Privileged Access Management Engineer

Cognizant•Somerset, NJ

About The Position

This role is responsible for managing and optimizing our cloud security tooling and ensuring robust cloud security operations across IaaS, PaaS, and SaaS environments. The role will involve triaging and managing cloud security issues alongside providing expert consultancy to the business on cloud security risks and driving remediation efforts. Additionally, this role involves developing automation scripts, generating actionable security reports, and enabling data-driven insights through analytics and BI tools. Please note, this role is not able to offer visa transfer or sponsorship now or in the future

Requirements

Hands-on experience with BeyondTrust PWS, BeyondTrust PRA, and HashiCorp Vault
Strong troubleshooting and enterprise integration experience.

Responsibilities

BeyondTrust Password Safe (PWS): Administer managed accounts/systems, asset discovery, smart rules, password rotation, and check-in/check-out workflows for privileged credentials (service/functional/local admin/app accounts).
PWS Governance & Control: Configure access approvals (request/release), ISA/user permissions, delegation models, dual control/password randomization, and auditing/reporting/alerting.
PWS Operations: Troubleshoot rotation failures, account lockouts, and credential sync issues; enable/maintain API-based integrations for automated credential retrieval.
BeyondTrust Privileged Remote Access (PRA): Administer PRA appliances (site/gateway policies), jump technology (jump clients/points), and protocol tunneling (RDP/SSH/VNC/HTTPS/Telnet).
Session Security & Monitoring: Implement RBAC/smart groups, session recording, command/keystroke logging, and vendor/JIT access workflows with time-bound controls.
Platform Integrations: Maintain PRA↔PWS session injection; integrate with ticketing (e.g., ServiceNow/Jira), CMDB, and enterprise authentication (LDAP/RADIUS/SAML/OIDC).
HashiCorp Vault: Administer secrets engines, auth methods, policies/namespaces, dynamic secrets (DB/cloud/SSH/apps), transit encryption, leases, and agent-based injection.
Resilience & Platform Engineering: Deliver HA/clustering, DR/backup, upgrades/patching, performance tuning, certificate (TLS) management, storage/seal/unseal procedures, and technology refresh/migrations.
Automation & Scripting: Build/maintain PowerShell + Python automation using REST APIs/SDKs; implement Git-based version control, documentation, health checks, and automated reporting/metrics.
Security & Compliance: Enforce least privilege/zero trust; support audits (SOX/PCI/ISO/NIST, etc.), access reviews, SIEM/syslog logging, incident response, and continuous control improvement.