- Company Name
- GuidePoint Security
- Job Title
- Privileged Access Management (PAM) Engineer (Remote in the US)
- Job Description
-
Job title: Privileged Access Management (PAM) Engineer
Role Summary: Design, deploy, and optimize enterprise PAM solutions, focusing on Delinea Secret Server and CyberArk Privileged Cloud. Administer privileged accounts, credentials, and session controls while integrating with identity, IAM, and DevOps systems to enforce least‑privilege and zero‑trust principles.
Expactations:
- Deploy and manage Delinea Secret Server (on‑prem and cloud) and CyberArk Privileged Cloud environments.
- Govern privileged, shared, and service accounts, ensuring proper onboarding, lifecycle management, and automation.
- Implement and oversee password rotation, session monitoring, recording, and behavioral alerts.
- Build and maintain modern PAM capabilities such as JIT, EPIC (ephemeral credentials), secrets‑management APIs, and cloud‑native privileged access.
- Integrate PAM with AD/LDAP, Azure AD, SSO/IDP, SIEM, MFA, ticketing, and AWS/Azure/GCP infrastructures.
- Create automation scripts (PowerShell, Python, REST APIs) for onboarding, rotation, and monitoring.
- Collaborate with security, infra, devops, and application teams to sustain advanced PAM controls.
Key Responsibilities:
- Configure, deploy, and support Delinea Secret Server and CyberArk Privileged‑Cloud deployments.
- Perform vaulting, onboarding, and lifecycle governance for privileged, shared, and service accounts.
- Maintain password rotation policies, session management, and access workflows.
- Deploy and monitor privileged sessions, capture recordings, and generate behavioral alerts.
- Enforce least‑privilege and zero‑trust across all privileged identities.
- Enable modern PAM features: JIT elevation, dynamic credentials, secrets‑management API integrations, and cloud‑native privileged access.
- Conduct credential discovery, scanning, and risk classification.
- Integrate PAM with Azure AD, LDAP, SSO/IDP, SIEM, MFA, ticketing systems, and cloud services.
- Onboard new systems, servers, applications, databases, and network devices to Delinea and CyberArk.
- Develop and maintain automation for onboarding, rotation, and monitoring via PowerShell, Python, or REST APIs.
Required Skills:
- 3–5+ years of PAM engineering or consulting experience.
- Hands‑on expertise with Delinea Secret Server (on‑prem or cloud) – password rotation, connectors, RBAC, auditing.
- Experience deploying CyberArk Privileged Cloud (or CorePAS).
- Strong understanding of privileged account governance, rotation, service‑account automation, and session management.
- Proficient with Windows/Linux server administration and Active Directory.
- Scripting skills in PowerShell and/or Python; familiarity with REST APIs.
- Knowledge of security frameworks, access‑control principles, least‑privilege, and zero‑trust.
Required Education & Certifications:
- Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent work experience).
- Relevant certifications: Delinea Certified Engineer, CyberArk Defender / CyberArk Sentry / Guardian, CISSP, CISM, Security+, CCSP, or similar.
- Preferred experience: IT professional‑services consulting, modern PAM capabilities (ephemeral access, credential‑less access, cloud secrets management), DevOps pipeline integration (Jenkins, GitHub, Azure DevOps, GitLab), cloud security for AWS/Azure/GCP, NHIM/Machine Identity Governance tools.