Lead Privileged Access Management; PAM Engineer
Listed on 2026-06-21
-
Security
Cybersecurity
As a Senior / Lead Engineer in the CISO organization, you will serve as a technical authority for DTCC’s Privileged Access Management (PAM) platforms. You will design, build, and operate highly available, secure PAM services across hybrid environments, ensuring privileged access is controlled, observable, and resilient.
Compensation and Benefits- Competitive compensation, including base pay and annual incentive pay.
- Comprehensive health and life insurance and well‑being benefits, based on location.
- Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well‑being.
- DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee).
- Design and evolve the PAM platform architecture with a focus on scalability, resilience (HA/DR), and security‑by‑design.
- Drive platform maturity:
Implement sophisticated capabilities (JIT access, session recording, credential vaulting, API integrations) and standardize onboarding of new systems. Implement and maintain end‑to‑end observability for PAM platforms using monitoring, logging, and alerting tools (e.g., Splunk, Prometheus, Grafana, or equivalent). - Governance & compliance:
Establish policies for privileged account lifecycle, enforce password complexity and rotation, and ensure audit readiness for SOX, PCI, and internal controls. - Automation & integration:
Embed PAM into CI/CD pipelines and workflows; develop scripts and connectors for automated provisioning and session management. - Operational excellence:
Monitor PAM performance, lead incident response for privileged access breaches, and conduct root‑cause analysis and remediation. - Stakeholder engagement:
Communicate platform health, roadmap, and risk posture to senior leadership; manage vendor relationships and licensing. - Act as a mentor for other engineers—reviewing designs, code, and operational practices.
- Disaster recovery readiness:
Participate in DR exercises and ensure PAM resilience in loss‑of‑region scenarios.
NOTE:
The Primary Responsibilities of this role are not limited to the details above.
- Minimum of 6 years of related experience.
- Bachelor’s degree preferred and/or equivalent experience.
- 6+ years in security/platform engineering or IAM.
- Solid understanding of privileged account lifecycle, credential vaulting, and session management.
- Expertise in automation (Jenkins, Python, Groovy or equivalent) and integration with CI/CD.
- Familiarity with Windows, Unix/Linux, Active Directory, and hybrid cloud environments.
- Understanding of regulatory compliance and audit processes in financial or highly regulated industries.
- Experience implementing and managing Bravura PAM or similar enterprise PAM solutions (e.g., Cyber Ark).
- Experience with Zero Trust architectures, API‑based integrations, and sophisticated PAM features (JIT, ephemeral credentials).
- Familiarity with cloud, Kubernetes, Open Shift platform and PAM integration patterns.
- Knowledge of risk frameworks and evidence automation.
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment.
Please contact us to request accommodation.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).