PAM ARCHITECT — ENGINEER

KEY RESPONSIBILITIES

•        Architect and implement enterprise PAM solutions (CyberArk, BeyondTrust, Delinea)

•        Design vault structures, safe hierarchies, and platform policies to zero-trust standard

•        Onboard privileged accounts: Windows, Unix/Linux, databases, network devices, cloud IAM

•        Integrate PAM with SIEM, ITSM, MFA, and email security platforms

•        Enforce least-privilege, session recording, and just-in-time access workflows

•        Lead PAM roadmap and produce architecture documentation

•        Conduct health checks, capacity planning, and DR testing

REQUIRED QUALIFICATIONS / CERTIFICATIONS

•        5+ years IAM/PAM; 3+ years hands-on CyberArk, BeyondTrust, or Delinea

•        Scripting: PowerShell, Python, or REST API

•        Cloud IAM experience: AWS, Azure, Google Cloud Platform

•        AD/LDAP, Kerberos, PKI knowledge

•        Compliance: SOX, PCI-DSS, NIST, CIS Controls

•        CyberArk Defender or Sentry certification — or willingness to obtain

•        YubiKey / hardware MFA deployment — or willingness to obtain

•        Mimecast or Barracuda email security integration — or willingness to obtain

PAM ARCHITECT — IMPLEMENTATION / PS

KEY RESPONSIBILITIES

•        Lead end-to-end PAM implementations: scoping through go-live and handoff

•        Run discovery workshops to document privileged account inventory and compliance requirements

•        Configure CyberArk, BeyondTrust, or Delinea to client policy requirements

•        Integrate PAM with SIEM, ticketing, MFA, and email security tools

•        Produce solution designs, runbooks, test plans, and training materials

•        Manage project risks and escalate blockers to protect timelines

•        Serve as post-go-live escalation resource

REQUIRED QUALIFICATIONS / CERTIFICATIONS

•        5+ years cybersecurity consulting or PS; 3+ years PAM delivery

•        Hands-on deployment on at least one major PAM platform

•        Strong project ownership across multi-stakeholder engagements

•        Experience integrating PAM with AD, ITSM, SIEM, and MFA

•        CyberArk or BeyondTrust delivery certification — or willingness to obtain

•        YubiKey / hardware MFA integration experience — or willingness to obtain

•        Mimecast or Barracuda integration experience — or willingness to obtain

•        Willingness to travel up to 30%

PAM ARCHITECT — SALES / PRE-SALES SE

KEY RESPONSIBILITIES

•        Partner with AEs to drive technical wins across the enterprise sales cycle

•        Lead technical discovery to surface PAM pain points and compliance gaps

•        Architect and deliver proof-of-concept environments to prospect requirements

•        Present ROI cases and demos to CISOs and IT leadership

•        Respond to RFP/RFI technical sections and security questionnaires

•        Maintain competitive battle cards and objection-handling guides

•        Feed field insights back to product and engineering

REQUIRED QUALIFICATIONS / CERTIFICATIONS

•        5+ years pre-sales/SE; 3+ years cybersecurity (PAM, IAM, or adjacent)

•        Hands-on with CyberArk, BeyondTrust, Delinea, or Saviynt

•        Proven ability to deliver differentiated demos under pressure

•        Comfortable presenting to CISOs, architects, and procurement simultaneously

•        IAM, AD/LDAP, cloud platform, and security operations depth

•        CISSP, Security+, or PAM vendor certification — or willingness to obtain

•        YubiKey / hardware MFA product knowledge — or willingness to obtain

•        Mimecast or Barracuda knowledge for bundled sales motions — or willingness to obtain

PAM ARCHITECT — SUPPORT / TAM

KEY RESPONSIBILITIES

•        Primary escalation point for enterprise PAM customers (CyberArk, BeyondTrust, Delinea)

•        Investigate and resolve complex issues across platform, integrations, and infrastructure

•        Conduct proactive health checks, version assessments, and configuration reviews

•        Facilitate RCA documentation and post-incident reviews

•        Coordinate with engineering and R&D on bugs and enhancement requests

•        TAM: manage strategic accounts and support renewal/expansion alongside CSM/Sales

•        Advise customers on upgrades, migrations, and MFA/email security integrations

REQUIRED QUALIFICATIONS / CERTIFICATIONS

•        5+ years enterprise technical support or CS engineering; 3+ in PAM/IAM

•        Hands-on troubleshooting with one or more major PAM platforms

•        Diagnostic depth: Windows Server, Linux, IIS, SQL Server, networking

•        Ability to manage concurrent escalations under SLA pressure

•        CyberArk Defender or BeyondTrust Certified Administrator — or willingness to obtain

•        YubiKey / hardware MFA troubleshooting — or willingness to obtain

•        Mimecast or Barracuda integration troubleshooting — or willingness to obtain

•        ITIL familiarity and incident management experience