PAM Engineering

Job Overview

Key Responsibilities

• Design, deploy, and maintain PAM architectures and components (vaults, session brokers, credential rotation, connectors)
• Administer and configure enterprise PAM platforms (e.g., CyberArk, Beyond Trust, Thycotic, or equivalent)
• Implement and enforce least-privilege access models, role-based access controls (RBAC), and just-in-time (JIT) access workflows
• Manage privileged credential lifecycle: onboarding, rotation, vaulting, and decommissioning
• Monitor privileged sessions, capture recordings, and perform periodic reviews and audits of privileged activity
• Integrate PAM with identity providers, SIEM, ITSM, and endpoint solutions to enable centralized logging, alerting, and incident response
• Develop and maintain ITPs, runbooks, standard operating procedures, and implementation/migration plans for PAM-related activities
• Conduct vulnerability assessments, perform risk analysis for privileged access, and recommend compensating controls
• Support security compliance and audit requests by providing evidence, reports, and remediation activities aligned with NCA ECC/CCC, PDPL, or equivalent frameworks
• Provide technical guidance, training, and knowledge transfer to operations, SOC, and application teams on PAM best practices
• Investigate privileged access incidents and collaborate with incident response to contain and remediate breaches involving privileged credentials

Required Skills and Qualifications

• Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, Computer Engineering, or a related field
• **Minimum 4-8 years of hands-on experience** implementing or administrating PAM or related privileged account controls
• Hands-on experience with commercial PAM products (CyberArk, BeyondTrust, Thycotic/Delinea, Centrify) or open-source equivalents
• Strong understanding of identity and access management concepts including RBAC, MFA, SSO, JIT, and delegation patterns
• Experience integrating PAM with Active Directory/LDAP, SSO providers, SIEM, ITSM, and orchestration tools
• Familiarity with logging, monitoring, and analytics for privileged sessions; ability to produce audit-ready reports
• Knowledge of relevant regulatory frameworks and standards (NCA ECC/CCC, PDPL, ISO 27001, NIST) and ability to map PAM controls to compliance requirements
• Strong scripting and automation skills (PowerShell, Python, REST APIs) to support integrations and operational tasks
• Excellent documentation, communication, and stakeholder coordination skills
• Professional certifications such as CyberArk Trustee/Administrator, CISSP, CISM, or equivalent are desirable

Additional Skills

• 1. Hands-on experience with BeyondTrust PAM
• 2.
• Strong knowledge of Active Directory & Identity Management
• 3.

Experience

Experience

Preferred Qualifications

• Experience working within energy, utilities, or critical infrastructure environments and familiarity with OT/ICS considerations
• Familiarity with cloud PAM concepts and SaaS/Cloud connector implementations on AWS, Azure, or GCP
• Experience supporting large-scale PAM rollouts, migrations, and change management activities

Behavioral Competencies

• Collaborative and customer-focused with the ability to work across technical and non-technical teams
• Analytical thinker with strong problem-solving and troubleshooting capabilities
• Detail-oriented, organized, and committed to maintaining high-quality documentation
• Ability to manage multiple priorities and work effectively in fast-paced environments

Location & Reporting

Location