Systems Engineer II - PAM

About The Position

Requirements

• Bachelor’s degree or equivalent experience.
• 3–5 years of experience in IAM, Security Engineering, or Infrastructure Security.
• Hands-on experience with one or more: PAM platforms (Delinea, CyberArk, etc.) Secrets management tools (Vault, Secret Server) AWS IAM Enterprise PKI / certificate management
• Experience administering Active Directory service accounts.
• Working knowledge of: RBAC and least privilege principles JIT access concepts Service/workload identity security
• Scripting experience (PowerShell, Python, or Bash).
• Familiarity with REST APIs and automation tooling.
• Network troubleshooting knowledge (TCP/IP, DNS, firewall rules).
• Experience in regulated environments (PCI preferred).
• Strong troubleshooting and documentation skills.
• Ability to deliver in a fast-paced environment.
• Excellent interpersonal skills and highly customer oriented.
• Excellent written and verbal communication skills.
• Background and drug screen.

Nice To Haves

• Hands-on experience with best-in-class platforms used in managing privileged session management and credential rotation.
• Experience implementing or supporting enterprise security vaults (dynamic secrets, workload identity, policy configuration).
• Experience engineering AWS IAM environments, including role-based access, cross-account trust, and least-privilege policy design.
• Experience eliminating long-lived access keys and transitioning workloads to role-based or federated authentication.
• Experience with Certificate Management platforms, enterprise PKI, or automated certificate lifecycle management platforms.
• Familiarity with service account governance and non-human identity lifecycle controls within an IGA platform.
• Exposure to DevSecOps practices, including embedding secrets management and certificate automation into CI/CD pipelines.
• Experience working in regulated environments (PCI, SOX, NIST, ISO) with audit evidence support responsibilities.
• Relevant technical certifications (e.g., AWS Security Specialty, HashiCorp Vault Associate, Delinea Engineer, or similar).

Responsibilities

• Engineer, implement, and support Privileged Access Management (PAM) solutions including vaulting, session control, and Just-In-Time (JIT) privileged access.
• Administer and maintain secrets management platforms including credential onboarding, vault configuration, and automated password/secret rotation.
• Support lifecycle management of non-human identities (service and workload accounts) including provisioning, governance, ownership validation, and deprovisioning.
• Support enterprise certificate lifecycle management including issuance, renewal, revocation, and automation via approved platforms.
• Participate in the design, testing, and implementation of automation workflows related to privileged identity and certificate management.
• Provide operational support including system configuration, troubleshooting, incident response, and participation in 24x7 on-call rotation.
• Produce reporting and analytics related to privileged access, secrets rotation posture, certificate health, and non-human identity governance.
• Maintain technical documentation, policies, configuration standards, and operational runbooks to ensure secure and consistent platform management.
• Collaborate with Security, Infrastructure, Cloud, DevOps, Audit, and external partners to resolve issues, support compliance requirements (e.g., PCI), and protect the integrity and confidentiality of systems and data.

Benefits

• Competitive medical (PPO/HDHP), dental, and vision plans
• Company contributions to your Health Savings Account (HSA)
• Pre-tax savings through flexible spending accounts (FSA) for commuting, health & dependent care expenses.
• 100% Company Safe Harbor Match on your first 6% deferral immediately upon eligibility for 401(k) Retirement Plan
• Flexible Time Off for Exempt (salaried) employees
• Generous PTO for Non-Exempt (hourly) employees
• 11 paid company holidays
• Paid volunteer day
• 12 weeks of Paid Parental Leave
• Maven Family Planning support (egg freezing, fertility, adoption, surrogacy, pregnancy, postpartum, early pediatrics, and returning to work)