Privileged Access Management (PAM) Engineer
Position Overview
We are growing! GuidePoint Security is hiring a PAM Engineer to join our implementation team on a full-time basis. This is a fully remote role where we are looking for relevant experience with Delinea/Thycotic, CyberArk or BeyondTrust.
The Privileged Access Management (PAM) Engineer is responsible for designing, deploying, administering, and optimizing enterprise-grade PAM solutions with a primary focus on Delinea Secret Server, CyberArk Privileged Cloud, and modern PAM practices. This role ensures secure management of privileged accounts, service accounts, credentials, secrets, and high-risk access workflows across the organization. The engineer will work closely with security, infrastructure, DevOps, and application teams to implement and maintain advanced PAM controls and best practices.
Key Responsibilities
Deploy, configure, manage, and support Delinea Secret Server (On-Prem/Cloud) and CyberArk Privileged-Cloud environments.
Manage vaulting, onboarding, and lifecycle governance for privileged, shared, and service accounts.
Maintain password rotation policies, session management, access workflows, and security controls.
Implement and oversee privileged session monitoring, session recording, and behavioral alerts.
Ensure adherence to least-privilege and Zero-Trust principles for all privileged identities.
Modern PAM & Non-Human Identity Management (NHIM)
Support modern PAM capabilities such as:
Just-in-Time (JIT) privilege elevation
Ephemeral and dynamic credentials
Secrets management APIs / integrations
Cloud-native privileged access management
Credential discovery, scanning, and risk classification
Hybrid identity governance for machine accounts
Assist in building automated credential workflows for CI/CD pipelines and DevOps systems.
Technical Implementation & Engineering
Integrate PAM platforms with AD/LDAP, Azure AD, SSO/IDP, SIEM, MFA, ticketing systems, and cloud services (AWS/Azure/GCP).
Onboard new systems, servers, applications, databases, and network devices to Delinea and CyberArk.
Configure connectors, distributed engines, secrets management API endpoints, and credential plugins.
Develop automation for onboarding, rotation, and monitoring using PowerShell, Python, or REST APIs.
Minimum Qualifications
Bachelor’s degree in Computer Science, Information Security, or related field — or equivalent work experience.
3-5+ years of experience in Privileged Access Management engineering or Consulting
Hands-on experience with Delinea Secret Server (on-prem or cloud) including password rotation, connectors, RBAC, and auditing.
Experience in implementing CyberArk Privileged Cloud (or CyberArk CorePAS)
Strong understanding of privileged account governance, password rotation, service account automation, and session management.
Experience with Windows/Linux server administration and Active Directory.
Familiarity with scripting (PowerShell, Python) and REST APIs.
Knowledge of common security frameworks and access control principles.
Preferred Qualifications
3-5 years of IT Professional services and consulting experience
Professional certifications such as:
Delinea Certified Engineer
CyberArk Defender / CyberArk Sentry / Guardian
CISSP, CISM, Security+, CCSP, or similar
Exposure to modern PAM capabilities:
Ephemeral access
Credential-less access
Cloud secrets management
Certificate lifecycle management
Experience integrating PAM with DevOps pipelines (Jenkins, GitHub, Azure DevOps, GitLab).
Background in cloud security for AWS, Azure, and/or GCP.
Experience in NHIM/Machine Identity Governance tools.
Ability to design PAM architectures and drive enterprise-wide PAM programs.
The Team
Coming to the PAM team means working on the leading edge in the PAM space. As a PAM Engineer, you will be partnering with other engineers and architects to help some of the largest companies in the US implement their own PAM programs. From participating in assessments to full delivery of a PAM platform, you can expect to be involved at all levels of interaction with our customers. Your leadership and expertise are critical to providing our customers with the guidance they need, and the excellence they expect from GuidePoint Security.
We partner with the largest vendors in the space to ensure that the latest training is always available to our team. High level communication and collaboration are the standard. Mentorship at all levels, from Senior Architects to Junior Engineers, is foundational to our culture. We don’t just talk about work life balance; we facilitate it with a flexible time off (FTO) benefit.
We understand that in order to retain our talented team, leadership must provide regular feedback and coaching. We recruit new members to the team with the understanding that opportunities for growth are important. Whether your goals include future leadership opportunities, becoming an Architect or even moving to another discipline within security in time, the leadership team is focused on partnering with you to help achieve them.
