Privileged Access Management Engineer

Overview

Cognizant’s Cloud Infrastructure & Security Services Practice (CIS) is all about embracing digital transformation by driving core modernization holistically across layers. We help customers transform infrastructure and workplace to meet the rapidly evolving needs of the digital era. Our holistic approach delivers key results for our customers by achieving cloud driven modernization and workplace and operational transformation to run the business in a secure environment.

This role is responsible for managing and optimizing our cloud security tooling and ensuring robust cloud security operations across IaaS, PaaS, and SaaS environments. The role will involve triaging and managing cloud security issues alongside providing expert consultancy to the business on cloud security risks and driving remediation efforts. Additionally, this role involves developing automation scripts, generating actionable security reports, and enabling data-driven insights through analytics and BI tools.

Please note, this role is not able to offer visa transfer or sponsorship now or in the future.

• Beyond Trust Password Safe (PWS):
  Administer managed accounts/systems, asset discovery, smart rules, password rotation, and check-in/check-out workflows for privileged credentials (service/functional/local admin/app accounts).
• PWS Governance & Control:
  Configure access approvals (request/release), ISA/user permissions, delegation models, dual control/password randomization, and auditing/reporting/alerting.
• PWS Operations:
  Troubleshoot rotation failures, account lockouts, and credential sync issues; enable/maintain API-based integrations for automated credential retrieval.
• Beyond Trust Privileged Remote Access (PRA):
  Administer PRA appliances (site/gateway policies), jump technology (jump clients/points), and protocol tunneling (RDP/SSH/VNC/HTTPS/Telnet).
• Session Security & Monitoring:
  Implement RBAC/smart groups, session recording, command/keystroke logging, and vendor/JIT access workflows with time-bound controls.
• Platform Integrations:
  Maintain PRA↔PWS session injection; integrate with ticketing (e.g., Service Now/Jira), CMDB, and enterprise authentication (LDAP/RADIUS/SAML/OIDC).
• Hashi Corp Vault:
  Administer secrets engines, auth methods, policies/name spaces, dynamic secrets (DB/cloud/SSH/apps), transit encryption, leases, and agent-based injection.
• Resilience & Platform Engineering:
  Deliver HA/clustering, DR/backup, upgrades/patching, performance tuning, certificate (TLS) management, storage/seal/unseal procedures, and technology refresh/migrations.
• Automation & Scripting:
  Build/maintain Power Shell + Python automation using REST APIs/SDKs; implement Git-based version control, documentation, health checks, and automated reporting/metrics.
• Security & Compliance:
  Enforce least privilege/zero trust; support audits (SOX/PCI/ISO/NIST, etc.), access reviews, SIEM/syslog logging, incident response, and continuous control improvement.

• Hands-on experience with Beyond Trust PWS, Beyond Trust PRA, and Hashi Corp Vault
• Strong troubleshooting and enterprise integration experience.

#LI-EF1

#CB

#Ind
123

Applications will be accepted until 12 Feb 2026.

The annual salary for this position is between $114, depending on experience and other qualifications of the successful candidate.

This position is also eligible for Cognizant’s discretionary annual incentive program, based on performance and subject to the terms of Cognizant’s applicable plans.

• Medical/Dental/Vision/Life Insurance
• Paid holidays plus Paid Time Off
• 401(k) plan and contributions
• Long-term/Short-term Disability
• Paid Parental Leave
• Employee Stock Purchase Plan