IAM/PAM Engineer/ W2 Only/ Onsite/ NYC Local

Overview

On Site
$$77/hr on W2
Contract - W2
Contract - Possible exten(s)ion)

Skills

AWS
Active Directory
Linux
PAM
Entra ID
Identity & Access Management
multi-cloud environments (Azure
GCP)
endpoint privilege management
zero-trust security architecture

Job Details

IMPORTANT NOTES (Read Carefully)

  • NO C2C / NO 1099

  • W2 ONLY (Direct Hire through Vendor)

  • LOCAL NYC / Tri-State candidates only

  • Candidate must work onsite first month without exception

Role Overview

We are seeking an experienced Privileged Access Management (PAM) Engineer to strengthen enterprise identity security across Active Directory, Entra ID, Linux, and multi-cloud environments (Azure, AWS, Google Cloud Platform). This role focuses on vaulting, endpoint privilege management, identity hygiene, and zero-trust security architecture.

You will design and enforce least-privilege access, eliminate standing admin rights, and integrate PAM controls across hybrid and cloud platforms.

Key Responsibilities

Privileged Identity Security

  • Administer enterprise PAM vaulting platforms across AD, Entra ID, Linux, Azure, AWS, and Google Cloud Platform

  • Implement credential rotation and vaulting for admins, service accounts, and cloud root accounts

  • Enforce Just-In-Time (JIT), approval-based privileged access

Endpoint Privilege Management

  • Implement least-privilege controls for Windows, Linux, and macOS

  • Replace standing admin access with controlled privilege elevation

  • Apply application control to reduce ransomware and malware risks

Identity Hygiene & Hardening

  • Clean up unauthorized local admin accounts

  • Monitor stale identities, excessive permissions, and privileged roles

  • Implement ITDR (Identity Threat Detection & Response) practices

Security Architecture

  • Support Zero Trust initiatives

  • Align PAM controls with NIST and enterprise security standards

  • Drive MFA, passwordless authentication, and SSO adoption

Cloud Identity & IAM

  • Manage Azure AD (Entra ID), AWS IAM, and Google Cloud Platform IAM privileged roles

  • Integrate cloud identities with PAM vaulting and session monitoring

Governance & Documentation

  • Maintain runbooks, diagrams, and operational documentation

  • Support audit, compliance, and risk teams with reporting

Required Qualifications

  • 10+ years in IAM / PAM / Security Engineering

  • Hands-on experience with AD, Entra ID, Linux

  • Strong PAM vaulting & endpoint privilege management expertise

  • Experience with MFA, SSO, Kerberos, certificate-based auth

  • Knowledge of Zero Trust, NIST, ITDR, CIS controls

  • Scripting: PowerShell / Python / Bash / Terraform

  • Excellent documentation and communication skills

Preferred Qualifications

  • Multi-cloud PAM experience (Azure, AWS, Google Cloud Platform)

  • Entra ID PIM & Conditional Access

  • CI/CD or ITSM integration with PAM tools

  • Certifications (CyberArk, CISSP, CISM, CCSP, Azure/AWS Security)

Why This Role?

If you enjoy locking down privileged access, reducing attack surface, and driving enterprise-grade identity security - this is your seat at the table.

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.

About Crox Consulting Inc