Senior Privileged Access Management Engineer

At Zelis, we Get Stuff Done. So, let’s get to it!

Zelis is modernizing the healthcare financial experience across payers, providers, and healthcare consumers. We serve more than 750 payers, including the top five national health plans, regional health plans, TPAs and millions of healthcare providers and consumers across our platform of solutions. Zelis sees across the system to identify, optimize, and solve problems holistically with technology built by healthcare experts – driving real, measurable results for clients.

You bring a unique blend of personality and professional expertise to your work, inspiring others with your passion and dedication. Your career is a testament to your diverse experiences, community involvement, and the valuable lessons you've learned along the way. You are more than just your resume; you are a reflection of your achievements, the knowledge you've gained, and the personal interests that shape who you are.

Leads privileged access management and TLS certificate lifecycle activities for Zelis IT systems

Senior Privileged Access Management (PAM) Engineer – Team Lead

We are seeking a highly skilled and motivated Senior PAM Engineer – Team Lead to join the Identity and Access Management (IAM) team. This is a hands‑on technical leadership role, ideal for someone who thrives in dynamic environments and is passionate about Security, PAM, Automation, and Machine Identity Management.

This role will focus on Cyber Ark Privilege Cloud and Venafi TLS certificate management, supporting a hybrid enterprise environment spanning Active Directory, Azure, and AWS.

• Manage and enhance privileged access lifecycle capabilities using Cyber Ark Privilege Cloud, including credential vaulting, session management, privileged session monitoring, and Just-in-Time (JIT) access.
• Design and implement PAM solutions aligned with organizational security standards, including least privilege enforcement, credential rotation, session isolation, and privileged access workflows across enterprise systems.
• Lead engineering initiatives to integrate PAM controls across infrastructure and applications, including Active Directory, Azure AD, AWS IAM, and cloud-native services.
• Develop and maintain machine identity management solutions using Venafi, including TLS certificate lifecycle management, automation of certificate issuance/renewal, and integration with enterprise platforms and Dev Ops pipelines.
• Architect and implement automation frameworks and accelerators to streamline PAM and certificate management processes, improving scalability, auditability, and operational efficiency.
• Analyze and troubleshoot PAM and certificate management system issues, conducting root cause analysis and implementing durable solutions to improve system reliability and security posture.
• Collaborate with infrastructure, security, Dev Ops, and application teams to onboard systems into Cyber Ark and Venafi, ensuring consistent enforcement of privileged access and certificate policies.
• Monitor PAM and machine identity platforms to ensure performance, availability, and compliance with organizational policies and SOPs. Lead response efforts for critical incidents involving privileged accounts or certificate outages.
• Provide technical leadership and mentorship to junior engineers, promoting best practices in PAM, automation, and secure design.
• Drive continuous improvement by researching emerging PAM and machine identity trends, including secrets management, workload identity, and cloud-native privilege models.
• Develop and maintain documentation including architecture diagrams, onboarding guides, SOPs, and knowledge base articles for PAM and certificate management operations.

• Proven experience implementing and managing Cyber Ark Privilege Cloud in an enterprise environment, including vaulting, CPM, PSM, and session management.
• Hands‑on experience with Venafi (or similar certificate lifecycle management platforms) for managing TLS/SSL certificates at scale.
• Strong understanding of PAM principles, including least privilege, credential management, session…