Senior Engineer - Privileged Access Management

AHEAD builds platforms for digital business. By weaving together advances in cloud infrastructure, automation and analytics, and software delivery, we help enterprises deliver on the promise of digital transformation.

At AHEAD, we prioritize creating a culture of belonging, where all perspectives and voices are represented, valued, respected, and heard. We create spaces to empower everyone to speak up, make change, and drive the culture at AHEAD.

We are an equal opportunity employer, and do not discriminate based on an individual's race, national origin, color, gender, gender identity, gender expression, sexual orientation, religion, age, disability, marital status, or any other protected characteristic under applicable law, whether actual or perceived.

We embrace all candidates that will contribute to the diversification and enrichment of ideas and perspectives at AHEAD.

AHEAD is searching for a Senior Privileged Access Management (PAM) Engineer to be a part of our Managed Services team. This individual will lead the design, implementation, and ongoing operations of multi-tenant PAM solutions for our MSP customers, with a primary focus on the Beyond Trust platform.

The Senior PAM Engineer will architect secure privileged access workflows, implement enterprise-grade Beyond Trust capabilities (such as password vaulting, session management, and least-privilege endpoint controls), integrate PAM with customer identity and ITSM platforms, and serve as the subject matter expert for privileged access across our managed services portfolio.

This role requires deep technical expertise in PAM concepts and Beyond Trust technologies, strong security and infrastructure fundamentals, and the ability to lead cross-functional initiatives with customers and internal teams. The ideal candidate will have extensive experience designing and operating PAM solutions in multi-customer environments, strong scripting and automation skills, and a consulting mindset suited to Managed Services delivery.

• Lead architecture and design of multi-tenant Beyond Trust PAM services for MSP customers, including onboarding of new tenants and standardization of service offerings.
• Architect secure privileged access workflows for infrastructure, applications, databases, cloud platforms, and network devices, aligned to least-privilege principles and regulatory requirements.
• Implement and maintain Beyond Trust Password Safe and related components, including:
  • Discovery and onboarding of privileged accounts and systems
  • Password rotation policies and check-in/check-out workflows
  • Session brokering, recording, and real-time monitoring
  • Approval workflows and just-in-time (JIT) access
• Implement and maintain Beyond Trust Privilege Management for endpoints and servers (Windows and Linux/Unix), including policy design, deployment, and tuning to minimize user/admin friction while enforcing least privilege.
• Design and maintain highly available and secure Beyond Trust infrastructure, including clustering, scaling, upgrades, patching, and disaster recovery strategies across customer environments.
• Integrate PAM with identity and security platforms, including:
  • Active Directory / Entra  / LDAP and other directories for authentication and group-based access
  • MFA/SSO platforms using SAML/OIDC/OAuth2
  • SIEM and logging platforms for monitoring and alerting on privileged activity
  • Service Now and other ITSM tools for request, approval, and ticket correlation workflows
• Develop and maintain automation and tooling (e.g., Power Shell, Python, REST APIs) to:
  • Accelerate onboarding and lifecycle management of privileged accounts and systems
  • Enforce configuration standards and policies at scale
  • Generate reports and dashboards for compliance and operational KPIs
• Lead end-to-end customer onboarding to the PAM service, including:
  • Requirements gathering, use case definition, and risk assessment
  • Designing onboarding playbooks and standard reference architectures
  • Coordinating with internal and customer teams to implement and validate PAM controls
• Define and maintain standardized PAM policies and baselines across customer environments, including credential management, access approval patterns, session monitoring, and privileged elevation rules.
• Conduct security and risk assessments of existing privileged access practices, recommend remediation plans, and track execution to closure.
• Serve as subject matter expert and escalation point for PAM-related incidents and service requests, including troubleshooting Beyond Trust platform issues and complex access problems.
• Collaborate with security, infrastructure, network, and application teams (internal and customer) to ensure PAM controls are aligned with broader security architecture and operational requirements.
• Develop and maintain comprehensive documentation, including:
  • Platform architectures and configuration standards
  • Customer-specific runbooks and operational procedures
  • Onboarding and migration playbooks
  • Knowledge base articles and FAQs for internal…