PIM​/PAM Engineer

Capgemini Government Solutions (CGS) LLC is seeking a PIM/PAM Engineer to support mission‑critical government clients. The ideal candidate will collaborate with a high‑performing team, engage with a broad range of stakeholders, and play a key role in expanding CGS capabilities while growing their technical and consulting expertise.

The PIM/PAM Engineer is responsible for the architecture, design, implementation, and administration of enterprise‑level Privileged Identity Management (PIM) and Privileged Access Management (PAM) solutions. This role ensures the secure management of privileged identities within the framework by maintaining a hardened appliance posture and enforcing the principle of least privilege across the enterprise. The candidate is a technical specialist who understands that identity is the new perimeter.

They will act as the primary administrator for our PAM vaulting solutions, working closely with Infrastructure, Dev Ops, and Security Operations teams to integrate vaulting into every layer of our tech stack.

• Design, deploy, configure, and maintain robust PIM/PAM solutions across enterprise, cloud, and hybrid environments.
• Manage the lifecycle of privileged accounts, including automated vaulting, password rotation, privileged session management, and just‑in‑time (JIT) access.
• Integrate PIM/PAM tools with broader identity ecosystems (IdPs, IGA, SIEM, and ticketing systems like Service Now) using APIs and custom scripting.
• Define, implement, and enforce least‑privilege access policies, role‑based access control (RBAC), and attribute‑based access control (ABAC).
• Conduct regular discovery audits to identify unmanaged privileged accounts, service accounts, and secrets, bringing them under centralized management.
• Provide tier‑3 technical support for complex identity infrastructure issues, system upgrades, patches, and disaster recovery drills.
• Support continuous monitoring and audit readiness by generating compliance reports and ensuring adherence to federal and DoD security frameworks.
• Deep understanding of session recording, credential vaulting, secrets management, and delegation of authority.
• Strong foundational knowledge of Windows Active Directory, Linux/Unix administration, Group Policy Objects (GPOs), and basic networking protocols.
• Proficiency in scripting languages (e.g., Power Shell, Python, Bash) for automation and API integrations.

• Ability to obtain and maintain a DoD Secret Clearance. U.S. citizenship is required.
• Bachelor’s degree in computer science, information technology, cybersecurity, or a related technical field.
• 6+ years of progressive IT experience, with 2–3+ years of dedicated experience in Identity and Access Management (IAM), with a strong focus on PIM/PAM engineering highly desired.
• CompTIA Security+ CE (current) is highly desired; must be able to obtain within 3 months of hire.
• Valid U.S. work authorization with no current or future need for visa sponsorship.

Compensation:
Capgemini discloses a salary range for the tagged location of $110k – $135k. The role may also be eligible for variable compensation, bonus, or commission. Full‑time regular employees are eligible for paid time off, medical/dental/vision insurance, 401(k), and other benefits to eligible employees.

Equal Opportunity Employer – Protected Veterans – Individuals with Disabilities. This employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the notice from the Department of Labor.