About The Position

The PAM Engineer will support USCIS privileged access management modernization, CyberArk/vaulting, secrets management, privileged session controls, least privilege, Zero Trust, just-in-time access, privileged account discovery, and privileged access governance across cloud, hybrid, and on-prem environments. This role requires hands-on privileged access experience, preferably with CyberArk and federal enterprise environments.

Requirements

  • Experience implementing or operating PAM solutions.
  • Experience with privileged accounts, privileged session management, secrets management, and credential vaulting.
  • Experience with CyberArk or comparable PAM platform.
  • Experience with least privilege, privileged account discovery, account ownership, and lifecycle governance.
  • Ability to support cloud, hybrid, and on-prem privileged access use cases.
  • Ability to obtain favorable EOD / suitability and maintain required USCIS access.
  • U.S. citizenship likely required for DHS IT access unless waiver is granted — confirm before final posting.

Nice To Haves

  • CyberArk PAS Vault experience.
  • Experience supporting PAM adoption across many application teams.
  • Experience with PIV SSO for privileged access.
  • Experience with AD tiering, LDAP, CDM, STIGs, hardened containers, and FISMA dashboards.
  • Experience supporting DevOps secrets management and container platform integrations.
  • Prior DHS, USCIS, or federal Zero Trust/PAM experience.

Responsibilities

  • Implement and support NIST-aligned least privilege practices.
  • Support Just-in-Time provisioning for privileged access.
  • Support privileged session management, privilege elevation, delegation management, and lifecycle management.
  • Support enterprise secrets management use cases and integration with back-end vault platforms.
  • Discover, classify, manage, and govern privileged accounts across systems and applications.
  • Identify owners and usage patterns for privileged human and non-human accounts.
  • Implement RBAC and ABAC for privileged accounts.
  • Support PIV-based SSO for privileged access to prevent credential exposure.
  • Register applications for PAM across multiple environments.
  • Randomize, manage, and vault passwords, keys, and other credentials for administrative, service, and application accounts.
  • Broker credentials to applications, databases, services, network devices, operating systems, and other systems.
  • Coordinate vulnerability remediation with security teams.
  • Support STIG configurations and hardened container images.
  • Monitor, record, audit, and analyze privileged sessions and actions.
  • Develop security audit dashboards and support FISMA/compliance data pulls.
  • Support Active Directory tiering and permission improvements.

Benefits

  • great benefits package
  • excellent training and career development opportunities
  • flexible work schedules
  • generous compensation package
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service