Privileged Access Management (PAM) Engineer

Position Overview

We are growing!  GuidePoint Security is hiring a PAM Engineer to join our implementation team on a full-time basis.  This is a fully remote role where we are looking for relevant experience with Delinea/Thycotic CyberArk or BeyondTrust.

The Privileged Access Management (PAM) Engineer is responsible for designing deploying administering and optimizing enterprise-grade PAM solutions with a primary focus on Delinea Secret Server CyberArk Privileged Cloud and modern PAM practices. This role ensures secure management of privileged accounts service accounts credentials secrets and high-risk access workflows across the organization. The engineer will work closely with security infrastructure DevOps and application teams to implement and maintain advanced PAM controls and best practices.

Key Responsibilities

• Deploy configure manage and support Delinea Secret Server (On-Prem/Cloud) and CyberArk Privileged-Cloud environments.

• Manage vaulting onboarding and lifecycle governance for privileged shared and service accounts.

• Maintain password rotation policies session management access workflows and security controls.

• Implement and oversee privileged session monitoring session recording and behavioral alerts.

• Ensure adherence to least-privilege and Zero-Trust principles for all privileged identities.

Modern PAM & Non-Human Identity Management (NHIM)

• Support modern PAM capabilities such as:

  • Just-in-Time (JIT) privilege elevation

  • Ephemeral and dynamic credentials

  • Secrets management APIs / integrations

  • Cloud-native privileged access management

  • Credential discovery scanning and risk classification

  • Hybrid identity governance for machine accounts

• Assist in building automated credential workflows for CI/CD pipelines and DevOps systems.

Technical Implementation & Engineering

• Integrate PAM platforms with AD/LDAP Azure AD SSO/IDP SIEM MFA ticketing systems and cloud services (AWS/Azure/GCP).

• Onboard new systems servers applications databases and network devices to Delinea and CyberArk.

• Configure connectors distributed engines secrets management API endpoints and credential plugins.

• Develop automation for onboarding rotation and monitoring using PowerShell Python or REST APIs.

Minimum Qualifications

• Bachelor’s degree in Computer Science Information Security or related field — or equivalent work experience.

• 3-5+ years of experience in Privileged Access Management engineering or Consulting

• Hands-on experience with Delinea Secret Server (on-prem or cloud) including password rotation connectors RBAC and auditing.

• Experience in implementing CyberArk Privileged Cloud (or CyberArk CorePAS)

• Strong understanding of privileged account governance password rotation service account automation and session management.

• Experience with Windows/Linux server administration and Active Directory.

• Familiarity with scripting (PowerShell Python) and REST APIs.

• Knowledge of common security frameworks and access control principles.

Preferred Qualifications

• 3-5 years of IT Professional services and consulting experience

• Professional certifications such as:

  • Delinea Certified Engineer

  • CyberArk Defender / CyberArk Sentry / Guardian

  • CISSP CISM Security+ CCSP or similar

• Exposure to modern PAM capabilities:

  • Ephemeral access

  • Credential-less access

  • Cloud secrets management

  • Certificate lifecycle management

• Experience integrating PAM with DevOps pipelines (Jenkins GitHub Azure DevOps GitLab).

• Background in cloud security for AWS Azure and/or GCP.

• Experience in NHIM/Machine Identity Governance tools.

• Ability to design PAM architectures and drive enterprise-wide PAM programs.

The Team

Coming to the PAM team means working on the leading edge in the PAM space. As a PAM Engineer you will be partnering with other engineers and architects to help some of the largest companies in the US implement their own PAM programs. From participating in assessments to full delivery of a PAM platform you can expect to be involved at all levels of interaction with our customers. Your leadership and expertise are critical to providing our customers with the guidance they need and the excellence they expect from GuidePoint Security.

We partner with the largest vendors in the space to ensure that the latest training is always available to our team. High level communication and collaboration are the standard. Mentorship at all levels from Senior Architects to Junior Engineers is foundational to our culture. We don’t just talk about work life balance; we facilitate it with a flexible time off (FTO) benefit.

We understand that in order to retain our talented team leadership must provide regular feedback and coaching. We recruit new members to the team with the understanding that opportunities for growth are important. Whether your goals include future leadership opportunities becoming an Architect or even moving to another discipline within security in time the leadership team is focused on partnering with you to help achieve them.