Privileged Access Management (PAM) Platform Sr Engineer

Title : Privileged Access Management (PAM) Platform Engineer
Location: Seattle, WA 98101
Duration: 6 Months
36256259
Mon-Fri - 9-5 | Mon-Wed in office (flexible)
4+ years of experience
Hybrid - Seattle Required. Not open to remote
Looking to potentially convert to full time employee.

Job Description
As a PAM Platform Engineer on Client Identity & Access Management team, you'll be a key technical specialist responsible for designing, implementing, and maintaining our enterprise-wide Privileged Access Management infrastructure. You'll lead the rollout and ongoing management of our privileged access solutions, including password management, endpoint privilege management, and session management capabilities across our retail technology ecosystem.
Join our cybersecurity team to drive enterprise-level PAM adoption while maintaining Client commitment to innovation, security excellence, and work-life balance.

A day in the life...

• PAM Platform Leadership: Serve as the primary technical expert for privileged access management solutions, including architecture, deployment, configuration, and optimization of password vaults and endpoint privilege management systems
• Enterprise PAM Implementation: Design and execute large-scale PAM deployments across Windows, macOS, and Linux environments, ensuring seamless integration with existing infrastructure
• Policy Development & Management: Create and maintain privilege elevation policies, credential rotation schedules, access request workflows, and governance rules aligned with security and compliance requirements
• Integration & Automation: Integrate PAM solutions with ITSM platforms, SIEM tools, vulnerability scanners, directory services, and other security infrastructure to create comprehensive privileged access workflows
• Troubleshooting & Support: Provide expert-level technical support for PAM platform issues, performance optimization, privileged account onboarding, and user access requests
• Security & Compliance: Ensure PAM implementations meet PCI DSS, and other requirements through proper audit trails, session recording and monitoring, and privileged account governance
• Documentation & Training: Develop technical documentation, procedures, and training materials for internal teams and end users
• Continuous Improvement: Monitor platform performance, evaluate new features, and implement best practices to enhance security posture and operational efficiency

You own this if you have...

Required Qualifications:

• 4-6+ years of hands-on experience implementing and managing enterprise PAM platforms such as CyberArk, BeyondTrust, Delinea (Thycotic) in large-scale environments
• Vendor certifications in one or more major PAM platforms (CyberArk Certified Delivery Engineer, BeyondTrust Certified Implementation Engineer, Delinea certified professional, etc.) preferred
• Deep expertise in privileged account discovery, credential management, password rotation, session management, and access request workflows using enterprise PAM solutions
• Strong understanding of Windows Server administration, Active Directory, Group Policy, and PowerShell scripting
• Experience with Linux/Unix system administration and shell scripting for cross-platform PAM deployments
• Knowledge of networking fundamentals including protocols, ports, certificates, load balancing, and security hardening
• Experience with cloud platforms (AWS, Azure) and containerization technologies (Docker, Kubernetes)
• Understanding of identity and access protocols (SAML, OIDC, OAuth, SCIM, LDAP) and their integration with PAM solutions

Preferred Qualifications:

• Experience with multiple PAM vendors and platform migration/integration projects
• Knowledge of DevOps practices, CI/CD pipelines, and Infrastructure as Code (Terraform, Ansible)
• Familiarity with ITSM integration (ServiceNow, Jira) for ticket-driven privileged access workflows
• Experience with SIEM integration and security monitoring platforms (Splunk, QRadar, etc.)
• Understanding of zero trust architecture and least privilege access principles
• Experience with secrets management platforms (HashiCorp Vault, AWS Secrets Manager, Azure Key Vault)
• Previous experience in retail technology environments or large-scale enterprise deployments
• Industry certifications such as CISSP, CISM, or relevant cloud security certifications

Technical Skills:

• PAM Platforms: Experience with major vendors (CyberArk Privileged Access Security, BeyondTrust Password Safe/EPM, Delinea Secret Server/Privilege Manager, Ping Identity PingOne Protect)
• Operating Systems: Windows Server (2016/2019/2022), Windows 10/11, macOS, RHEL, Ubuntu, SUSE
• Databases: SQL Server, MySQL, PostgreSQL, Oracle for PAM backend configuration
• Virtualization: VMware vSphere, Hyper-V, cloud-based virtual machines
• Scripting: PowerShell, Bash, Python for automation and integration tasks
• Security Tools: Integration experience with vulnerability scanners, endpoint detection tools, and identity governance platforms