PAM Lead Engineer

The position is described below. If you want to apply, click the Apply button at the top or bottom of this page. You'll be required to create an account or sign in to an existing one.

If you have a disability and need assistance with the application, you can request a reasonable accommodation. Send an email to Accessibility (accommodation requests only; other inquiries won't receive a response).

Regular or Temporary:

Regular

Language Fluency:  English (Required)

Work Shift:

1st Shift (United States of America)

Please review the following job description:

The Privileged Access Management (PAM) Lead Engineer is responsible for the design, implementation, and oversight of the organization’s privileged access management program, ensuring protection and proper management of sensitive accounts and credentials. Collaborates cross-functionally to manage tools, develop/enhance policies, and respond to privileged access security incidents. Serves as subject matter expert and mentor for privileged access management best practices.

KEY RESPONSIBILITIES

Following is a summary of the essential functions for this job.  Other duties may be performed, both major and minor, which are not mentioned below.  Specific activities may change from time to time. 

• Develop and implement strategies, policies, and controls to reduce privileged access and streamline the management of privileged entitlements, including hardening PAM policies to ensure robust controls for critical applications supporting a least privilege model. Track reduction in privileged account incidents and regularly report on improvements in access review completion times to demonstrate measurable progress.
• Assess privileged access risks and recommend solutions in partnership with IT, security, and business teams, incorporating Zero Trust framework principles and enforcing least privilege access policies to minimize risk and ensure robust protection of critical assets. Measure compliance rates against audit requirements and report on mitigation effectiveness to ensure accountability.
• Lead roadmap development and continuous improvement of PAM frameworks. Design, implement, and manage PAM solutions to safeguard critical systems and data, with regular tracking and reporting on the adoption and effectiveness of new PAM features and controls.
• Lead integration of PAM tools with IAM platforms and relevant enterprise applications, measuring successful integration milestones and tracking reductions in access-related incidents post-implementation.
• In partnership with IT, define and implement Just-in-Time (JIT) and Role-Based Access Control (RBAC) models related to privileged access and entitlements leveraging IAM automation framework. Monitor and report on the reduction of unnecessary entitlements. 
• Act as a Subject Matter Expert (SME) and technical lead for PAM initiatives. Provide expert guidance, training, and support for technical teams and end users regarding privileged access and evaluate the effectiveness of training programs through feedback and improvement in compliance metrics.
• Align PAM architecture and processes with regulatory frameworks (CFIUS, SOX, HIPAA, GDPR, PCI). Perform regular access reviews of privileged accounts, permissions, and entitlements across environments. Measure and report on access review completion rates and compliance with Cyber policies and audit requirements.
• Monitor, audit, and report on privileged account activities for compliance and anomaly detection. Define and implement proactive and/or automated controls when possible and regularly share metrics on detection rates and remediation times.
• Respond to and investigate privileged account security incidents, drive root cause analysis and remediation, and track incident response times and reductions in repeat incidents to demonstrate ongoing improvement.
• Develop/enhance, document, and enforce privileged account operational lifecycle policies, standards, and procedures, measuring adherence rates and reporting on policy update frequency to ensure continual alignment with organizational needs.
• Stay informed on emerging PAM trends, threats, and technologies; implement improvements accordingly and communicate the impact of these enhancements via quarterly progress reports.
• Mentor and lead PAM engineers in project and daily operations, monitoring skill development and project success rates to ensure effective team growth and operational excellence.
• Continue to maintain a comprehensive approach to privileged access management by regularly reviewing and updating responsibilities to reflect changes in technology, regulations, and organizational needs, and report annually on these updates and their impact on PAM program effectiveness.

EDUCATION AND EXPERIENCE

The requirements listed below are representative of the knowledge, skill and/or ability required.  Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent experience is required.
• 5+ years of experience in identity and access management, with a strong emphasis on privileged access and PAM solutions is required.

CERTIFICATIONS, LICENSES, REGISTRATIONS

• Relevant certifications (CISSP, CISM, vendor-specific PAM) preferred.

FUNCTIONAL SKILLS

• Expertise with PAM tools (e.g., CyberArk, Azure PIM (APIM)) and IAM platform integration.
• Solid foundation in authentication, authorization, and access control concepts.
• Demonstrated experience leading process re-engineering initiatives for PAM operations, implementing automation solutions, and driving data-driven risk remediation across enterprise environments.
• Advanced scripting/automation experience for PAM operations using PowerShell, Python, or similar tools such as Ansible or Bash.
• Ability to identify and assess privileged access and entitlement risks, and to define and implement effective mitigation strategies.
• Experience with regulatory standards (SOX, PCI-DSS, HIPAA) and compliance requirements.
• Strong analytical, problem-solving, and communication skills.
• Knowledge of securing privileged access in cloud and hybrid/multi-cloud environments.
• Demonstrated leadership in managing cross-functional teams and successful delivery of cloud security projects (e.g., overseeing cloud migration initiatives, coordinating with stakeholders across IT and business units, or implementing security automation in multi-cloud environments).
• Ability to operate effectively in a dynamic, fast-paced environment.
• May require on-call availability and participation in incident response outside regular hours.
• Works closely with IT Security, Infrastructure, and Application teams to ensure privileged access security and compliance across the organization.

General Description of Available Benefits for Eligible Employees of CRC Group: At CRC Group, we're committed to supporting every aspect of teammates' well-being – physical, emotional, financial, social, and professional. Our best-in-class benefits program is designed to care for the whole you, offering a wide range of coverage and support. Eligible full-time teammates enjoy access to medical, dental, vision, life, disability, and AD&D insurance; tax-advantaged savings accounts; and a 401(k) plan with company match. CRC Group also offers generous paid time off programs, including company holidays, vacation and sick days, new parent leave, and more. Eligible positions may also qualify for restricted stock units and/or a deferred compensation plan.

CRC Group supports a diverse workforce and is an Equal Opportunity Employer that does not discriminate against individuals on the basis of race, gender, color, religion, citizenship or national origin, age, sexual orientation, gender identity, disability, veteran status or other classification protected by law. CRC Group is a Drug Free Workplace.

EEO is the Law   Pay Transparency Nondiscrimination Provision   E-Verify