Lead Pam Engineer

Overview

Job Title:

Lead PAM (Privileged Access Management) Engineer

Location:

Bury

Job Type: Full-Time

Job Description:

We are seeking a skilled and experienced Privileged Access Management (PAM) Engineer to deliver best-in-class design, implementation and management of our PAM solutions in a large-scale, fast-paced retail environment. You will be joining the Identity & Access Management (IAM) team reporting to the Head of IAM, all of which is part of our growing Information Security function. This role requires deep Cyber Ark expertise (both on-prem and cloud), strong operational knowledge and the ability to work effectively across security, infrastructure and Dev Ops teams.

• Design, deploy and manage Cyber Ark Privilege Cloud, including secure onboarding of privileged accounts, credential rotation policies and session monitoring.
• Support hybrid environments by integrating Privilege Cloud with on-prem infrastructure and identity sources (e.g. Active Directory)
• Collaborate with internal colleagues and teams to maintain optimal configuration, availability and performance.
• Engineering, support and maintenance of other Cyber Ark components such as PSM, CPMs, HTML5 gateways and PTA in hybrid and legacy environments.
• Implement PAM controls in alignment with internal security standards, and data protection policies relevant to the retail sector
• Participate in security reviews and support audit-related activities related to privileged account governance
• Leverage Cyber Ark REST APIs and other automation frameworks to enable automated onboarding, reporting and policy enforcement
• Provide integration support across ITSM ticket systems, SIEMs and CI/CD pipelines to ensure secure Dev Ops practices.
• Perform regular health checks, maintenance and upgrades, and incident resolution for Cyber Ark platforms
• Provide level 2/3 support for Cyber Ark-related issues and respond to alerts generated by Privilege Cloud, or threat analytics tools.
• Document architecture, procedures and incident response playbooks.
• Work with Technology, Security and Application teams to understand privileged access needs across the organisation’s systems and cloud environments
• Educate internal teams on best practices for using Cyber Ark Privilege Cloud securely and efficiently.

• Proven hands-on experience with Cyber Ark in hybrid environments
• Demonstrable experience of having performed the role of PAM Engineer
• Solid understanding of Active Directory, Windows/Linux systems, and cloud platforms (AWS, Azure, GCP)
• Experience with automation/scripting (Powershell, Ansible, Python) and Cyber Ark’s REST APIs
• Excellent problem-solving skills and attention to detail
• Strong written and verbal communication and collaboration skills
• Detail-oriented with a strong security mindset and ability to think proactively.

• Hands-on experience with Cyber Ark Conjur or Cyber Ark Secrets Manager (or similar Secrets Management solutions, e.g. Hashicorp Vault)

• Cyber Ark Certified Defender (or better)
• Security certifications such as CISSP, CISM or CCSP are a plus.
• Knowledge of security frameworks, regulatory requirements and compliance standards (e.g. NIST, PCI DSS, GDPR).