Engineer (Privileged Access Management)

We are looking for a Senior PAM Engineer to lead the design, implementation, and management of our Privileged Access Management (PAM) ecosystem. Your primary mission is to eliminate "standing privileges" and secure our most critical credentials using the Delinea suite. You will act as the Subject Matter Expert (SME) for Secret Server and Privilege Manager, ensuring that our infrastructure, cloud environments, and DevOps pipelines are secured against credential theft.

Core Responsibilities

• Delinea Architecture: Lead the end-to-end implementation and scaling of Delinea Secret Server (On-prem or Cloud) and Delinea Privilege Manager.
• Secret Management: Design and maintain secret heartbeat, remote password changing (RPC), and check-out/check-in workflows for service accounts, local admins, and root accounts.
• Secure Remote Access (SRA): Have a good understanding of VPN-less remote access solutions (e.g., Delinea PRA) to provide secure, audited entry points for internal admins and third-party vendors.
• Azure PIM: General understanding of Azure PIM.
• Endpoint Privilege Management: Configure policies in Delinea Privilege Manager to enforce Least Privilege, allowing users to perform administrative tasks without having full local admin rights.
• Hybrid Integration: Ensure interoperability between Delinea (for on-prem) and Azure PIM (for Cloud Control Plane access), creating a unified identity security posture.
• Integration & Automation: Integrate Delinea with Active Directory (AD/Azure AD), SIEM (Sentinel), and Ticket Systems (ServiceNow) to automate lifecycle management.
• Discovery & Onboarding: Manage automated discovery rules to identify unmanaged accounts across Windows, Linux, and Network devices.
• Session Management: Configure and audit session recording and monitoring (Protocol Handler/Session Proxy) for high-risk administrative sessions.
• Compliance & Audit: Generate high-level reporting for audit requirements and lead remediation efforts for privileged access findings.

Technical Requirements

• Experience: 5+ years of dedicated experience in Identity and Access Management (IAM), with at least 3+ years specifically focused on Delinea (formerly Thycotic).
• Delinea Mastery: Deep technical knowledge of Secret Server (Distributed Engines, Secret Policies) and Privilege Manager (Application Control, Elevation).
• Microsoft Entra ID: Strong experience with Azure PIM, Conditional Access, and Managed Identities.
• Infrastructure Skills: Strong understanding of Windows Server administration, Active Directory, GPOs, and Linux/Unix environments.
• Scripting: Proficiency in PowerShell or Python to automate API calls to Delinea and bulk-import secrets. Proficiency in SQL to generate reports.

8am-5pm

Tuesday, Wednesday, Thursday (Mondays and Fridays are remote)

$70.00-80.00/hr DOE

Long Term

Remote Work

Lake Forest, IL 60045

Please send resumes to 

All employees of Elite Staffing must be 18 years or older and authorized to work in the United States.

Elite Staffing, Inc. is proud to be an equal opportunity employer. Our policy of equal employment opportunity is to recruit, hire, train and promote persons without regard to race, color, religion, national origin, sex, age, disability, handicap or any other protected status.

Elite Staffing offers the following benefit programs for your participation: Medical, Dental, Vision, Voluntary Benefits, 401k Retirement Plan, and Commuter benefits.

Our hiring process may include the use of artificial intelligence (AI) to assist in recruiting candidates. AI may be used to collect information and grade, rank, or score your answers. All employment decisions are made by human reviewers. By submitting your application, you authorize Elite Staffing, Inc. to contact you using the contact information you have provided for employment-related activities via any method, including SMS, email, and phone calls, including through the use of automated technology, AI generative voice, and pre-recorded and/or artificial voice messages. For accommodations or to opt out of AI-assisted communication, you may unsubscribe from any SMS message and/or inform the AI technology of your request to opt out of AI-assisted communications. All personal information provided will be handled in accordance with our Privacy Policy found on our website.