Beyond trust SME - PAM Platform Engineer

Overview

On Site
Hybrid
Depends on Experience
Contract - Independent
Contract - W2
Contract - 12 Month(s)

Skills

BeyondTrust
SME
PAM
Platform

Job Details

Job Title

SME Privileged Access Management (PAM) Platform Engineer

Role Summary

We are seeking an SME PAM Platform Engineer to own the design, engineering, and operational excellence of our Privileged Access Management platforms. This role serves as the technical authority for PAM architecture, integrations, and security controls, ensuring privileged access is tightly governed, auditable, and aligned with Zero Trust principles.

Key Responsibilities

PAM Platform Engineering & Architecture

  • Act as Subject Matter Expert (SME) for PAM platforms (e.g., CyberArk, BeyondTrust, Delinea, HashiCorp Vault)

  • Design, implement, and maintain PAM architecture across on-prem, cloud, and hybrid environments

  • Engineer secure credential vaulting, rotation, session management, and just-in-time access

  • Define PAM standards, reference architectures, and engineering best practices

Platform Operations & Automation

  • Lead PAM onboarding for servers, databases, applications, network devices, and cloud workloads

  • Develop automation for account discovery, credential rotation, and access provisioning

  • Integrate PAM with IAM, SSO, MFA, ITSM, and CI/CD pipelines

  • Optimize platform performance, scalability, and availability

Security, Risk & Compliance

  • Enforce least privilege and privileged access policies

  • Support audits and compliance requirements (SOX, ISO 27001, SOC 2, NIST, PCI DSS)

  • Perform periodic access reviews and platform health assessments

  • Investigate PAM-related security incidents and lead remediation efforts

Cloud & DevOps Integration

  • Secure privileged access for cloud-native and DevOps environments

  • Implement PAM for Kubernetes, containers, APIs, and service accounts

  • Integrate secrets management into DevOps workflows

  • Enable passwordless and ephemeral credential strategies where applicable

Leadership & Stakeholder Engagement

  • Serve as trusted advisor to security, infrastructure, cloud, and application teams

  • Mentor PAM engineers and operational staff

  • Partner with architects and leadership on PAM roadmap and strategy

  • Provide clear guidance on risk, controls, and technical solutions

Required Qualifications

  • 7+ years of experience in IAM / PAM / Security Engineering

  • 4+ years of hands-on PAM platform engineering experience

  • Deep expertise with one or more PAM tools:

    • CyberArk (EPM, PAS, PSM, PTA)

    • BeyondTrust

    • Delinea (Thycotic)

    • HashiCorp Vault

  • Strong understanding of:

    • Privileged access models and Zero Trust

    • Identity lifecycle management

    • Linux, Windows, and Active Directory

  • Experience with scripting and automation (PowerShell, Python, Bash)

Preferred Qualifications

  • Cloud experience (AWS, Azure, Google Cloud Platform) PAM integrations

  • DevOps and CI/CD security experience

  • IAM and MFA platforms (Azure AD, Okta, Ping)

  • Security certifications (CISSP, CCSP, CyberArk Defender/Sentry)

  • Experience in regulated enterprise environments

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.