Privileged Access Management Engineer

For a full-time 6-month freelancer role for their office in Basel, Switzerland - but work is remote in European Union region
. You need to live in European Union or in Switzerland and have registered your own consultancy company.

We are looking for a Senior Privileged Access Management (PAM) Subject Matter Expert to own, design, and mature PAM capabilities across the organisation.

This role plays a key part in protecting the organisation’s most critical identities (administrative, service, and application accounts) and in embedding PAM as a core enterprise security capability
.

You will act as the technical authority for PAM
, covering architecture, standards, onboarding strategy, and operational governance, while working closely with Cyber Security, Infrastructure, IAM, Cloud, and Application teams
.

• Define, own, and maintain the PAM architecture aligned with enterprise security strategy and Zero Trust principles
• Design and drive PAM roadmaps, standards, and onboarding models
• Lead PAM deployments and onboarding of
  :
  Privileged domain and directory accounts, Service and application accounts, Local administrator and infrastructure accounts, Dev Ops and automation identities
• Design and configure PAM capabilities, including
  :
  Credential vaulting and automatic password rotation, Privileged session brokering and recording, Just-in-Time (JIT) privileged access, Secrets management
• Ensure effective integration with IAM platforms, SIEM solutions, directory services, and cloud environments
• Own PAM tiering models
  , including Tier 0 protections
• Define and enforce PAM policies, procedures, and control frameworks
• Support audits, regulatory inspections, and internal controls testing
• Lead risk assessments related to privileged access and remediation activities
• Establish operational models
  , runbooks, SOPs, and service KPIs
• Support incident response related to privileged access compromise
• Act as a technical advisor to security leadership and key stakeholders
• Provide training, guidance, and knowledge transfer to internal teams
• Support vendor selection, evaluation, and platform optimisation

• Proven experience as a PAM Engineer, Architect, or Subject Matter Expert in large or complex environments
• Strong hands-on expertise with at least one enterprise PAM solution
  , such as:
  Cyber Ark, Delinea, Beyond Trust, One Identity, or Hashi Corp Vault
• Solid experience integrating PAM with
  :
  Active Directory / Entra , Windows, Linux, and Unix environments
• Good understanding of
  :
  Identity and access security controls, Networking, certificates, and authentication mechanisms, SIEM integration and security alerting
• Experience designing and enforcing Tier 0 / Tier 1 identity security controls
• Background working in regulated industries (e.g. finance, healthcare, life sciences, manufacturing)
• Strong communication skills with the ability to translate technical security concepts into business risk
• Structured, autonomous, and delivery-focused mindset
• Relevant security certifications (CISSP, CISM, CCSP, or vendor-specific certifications) are a plus