PAM Engineer

About

RedMatter Solutions is seeking a PAM Engineer to lead the implementation and administration of enterprise Privileged Access Management (PAM) solutions supporting federal cybersecurity and Zero Trust initiatives. This role is responsible for securing privileged identities, enforcing least-privilege access, and integrating PAM capabilities across hybrid enterprise environments.

Please note: This position is hybrid, with onsite support required for 3-days per week.

Key Responsibilities

• Lead the design, implementation, and ongoing administration of PAM solutions across cloud and on-premises environments
• Deploy and support enterprise PAM platforms such as CyberArk, BeyondTrust, or Delinea
• Secure privileged accounts including administrative, service, and shared accounts through credential vaulting, password rotation, and session monitoring
• Implement least-privilege and Just-In-Time (JIT) access workflows across enterprise systems
• Integrate PAM solutions with Entra ID, Active Directory, and other enterprise identity providers
• Design and support privileged session management (PSM) and privileged threat analytics capabilities
• Develop automation scripts and workflows using PowerShell or Python to streamline PAM administration and account lifecycle management
• Perform access certifications, entitlement reviews, and audit reporting activities to support compliance requirements
• Collaborate with Security Operations and Incident Response teams to monitor privileged activity and investigate anomalous behavior
• Translate stakeholder and operational requirements into scalable PAM configurations and processes
• Support implementation of phishing-resistant authentication methods including certificate-based authentication and FIDO2
• Contribute to documentation efforts including System Security Plans (SSPs), control narratives, and ATO artifacts

Requirements

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field
• 5+ years of experience in Identity and Access Management with at least 3 years focused on Privileged Access Management
• Hands-on experience administering enterprise PAM platforms such as CyberArk, BeyondTrust, Delinea, or equivalent technologies
• Strong understanding of least-privilege principles, Zero Trust architecture, and privileged access security best practices
• Experience integrating PAM solutions with Entra ID, Active Directory, and SIEM platforms such as Microsoft Sentinel or Splunk
• Proficiency in PowerShell or Python scripting for automation and administration
• Familiarity with NIST SP 800-53, FISMA, and federal identity security standards
• Knowledge of federal compliance frameworks including FedRAMP and applicable CISA guidance
• Experience supporting ATO activities and documenting PAM controls within SSPs
• Relevant certifications preferred (e.g., CyberArk Defender/Sentry, SC-300, CISSP, Security+, AZ-500)
• Ability to obtain a Public Trust clearance
• U.S. citizenship required