Overview We are seeking an experienced Privileged Access Management (PAM) Subject Matter Expert (SME) to lead the design, implementation, and operational maturity of PAM capabilities across a complex enterprise environment.
This role is responsible for establishing and enforcing robust security controls for privileged identities, ensuring compliance with regulatory and security standards, and embedding PAM as a core enterprise security capability.
The PAM Engineer will act as a technical authority, owning PAM architecture, policies, onboarding standards, and operational governance. The role works closely with Cyber Security, Infrastructure, Identity & Access Management (IAM), and Application teams to drive adoption, standardization, and continuous improvement.
Key Responsibilities Strategy & Architecture Define and maintain the PAM architecture aligned with enterprise security strategy and Zero Trust principles.
Develop and maintain PAM roadmaps, standards, and design patterns.
Ensure effective integration of PAM solutions with IAM, SIEM, directory services, and cloud platforms.
Own PAM tiering models and enforce Tier 0 protections.
Engineering & Implementation Lead PAM deployments and technical onboarding of:
Domain and directory accounts
Service accounts
Local administrator accounts
Application and DevOps identities
Design and configure:
Credential vaulting and automated rotation
Session brokering and session recording
Just-in-Time (JIT) privileged access
Secrets management
Provide technical leadership for PAM upgrades, migrations, and platform consolidation initiatives.
Governance, Risk & Compliance Define and maintain PAM policies, procedures, and control frameworks.
Ensure alignment with relevant security and regulatory standards (e.g. ISO 27001, NIST, CIS Controls, GMP / GxP where applicable).
Support audits, internal control testing, and regulatory inspections.
Own risk assessments related to privileged access and drive remediation plans.
Operations & Continuous Improvement Establish PAM operational models, including runbooks and standard operating procedures (SOPs).
Define service KPIs and performance metrics.
Lead incident response activities related to privileged access compromise.
Drive automation, standardization, and self-service onboarding capabilities.
Stakeholder Engagement Act as a trusted technical advisor to IT Security leadership and programme sponsors.
Collaborate with application owners and infrastructure teams to securely onboard systems.
Provide training, coaching, and knowledge transfer to operational teams.
Support vendor management activities and product evaluations.
Essential Skills & Experience Technical Expertise Strong hands-on expertise with at least one enterprise PAM platform, such as:
CyberArk
Delinea
BeyondTrust
One Identity
HashiCorp Vault
Deep understanding of Active Directory / Entra ID integration.
Experience managing privileged access across Windows, Linux, and Unix environments.
Solid understanding of networking, certificates, and identity-related security controls.
Experience integrating PAM with SIEM platforms and implementing alerting.
Professional Experience Proven experience as a PAM Engineer, Architect, or SME in a large or complex enterprise environment.
Experience designing and implementing Tier 0 / Tier 1 identity security controls.
Experience working in regulated environments (e.g. finance, healthcare, life sciences, manufacturing).
Demonstrated ability to lead technical designs and influence senior stakeholders.
Soft Skills Strong communication and stakeholder management skills.
Ability to translate technical security controls into business risk language.
Structured, analytical problem-solving approach.
Comfortable operating independently and leading workstreams end-to-end.
Desirable Qualifications Security certifications such as: CISSP, CISM, CCSP
Vendor-specific certifications (e.g. CyberArk Defender, Delinea Specialist)
Privileged Access Management Engineer • Valais, Switzerland
#J-18808-Ljbffr