Experience: 12+ Years
Primary Responsibilities
Administer and support BeyondTrust Password Safe (PWS) including managed accounts, managed systems, smart rules, password rotation, discovery scans, and approval workflows.
Manage service accounts, functional accounts, local administrator credentials, and application secrets with enforced complexity, rotation, and dual control.
Configure BeyondTrust Privileged Remote Access (PRA) for secure privileged sessions including jump clients, jump points, protocol tunneling (RDP, SSH, HTTPS), and session recording.
Integrate Password Safe with PRA for automated credential injection and session governance.
Administer HashiCorp Vault for centralized secrets management, dynamic credentials, encryption services, policies, and authentication methods.
Integrate Vault with Kubernetes for dynamic secrets injection, Kubernetes auth method, and secure pod-to-secret access.
Implement auditing, reporting, alerting, and SIEM integrations for all privileged activities across PAM, Vault, and Kubernetes environments.
Troubleshoot PAM and Vault issues including password rotation failures, access issues, session problems, credential sync errors, and Kubernetes secret access issues.
Develop automation using PowerShell and Python, leveraging REST APIs for onboarding, provisioning, reporting, and access workflows.
Enforce least privilege and zero-trust principles and support enterprise security audits (SOX, PCI-DSS, HIPAA, ISO 27001, NIST).
Mandatory Skills & Required Experience
BeyondTrust Password Safe (PWS)
2+ years of hands-on administration experience
Strong knowledge of managed systems, managed accounts, smart rules, and discovery scans
Experience with password rotation policies, approvals, dual control, and reporting
Hands-on experience with Password Safe REST APIs
Integration experience with BeyondTrust PRA
BeyondTrust Privileged Remote Access (PRA / Bomgar)
2+ years of hands-on PRA administration
Experience with jump clients, jump points, credential injection, and protocol tunneling (RDP, SSH, HTTPS)
Session recording, command logging, and role-based access configuration
Experience with PRA high availability and external authentication (LDAP / SAML)
HashiCorp Vault
2+ years experience administering Vault
Experience with secrets engines (KV, database, cloud), authentication methods, and policies
Strong knowledge of dynamic secrets, lease management, and Vault HA/DR
Hands-on experience integrating Vault with Kubernetes authentication and secrets injection
Kubernetes (Secondary Skill)
Hands-on experience securing Kubernetes clusters with Vault and PAM solutions
Experience with Kubernetes authentication method in Vault, service accounts, and RBAC
Implementing secure secrets delivery to pods (sidecar injector, CSI driver, or env-based injection)
Understanding of Kubernetes security best practices related to privileged access and secrets management
Automation & Scripting
Strong PowerShell scripting experience (REST APIs, JSON, automation workflows)
Working Python experience for integrations and automation
Experience with Git and API-driven integrations
Security & Compliance
Strong understanding of PAM security concepts, least privilege, and privileged threat vectors
Experience supporting audits and maintaining compliance evidence
Ability to monitor, analyze, and respond to privileged access security events
Nice-to-Have (Optional)
Cloud platforms: Azure / AWS / Google Cloud Platform
MFA integrations: Duo, Okta, Microsoft Entra ID (Azure AD)
SIEM platforms (Splunk, Sentinel, QRadar)
Never miss an opportunity! Create an alert based on the job you applied for.
