Privileged Access Management (PAM) Engineer

JOB DESCRIPTION

We re looking for an experienced PAM Engineer to strengthen our cybersecurity posture by securing privileged identities across Active Directory, Entra ID, Linux, and multi-cloud environments (Azure, AWS, Google Cloud Platform). You ll design, implement, and maintain advanced PAM and endpoint privilege controls that enforce least privilege, just-in-time (JIT) access, and Zero Trust principles.

Key Responsibilities

Privileged Identity Security

• Manage and enhance corporate vaulting solutions for privileged credentials (AD, Entra, Linux, Azure, AWS, Google Cloud Platform).
• Automate credential rotation and enforce time-bound, approval-based admin access.
• Reduce standing privileges through JIT and least-privilege policies.

Endpoint Privilege Management

• Deploy least-privilege policies across Windows, Linux, and macOS.
• Replace local admin rights with controlled privilege elevation workflows.
• Implement application control and privilege granularity to mitigate malware and insider threats.

Identity Hardening & Hygiene

• Drive local admin cleanup initiatives and enforce removal of unauthorized rights.
• Monitor and remediate stale accounts, over-privileged roles, and risky configurations.
• Implement Identity Threat Detection & Response (ITDR) capabilities.

Security Architecture & Standards

• Support Zero Trust initiatives and align PAM controls with NIST 800-63B and enterprise policies.
• Promote MFA, SSO, and passwordless authentication for privileged users.

Cloud Identity & Access

• Manage privileged roles and accounts in Entra ID (Azure AD), AWS IAM, and Google Cloud Platform IAM.
• Design and enforce least-privilege models for workloads, service accounts, and keys.
• Integrate cloud identities with PAM tools (vaulting, session recording, approval workflows).

Identity Lifecycle Management

• Work with IGA teams to automate provisioning, deprovisioning, and recertification of privileged accounts.
• Ensure all privileges have clear business justification and ownership.

Documentation & Governance

• Maintain architecture diagrams, runbooks, and operational procedures.
• Generate audit and compliance reports demonstrating control effectiveness.
• Collaborate with audit, risk, and compliance teams to meet regulatory standards.

Required Qualifications

• 3 5+ years in PAM, IAM, or Security Engineering roles.
• Deep technical knowledge of AD, Entra ID, Linux, and at least one major cloud (Azure, AWS, or Google Cloud Platform).
• Proficiency in vaulting, endpoint privilege management, and least-privilege enforcement.
• Strong scripting skills (PowerShell, Python, Bash, Terraform).
• Familiar with Zero Trust, NIST frameworks, ITDR, and cloud security standards (CIS, CSA).
• Excellent communication and documentation skills.

Preferred Qualifications

• Experience managing privileged access in multi-cloud environments.
• Expertise in Entra ID PIM, AWS IAM policies, or Google Cloud Platform IAM roles.
• Integration of PAM with CI/CD pipelines or ITSM workflows.
• Certifications such as CISSP, CISM, CCSP, Azure Security Engineer, AWS Security Specialty, GIAC, or SailPoint.