Senior Engineer – Privileged Access Management

This is a fully remote position, open to applicants in United States.

📋 Description

• Oversee the architecture and design of multi-tenant BeyondTrust PAM services tailored for MSP clients, including the onboarding process for new tenants and the standardization of service offerings.

• Design secure privileged access workflows for infrastructure, applications, databases, cloud platforms, and network devices, ensuring alignment with least-privilege principles and regulatory standards.

• Implement and maintain BeyondTrust Password Safe alongside its associated components, which includes:

• Identification and onboarding of privileged accounts and systems.

• Establishing password rotation policies and check-in/check-out procedures.

• Facilitating session brokering, recording, and real-time monitoring.

• Creating approval workflows and just-in-time (JIT) access mechanisms.

• Implement and sustain BeyondTrust Privilege Management for endpoints and servers (Windows and Linux/Unix), focusing on policy design, deployment, and tuning to minimize friction for users/admins while enforcing least privilege.

• Design and uphold a highly available and secure BeyondTrust infrastructure, covering clustering, scaling, upgrades, patching, and disaster recovery strategies across customer environments.

• Integrate PAM with identity and security platforms, including:

• Active Directory / Entra ID / LDAP and other directories for authentication and group-based access.

• MFA/SSO platforms utilizing SAML/OIDC/OAuth2.

• SIEM and logging platforms for monitoring and alerting on privileged activities.

• ServiceNow and other ITSM tools for managing requests, approvals, and ticket correlation workflows.

• Develop and maintain automation and tooling (e.g., PowerShell, Python, REST APIs) to:

• Expedite the onboarding and lifecycle management of privileged accounts and systems.

• Enforce configuration standards and policies on a large scale.

• Create reports and dashboards for compliance and operational KPIs.

• Lead the complete customer onboarding process to the PAM service, including:

• Requirements gathering, use case definition, and risk assessment.

• Designing onboarding playbooks and standard reference architectures.

• Collaborating with internal and customer teams to implement and validate PAM controls.

• Define and uphold standardized PAM policies and baselines across customer environments, which encompass credential management, access approval patterns, session monitoring, and privileged elevation rules.

• Conduct security and risk assessments of current privileged access practices, recommend remediation strategies, and monitor execution through to closure.

• Act as a subject matter expert and escalation point for PAM-related incidents and service requests, including troubleshooting issues with the BeyondTrust platform and complex access challenges.

• Collaborate with internal and customer security, infrastructure, network, and application teams to ensure PAM controls are in sync with broader security architecture and operational needs.

• Develop and maintain thorough documentation, which includes:

• Platform architectures and configuration standards.

• Customer-specific runbooks and operational procedures.

• Onboarding and migration playbooks.

• Knowledge base articles and FAQs for both internal and customer use.

• Provide mentorship and guidance to team members on PAM concepts, BeyondTrust best practices, and secure operations within a managed services context.

• Maintain transparent communication with customers and internal stakeholders, offering regular status updates, visibility on risks/issues, and technical recommendations.

• Complete assigned training and certification to enhance skills and knowledge, including PAM and BeyondTrust-specific certifications where applicable.

• *Additional job duties as assigned.

⛳️ Requirements

• Minimum Required – A college degree or equivalent in Information Systems, Computer Science, Cybersecurity, or a related discipline. Unique education, specialized experience, skills, knowledge, training, or certification may serve as a substitute for formal education.

• At least 7 years of relevant experience in IT operations, infrastructure engineering, or cybersecurity, with substantial hands-on responsibility for privileged access controls in enterprise settings.

• 3+ years of direct experience in designing, implementing, and operating PAM solutions (BeyondTrust is strongly preferred; experience with platforms like CyberArk or Delinea is advantageous).

• Experience in delivering services in a managed services or consulting role, including direct customer engagement in multi-tenant or multi-customer environments.

• Proven experience in leading technical initiatives, driving cross-functional projects, and mentoring junior team members.

• Familiarity with regulated or compliance-driven environments (e.g., SOX, PCI DSS, HIPAA, ISO 27001) and supporting audit and evidence collection for privileged access controls.

🏝️ Benefits

• Medical, Dental, and Vision Insurance

• 401(k)

• Paid company holidays

• Paid time off

• Paid parental and caregiver leave

• Plus more! See benefits https://www.aheadbenefits.com/ for additional details.