Job Title: Lead PAM (Privileged Access Management) Engineer
Location: Bury
Job Type: Full-Time
Job Description:
We are seeking a skilled and experienced Privileged Access Management (PAM) Engineer to deliver best-in-class design, implementation and management of our PAM solutions in a large-scale, fast-paced retail environment.
You will be joining the Identity & Access Management (IAM) team reporting to the Head of IAM, all of which is part of our growing Information Security function.
This role requires deep CyberArk expertise (both on-prem and cloud), strong operational knowledge and the ability to work effectively across security, infrastructure and DevOps teams.
Key Responsibilities:
Design, deploy and manage CyberArk Privilege Cloud, including secure onboarding of privileged accounts, credential rotation policies and session monitoring.
Support hybrid environments by integrating Privilege Cloud with on-prem infrastructure and identity sources ( Active Directory)
Collaborate with internal colleagues and teams to maintain optimal configuration, availability and performance.
Engineering, support and maintenance of other CyberArk components such as PSM, CPMs, HTML5 gateways and PTA in hybrid and legacy environments.
Implement PAM controls in alignment with internal security standards, and data protection policies relevant to the retail sector
Participate in security reviews and support audit-related activities related to privileged account governance
Leverage CyberArk REST APIs and other automation frameworks to enable automated onboarding, reporting and policy enforcement
Provide integration support across ITSM ticket systems, SIEMs and CI/CD pipelines to ensure secure DevOps practices.
Perform regular health checks, maintenance and upgrades, and incident resolution for CyberArk platforms
Provide level 2/3 support for CyberArk-related issues and respond to alerts generated by Privilege Cloud, or threat analytics tools.
Document architecture, procedures and incident response playbooks.
Work with Technology, Security and Application teams to understand privileged access needs across the organisation’s systems and cloud environments
Educate internal teams on best practices for using CyberArk Privilege Cloud securely and efficiently.
Skills & Experience:
Proven hands-on experience with CyberArk in hybrid environments
Demonstrable experience of having performed the role of PAM Engineer
Solid understanding of Active Directory, Windows/Linux systems, and cloud platforms (AWS, Azure, GCP)
Experience with automation/scripting (Powershell, Ansible, Python) and CyberArk’s REST APIs
Excellent problem-solving skills and attention to detail
Strong written and verbal communication and collaboration skills
Detail-oriented with a strong security mindset and ability to think proactively.
Nice to have:
Hands-on experience with CyberArk Conjur or CyberArk Secrets Manager (or similar Secrets Management solutions, Hashicorp Vault)
Preferred Qualifications :
CyberArk Certified Defender (or better)
Security certifications such as CISSP, CISM or CCSP are a plus.
Knowledge of security frameworks, regulatory requirements and compliance standards ( NIST, PCI DSS, GDPR).
Read Less
