PAM Multiple Position Full Time

PAM : Remote Multiple Positions

PAM Engineer – JD

Delinea Platform Management:= Delinea Cloud, Strong development and scripting skills (PowerShell, Python) for automation and integration, skills in platforms like GCP Azure Logic Apps, AWS and/or Entra , can be useful as an integration broker, especially for complex, multi-step processes, Install, configure, and maintain new modules in Delinea platform (Secret Server, Privilege Manager, Session Manager, Secure Remote Access), Develop and maintain integrations between Delinea and other enterprise systems (e.g., SailPoint for IGA, ServiceNow for ticketing, Splunk for SIEM) using APIs and PowerShell/Python script

2.

Job Title: Senior IAM/PAM Engineer (Lead Role) – JD

Role Overview:

The Senior IAM/PAM Engineer serves as the technical lead and subject matter expert for both Privileged Access Management (PAM) and Identity Governance & Administration (IGA). This role provides technical leadership, drives architecture decisions, and leads hands-on implementation, configuration, and automation for the Delinea PAM suite and SailPoint ISC. The engineer will bridge the gap between privileged access and identity governance, ensuring a unified, automated, and secure environment. This role is critical to program success, requiring the ability to mentor junior engineers, lead technical workstreams, and translate business requirements into scalable solutions across both platforms.

Key Responsibilities:

Leadership & Strategy:

Provide technical leadership and mentorship to engineering teams on PAM and IGA best practices.

Lead the design, and integration strategy between Delinea and SailPoint ISC.

Drive continuous improvement initiatives, including lifecycle management, role mining, and access governance.

Act as the escalation point (Tier 3/4) for complex, cross-platform IAM/PAM issues.

Platform Management (Delinea):

Lead the installation, configuration, and maintenance of the full Delinea platform (Secret Server, Privilege Manager, Session Manager, Secure Remote Access).

Drive the onboarding of privileged accounts, service accounts, and API keys with automated password rotation.

Architect and manage access controls, folders, secret templates, and session monitoring (RDP, SSH, web).

Identity Governance (SailPoint ISC):

Lead the configuration and management of SailPoint ISC, including identity lifecycle, access requests, certifications, and role management.

Design and implement complex SailPoint workflows, rules, and transforms.

Manage source integrations (Active Directory, HR systems, cloud apps) and ensure authoritative source alignment.

Integration & Automation:

Architect and maintain bi-directional integrations between Delinea and SailPoint ISC (e.g., automated access granting/revoking, privileged account governance, emergency access workflows).

Develop advanced automation scripts (PowerShell, Python, SailPoint APIs, Delinea SDK) to orchestrate IAM/PAM processes.

Integrate both platforms with enterprise systems (ServiceNow, Splunk, SIEM, SOAR).

Required Skills & Qualifications:

Leadership: 5+ years of combined IAM/PAM experience, including leading technical workstreams, mentoring peers, and driving architectural decisions.

Delinea Expertise (3+ years hands-on): Deep knowledge of Secret Server architecture, Distributed Engine, secret templates, access policies, session management, and API integrations.

SailPoint ISC Expertise (2+ years hands-on): Deep knowledge of identity lifecycle, provisioning, role-based access control (RBAC), access certifications, and native SailPoint ISC workflows.

Integration Mastery: Proven experience integrating Delinea with SailPoint ISC (using REST APIs, OAuth clients, or custom connectors).

Scripting & Automation: Advanced PowerShell and Python skills for automation, including using PowerShell SDK from both vendors.

Core IAM/PAM Concepts: Privileged vaulting, session management, least privilege, SSO, provisioning, governance, RBAC, SOD (segregation of duties), and certification processes.

Infrastructure & Security: Strong Windows/Linux security, AD/LDAP, DNS, firewalls, OAuth 2.0/OIDC, and token management.

Desirable Skills (Strongly Preferred):

Experience with Delinea AI/PAM-I (risk scores, anomaly detection).

Knowledge of low-code integration brokers (Azure Logic Apps, Power Automate, AWS Step Functions).

Familiarity with SCIM, Graph API, or Event Hub integrations.

IAM certifications (e.g., CIAM, CISSP) or vendor-specific (Delinea Certified Engineer, SailPoint Certified Engineer/Architect).

3.

Job Title: PAM GRC & Business Analyst (Delinea Focus)

Experience Level: Mid-to-Senior Level (5–8+ years)

Role Type: Hybrid (Governance, Risk, Compliance + Business Analysis)

Role Overview

We are seeking a dual-hat PAM GRC & Business Analyst to bridge the gap between privileged access governance, risk management, and technical implementation. This role is responsible for ensuring the Delinea PAM solution (Secret Server, Endpoint Privilege Management) aligns with security policies, regulatory standards, and business needs.

You will serve as both a GRC advisor (audit, policy, risk assessment) and a Business Analyst (requirements gathering, process mapping, user stories). This position is ideal for a professional who understands both why privileged access must be governed and how to translate those needs into actionable technical requirements for the Delinea platform.

Key Responsibilities

Governance, Risk & Compliance (GRC) Component

Policy & Framework Alignment: Enforce privileged access policies and implementation in line with NIST 800-53, ISO 27001, SOX, PCI-DSS, and HIPAA. Ensure Delinea configurations adhere to least privilege, Just-In-Time (JIT) access, and separation of duties.

Risk Assessments: Perform periodic risk and maturity assessments specific to privileged accounts, identifying gaps in secret management, session recording, and access approvals.

Audit & Evidence Management: Support internal and external audits by preparing compliance evidence, reviewing privileged access logs, and generating audit-ready reports from Delinea Secret Server.

Vendor Risk: Assess third-party integrations with Delinea for security compliance.

Metrics & Reporting: Define and monitor KPIs/KRIs (e.g., orphaned secrets, unapproved access requests, overdue access reviews). Maintain a risk register and controls catalog.

Business Analysis Component

Requirements Gathering: Elicit, document, and prioritize business and technical requirements for Delinea implementations from stakeholders (app owners, IT ops, audit, security engineering).

Process Improvement: Conduct gap analysis of current privileged access request/approval workflows. Recommend automation, role-based access models, and onboarding optimizations.

User Stories & Documentation: Translate requirements into clear user stories, acceptance criteria, and process flows using Agile tools (JIRA, Confluence).

Data Analysis: Analyze privileged account data to identify stale, excessive, or orphaned accounts. Assist in cleansing and classifying accounts for migration into Delinea Secret Server.

Testing & Validation: Support UAT (User Acceptance Testing) for new Delinea features, upgrades, or integrations. Validate that technical changes meet both compliance and operational needs.

Combined (Bridge) Responsibilities

Policy-to-Requirement Translation: Convert GRC policy mandates (e.g., “all privileged sessions must be recorded and reviewed”) into actionable BA deliverables (e.g., “Delinea session recording must be enabled for all domain admin accounts, with retention set to 90 days”).

Stakeholder Facilitation: Lead workshops that bring together audit, security, engineering, and business teams to align on privileged access governance and implementation roadmaps.

Remediation Planning: Identify compliance gaps from audits and work with engineering to produce remediating requirements.

Required Qualifications

Education & Experience

5+ years of combined experience in Information Security (GRC) and Business Analysis (or equivalent roles such as IAM Analyst, Security Compliance Analyst, Technical BA).

Proven experience with Delinea (Thycotic/Centrify) Secret Server and Endpoint Privilege Management (EPM) — mandatory.