Privileged Access Management (PAM) Engineer

Job Summary

We're looking for an experienced PAM Engineer to strengthen our cybersecurity posture by securing privileged identities across Active Directory, Entra ID, Linux, and multi-cloud environments (Azure, AWS, GCP). You'll design, implement, and maintain advanced PAM and endpoint privilege controls that enforce least privilege, just-in-time (JIT) access, and Zero Trust principles.

Key Responsibilities

Privileged Identity Security

• Manage and enhance corporate vaulting solutions for privileged credentials (AD, Entra, Linux, Azure, AWS, GCP).
• Automate credential rotation and enforce time-bound, approval-based admin access.
• Reduce standing privileges through JIT and least-privilege policies.

Endpoint Privilege Management

• Deploy least-privilege policies across Windows, Linux, and macOS.
• Replace local admin rights with controlled privilege elevation workflows.
• Implement application control and privilege granularity to mitigate malware and insider threats.

Identity Hardening and Hygiene

• Drive local admin cleanup initiatives and enforce removal of unauthorized rights.
• Monitor and remediate stale accounts, over-privileged roles, and risky configurations.
• Implement Identity Threat Detection and Response (ITDR) capabilities.

Security Architecture and Standards

• Support Zero Trust initiatives and align PAM controls with NIST 800-63B and enterprise policies.
• Promote MFA, SSO, and passwordless authentication for privileged users.

Cloud Identity and Access

• Manage privileged roles and accounts in Entra ID (Azure AD), AWS IAM, and GCP IAM.
• Design and enforce least-privilege models for workloads, service accounts, and keys.
• Integrate cloud identities with PAM tools (vaulting, session recording, approval workflows).

Identity Lifecycle Management

• Work with IGA teams to automate provisioning, deprovisioning, and recertification of privileged accounts.
• Ensure all privileges have clear business justification and ownership.

Documentation and Governance

• Maintain architecture diagrams, runbooks, and operational procedures.
• Generate audit and compliance reports demonstrating control effectiveness.
• Collaborate with audit, risk, and compliance teams to meet regulatory standards.

Required Qualifications

• 3 5 years in PAM, IAM, or Security Engineering roles.
• Deep technical knowledge of AD, Entra ID, Linux, and at least one major cloud (Azure, AWS, or GCP).
• Proficiency in vaulting, endpoint privilege management, and least-privilege enforcement.
• Strong scripting skills (PowerShell, Python, Bash, Terraform).
• Familiar with Zero Trust, NIST frameworks, ITDR, and cloud security standards (CIS, CSA).
• Excellent communication and documentation skills.

Preferred Qualifications

• Experience managing privileged access in multi-cloud environments.
• Expertise in Entra ID PIM, AWS IAM policies, or GCP IAM roles.
• Integration of PAM with CI/CD pipelines or ITSM workflows.

Certifications such as CISSP, CISM, CCSP, Azure Security Engineer, AWS Security Specialty, GIAC, or SailPoint