Privileged Access Management (PAM) Engineer
Position Overview
We are growing! GuidePoint Security is hiring a PAM Engineer to join our implementation team on a full-time basis. This is a fully remote role where we are looking for relevant experience with Delinea/Thycotic, CyberArk or BeyondTrust.
The Privileged Access Management (PAM) Engineer is responsible for designing, deploying, administering, and optimizing enterprise-grade PAM solutions with a primary focus on Delinea Secret Server, CyberArk Privileged Cloud, and modern PAM practices. This role ensures secure management of privileged accounts, service accounts, credentials, secrets, and high-risk access workflows across the organization. The engineer will work closely with security, infrastructure, DevOps, and application teams to implement and maintain advanced PAM controls and best practices.
Key Responsibilities
Deploy, configure, manage, and support Delinea Secret Server (On-Prem/Cloud) and CyberArk Privileged-Cloud environments.
Manage vaulting, onboarding, and lifecycle governance for privileged, shared, and service accounts.
Maintain password rotation policies, session management, access workflows, and security controls.
Implement and oversee privileged session monitoring, session recording, and behavioral alerts.
Ensure adherence to least-privilege and Zero-Trust principles for all privileged identities.
Modern PAM & Non-Human Identity Management (NHIM)
Support modern PAM capabilities such as:
Just-in-Time (JIT) privilege elevation
Ephemeral and dynamic credentials
Secrets management APIs / integrations
Cloud-native privileged access management
Credential discovery, scanning, and risk classification
Hybrid identity governance for machine accounts
Assist in building automated credential workflows for CI/CD pipelines and DevOps systems.
Technical Implementation & Engineering
Integrate PAM platforms with AD/LDAP, Azure AD, SSO/IDP, SIEM, MFA, ticketing systems, and cloud services (AWS/Azure/GCP).
Onboard new systems, servers, applications, databases, and network devices to Delinea and CyberArk.
Configure connectors, distributed engines, secrets management API endpoints, and credential plugins.
Develop automation for onboarding, rotation, and monitoring using PowerShell, Python, or REST APIs.
Minimum Qualifications
Bachelor’s degree in Computer Science, Information Security, or related field — or equivalent work experience.
3-5+ years of experience in Privileged Access Management engineering or Consulting
Hands-on experience with Delinea Secret Server (on-prem or cloud) including password rotation, connectors, RBAC, and auditing.
Experience in implementing CyberArk Privileged Cloud (or CyberArk CorePAS)
Strong understanding of privileged account governance, password rotation, service account automation, and session management.
Experience with Windows/Linux server administration and Active Directory.
Familiarity with scripting (PowerShell, Python) and REST APIs.
Knowledge of common security frameworks and access control principles.
Preferred Qualifications
3-5 years of IT Professional services and consulting experience
Professional certifications such as:
Delinea Certified Engineer
CyberArk Defender / CyberArk Sentry / Guardian
CISSP, CISM, Security+, CCSP, or similar
Exposure to modern PAM capabilities:
Ephemeral access
Credential-less access
Cloud secrets management
Certificate lifecycle management
Experience integrating PAM with DevOps pipelines (Jenkins, GitHub, Azure DevOps, GitLab).
Background in cloud security for AWS, Azure, and/or GCP.
Experience in NHIM/Machine Identity Governance tools.
Ability to design PAM architectures and drive enterprise-wide PAM programs.
The Team
Coming to the PAM team means working on the leading edge in the PAM space. As a PAM Engineer, you will be partnering with other engineers and architects to help some of the largest companies in the US implement their own PAM programs. From participating in assessments to full delivery of a PAM platform, you can expect to be involved at all levels of interaction with our customers. Your leadership and expertise are critical to providing our customers with the guidance they need, and the excellence they expect from GuidePoint Security.
We partner with the largest vendors in the space to ensure that the latest training is always available to our team. High level communication and collaboration are the standard. Mentorship at all levels, from Senior Architects to Junior Engineers, is foundational to our culture. We don’t just talk about work life balance; we facilitate it with a flexible time off (FTO) benefit.
We understand that in order to retain our talented team, leadership must provide regular feedback and coaching. We recruit new members to the team with the understanding that opportunities for growth are important. Whether your goals include future leadership opportunities, becoming an Architect or even moving to another discipline within security in time, the leadership team is focused on partnering with you to help achieve them.