescription drug coverage

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume