Senior Privileged Access Management Engineer

Senior Privileged Access Management Engineer – Team Lead

We are seeking a highly skilled Senior PAM Engineer to join the Identity and Access Management (IAM) team. This is a hands-on technical leadership role focused on Security, PAM, Automation, and Machine Identity Management.

Overview

This role leads privileged access management and TLS certificate lifecycle activities for Zelis IT systems, with a hybrid work arrangement.

• Manage and enhance privileged access lifecycle capabilities using Cyber Ark Privilege Cloud, including credential vaulting, session management, privileged session monitoring, and Just-in-Time (JIT) access.
• Design and implement PAM solutions aligned with security standards, including least privilege enforcement, credential rotation, session isolation, and privileged access workflows across enterprise systems.
• Lead engineering initiatives to integrate PAM controls across infrastructure and applications, including Active Directory, Azure AD, AWS IAM, and cloud-native services.
• Develop and maintain machine identity management solutions using Venafi, including TLS certificate lifecycle management, automation of issuance/renewal, and integration with enterprise platforms and Dev Ops pipelines.
• Architect and implement automation frameworks to streamline PAM and certificate management processes, improving scalability, auditability, and operational efficiency.
• Analyze and troubleshoot PAM and certificate management system issues, performing root cause analysis and implementing durable solutions.
• Collaborate with infrastructure, security, Dev Ops, and application teams to onboard systems into Cyber Ark and Venafi, ensuring consistent policy enforcement.
• Monitor PAM and machine identity platforms for performance, availability, and compliance; lead response efforts for critical incidents involving privileged accounts or certificate outages.
• Provide technical leadership and mentorship to junior engineers, promoting best practices in PAM, automation, and secure design.
• Drive continuous improvement by researching emerging PAM and machine identity trends, including secrets management and cloud-native privilege models.
• Develop and maintain documentation including architecture diagrams, onboarding guides, SOPs, and knowledge base articles for PAM and certificate management operations.

• Proven experience implementing and managing Cyber Ark Privilege Cloud in an enterprise environment, including vaulting, CPM, PSM, and session management.
• Hands-on experience with Venafi (or similar certificate lifecycle management platforms) for managing TLS/SSL certificates at scale.
• Strong understanding of PAM principles, including least privilege, credential management, session monitoring, JIT access, and privileged threat mitigation.
• Experience in hybrid environments with Active Directory, Azure AD, and AWS IAM.
• Proficiency in scripting and automation (e.g., Power Shell, Python) and experience with automation platforms (e.g., Azure Automation, AWS Lambda, CI/CD pipelines).
• Familiarity with authentication and authorization mechanisms (Kerberos, LDAP, SAML, OAuth, OpenID Connect, and secrets/token-based auth).
• Experience integrating PAM solutions with enterprise systems using REST APIs, secure authentication methods, and service accounts.
• Strong understanding of TLS/SSL, PKI concepts, certificate authorities, and cryptographic standards.
• Excellent communication and collaboration skills to work across technical and business teams.
• Ability to lead technical initiatives and deliver results without direct managerial authority.

• Cyber Ark certifications (e.g., Cyber Ark Defender, Sentry, or Guardian).
• Experience with Dev Ops and secrets management tools (e.g., Hashi Corp Vault, Kubernetes secrets, Azure Key Vault, AWS Secrets Manager).
• Familiarity with compliance frameworks (SOX, HIPAA, PCI-DSS, NIST).
• Experience with cloud-native PAM capabilities (Azure PIM, AWS IAM Access Analyzer).
• Knowledge of containerized and microservices environments and their impact on privileged access and certificate management.

Please note: we are unable to proceed with candidates who require visa sponsorship now or in the future.

We have offices in Atlanta, GA;
Boston, MA;
Morristown, NJ;
Plano, TX;
St. Louis, MO;
St. Petersburg, FL; and Hyderabad, India. We foster a hybrid and remote-friendly culture; work location is based on position needs and determined by the Leadership team. In-office requirements vary by role and team objectives in accordance with Company policies.

$ - $

We are committed to fair and equitable compensation. Base pay is one part of Total Rewards, which may include discretionary bonuses, commissions, or other incentives depending on the role. Eligible associates receive a comprehensive benefits package including 401k with employer match, flexible PTO, holidays, leaves, life and disability insurance, and medical/dental/vision coverage.