PAM Engineer

A Privileged Access Management (PAM) Engineer is responsible for managing and securing the privileged accounts and credentials within HP. The role is crucial in ensuring that these accounts are protected and that access to sensitive information is tightly controlled. 

Key Responsibilities: 

• PAM Solution Design and Implementation: 

• Design, deploy, and configure PAM solutions that protect privileged accounts and credentials. 

• Integrate PAM tools with existing IT infrastructure and applications. 

• Ensure that the PAM solution meets security and compliance requirements. 

• Access Management: 

• Manage and monitor privileged access to critical systems and applications. 

• Automate the provisioning and de-provisioning of privileged accounts. 

• Security and Compliance: 

• Ensure that all privileged accounts comply with internal policies and external regulations. 

• Conduct regular audits and reviews of privileged accounts and access controls. 

• Monitor for and respond to security incidents involving privileged accounts. 

• Monitoring and Reporting: 

• Implement monitoring and alerting for suspicious or unauthorized access attempts. 

• Generate reports on PAM activities, including access logs and audit trails. 

• Analyze trends and provide insights to improve the security of privileged accounts. 

• Incident Response: 

• Investigate and respond to security incidents involving privileged accounts. 

• Work with the cybersecurity team to mitigate risks and prevent future incidents. 

• Perform forensic analysis when necessary to understand the scope and impact of security breaches. 

• User Training and Support: 

• Provide training to end-users and administrators on the proper use of PAM tools and best practices. 

• Offer technical support for issues related to PAM solutions. 

• Create and maintain documentation related to PAM processes and procedures. 

• Continuous Improvement: 

• Stay up-to-date with the latest trends, technologies, and best practices in PAM and cybersecurity. 

• Continuously assess and improve the organization’s PAM processes and tools. 

• Collaborate with other IT and security teams to enhance overall security posture. 

• Technical Expertise: 

• Strong knowledge of PAM solutions such as CyberArk, BeyondTrust, Thycotic, or equivalent tools. 

• Understanding of identity and access management (IAM) principles and practices. 

• Familiarity with security frameworks and compliance standards (e.g., NIST, ISO 27001, PCI DSS). 

• Security Knowledge: 

• In-depth understanding of cybersecurity threats and how they relate to privileged access. 

• Experience with security monitoring, incident response, and forensic analysis. 

• Analytical Skills: 

• Ability to analyze security data and logs to identify patterns, trends, and anomalies. 

• Strong problem-solving skills and the ability to respond to security incidents effectively. 

• Communication and Collaboration: 

• Excellent communication skills to convey complex security concepts . 

• Ability to work collaboratively with other IT and security teams. 

• Experience: 

• Several years of experience in cybersecurity, with a focus on PAM, IAM, or similar fields. 

• Experience in implementing and managing PAM solutions in an enterprise environment. 

• Certifications: 

• Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or specific PAM certifications (e.g., CyberArk Certified Trustee). 

Minimum Requirements/Qualifications: 

• Bachelors Degree in Information Technology or related field. 

• 5+ years in Information Technology 

• 2+ years of experience in implementing IAM products  

• Understanding of IAM standards like RBAC, SCIM, SAML, OAuth, OpenID Connect 

• Programming languages: Java or PowerShell & SQL, Computer networking, OS fundamentals (Windows/UNIX/Linux) 

• Strong communication skills to articulate technically complex issues to non-IAM teams 

• Knowledge of agile development methodologies and DevOps tools for continuous deployments