Job Summary
We're looking for an experienced PAM Engineer to strengthen our cybersecurity posture by securing privileged identities across Active Directory, Entra ID, Linux, and multi-cloud environments (Azure, AWS, GCP). You'll design, implement, and maintain advanced PAM and endpoint privilege controls that enforce least privilege, just-in-time (JIT) access, and Zero Trust principles.
Key Responsibilities
Privileged Identity Security
- Manage and enhance corporate vaulting solutions for privileged credentials (AD, Entra, Linux, Azure, AWS, GCP).
- Automate credential rotation and enforce time-bound, approval-based admin access.
- Reduce standing privileges through JIT and least-privilege policies.
Endpoint Privilege Management
- Deploy least-privilege policies across Windows, Linux, and macOS.
- Replace local admin rights with controlled privilege elevation workflows.
- Implement application control and privilege granularity to mitigate malware and insider threats.
Identity Hardening and Hygiene
- Drive local admin cleanup initiatives and enforce removal of unauthorized rights.
- Monitor and remediate stale accounts, over-privileged roles, and risky configurations.
- Implement Identity Threat Detection and Response (ITDR) capabilities.
Security Architecture and Standards
- Support Zero Trust initiatives and align PAM controls with NIST 800-63B and enterprise policies.
- Promote MFA, SSO, and passwordless authentication for privileged users.
Cloud Identity and Access
- Manage privileged roles and accounts in Entra ID (Azure AD), AWS IAM, and GCP IAM.
- Design and enforce least-privilege models for workloads, service accounts, and keys.
- Integrate cloud identities with PAM tools (vaulting, session recording, approval workflows).
Identity Lifecycle Management
- Work with IGA teams to automate provisioning, deprovisioning, and recertification of privileged accounts.
- Ensure all privileges have clear business justification and ownership.
Documentation and Governance
- Maintain architecture diagrams, runbooks, and operational procedures.
- Generate audit and compliance reports demonstrating control effectiveness.
- Collaborate with audit, risk, and compliance teams to meet regulatory standards.
Required Qualifications
- 3 5 years in PAM, IAM, or Security Engineering roles.
- Deep technical knowledge of AD, Entra ID, Linux, and at least one major cloud (Azure, AWS, or GCP).
- Proficiency in vaulting, endpoint privilege management, and least-privilege enforcement.
- Strong scripting skills (PowerShell, Python, Bash, Terraform).
- Familiar with Zero Trust, NIST frameworks, ITDR, and cloud security standards (CIS, CSA).
- Excellent communication and documentation skills.
Preferred Qualifications
- Experience managing privileged access in multi-cloud environments.
- Expertise in Entra ID PIM, AWS IAM policies, or GCP IAM roles.
- Integration of PAM with CI/CD pipelines or ITSM workflows.
Certifications such as CISSP, CISM, CCSP, Azure Security Engineer, AWS Security Specialty, GIAC, or SailPoint