IT Engineer, Privileged Access Management (PAM)

About The Position

Requirements

• Hands‑on experience with Microsoft Entra ID, Privileged Identity Management (PIM), Conditional Access, and Microsoft Defender products
• Strong understanding of privileged access models, least‑privilege principles, and Zero Trust security architecture
• Experience managing identities and access within Microsoft 365 and Azure environments
• Experience with Windows platforms, Active Directory, and authentication/authorization concepts
• Scripting or automation experience (PowerShell preferred)
• Familiarity with SIEM/XDR platforms (Microsoft Sentinel and Defender XDR preferred)
• Technical documentation and runbook development skills
• Strong communication skills with the ability to explain technical concepts to non‑technical audiences
• Proven ability to collaborate across security, IT, and business teams
• Strong analytical, troubleshooting, and problem‑solving skills
• Ability to operate effectively in fast‑paced and regulated environments
• Continuous‑learning mindset with adaptability to evolving security technologies
• Bachelor’s degree in computer science, Information Technology, or a related field preferred
• 3+ years of experience in Microsoft Windows and Microsoft 365 environments with direct responsibility for identity or security controls
• 2+ years of hands‑on experience with Microsoft Azure, Entra ID, Defender, and Purview portals
• Experience supporting hybrid (cloud and on‑premises) environments
• Experience with application authentication (IdP) and authorization (IdM) concepts
• Experience working across multiple concurrent projects in a dynamic environment

Nice To Haves

• Microsoft Certified: Identity and Access Administrator Associate
• Microsoft Certified: Security Operations Analyst Associate
• CISSP or equivalent security certification
• Additional Microsoft Security certifications
• Experience with IAM, Active Directory, Windows Server, SQL Server, or networking fundamentals (DNS, DHCP, LAN/WAN)

Responsibilities

• Design, implement, and maintain PAM solutions across cloud and hybrid environments using Microsoft Entra ID, Privileged Identity Management (PIM), Conditional Access, and related Microsoft security tooling
• Onboard and manage privileged user, service, and application accounts, including credential vaulting, rotation, and lifecycle management
• Configure and maintain Just‑In‑Time (JIT) access and privileged role workflows
• Ensure all in‑scope systems, applications, vendors, and integrations are protected by PAM controls
• Ensure availability, reliability, and security of PAM platforms and services
• Monitor PAM‑related alerts and logs using Microsoft Sentinel and Defender XDR
• Support investigation and response to incidents involving privileged account misuse or compromise
• Collaborate with Security Operations and MSSPs to enhance PAM monitoring and detection use cases
• Support periodic access reviews and privileged role attestations
• Maintain PAM documentation, standards, runbooks, and operational procedures
• Provide input to security policies, standards, and annual review processes under the guidance of IT and Security leadership
• Support audits and compliance reporting related to privileged access
• Integrate PAM controls with IAM, endpoint, cloud, SIEM, and application platforms
• Partner with application owners and business stakeholders to define privileged access roles and requirements
• Provide technical guidance and training to stakeholders on PAM processes and best practices
• Develop automation and scripting for PAM account management, reporting, and operational efficiency
• Track PAM KPIs and apply metric driven improvements to reduce risk and operational friction
• Evaluate emerging Microsoft security features and recommend roadmap enhancements