Job Description

Job Description:

Role Overview:
The PAM Optimization Engineer will be responsible for enhancing and maintaining Privileged Access Management (PAM) capabilities across cloud landing zones, ensuring secure access, compliance, and operational efficiency. This role focuses on optimizing PAM processes for local account management, enabling IDP based authentication virtual workloads, managing machine identities, and integrating with identity governance platforms.

Key Responsibilities:
• Local Account Management & Optimization:
o Discover and report existing local accounts on Windows and Linux VMs.
o Implement controls to track and manage local accounts effectively.
o Enable IDP based authentication for Windows and Linux systems via Entra ID integration.
o Implement interactive session recording through bastion hosts.
• PAM Image Management
o Work with PAM platform-specific images to ensure compliance and security standards.

• Machine Identity Management:
o Discover and manage machine identities (robot accounts).
o Implement conditional access policies for machine identities.
o Establish lifecycle management processes and report identity data back to SailPoint.
• Integration & Reporting
o Ensure PAM processes integrate seamlessly with identity governance and compliance tools.
o Provide regular reporting on local accounts, machine identities, and PAM optimization metrics.

Required Skills & Qualifications:
• Strong experience with PAM solutions and optimization.
• A track record of working with EntraID Governance, PIM and Access Packages.
• Expertise in Windows/Linux administration and IDP configuration (Entra ID).
• Knowledge of identity governance platforms (e.g., SailPoint).
• Familiarity with bastion host configurations for session recording.
• Scripting skills (PowerShell, Python, Bash) for automation and reporting.
• Understanding of conditional access and lifecycle management for machine identities.
Preferred Certifications
• Microsoft Entra ID or Azure AD certifications.
• Identity governance certifications (SailPoint).

Apply