Privileged Access Management (PAM) Engineer (Remote in the US)

GuidePoint Security provides trusted cybersecurity expertise, solutions and services that help organizations make better decisions and minimize risk. By taking a three-tiered, holistic approach for evaluating security posture and ecosystems, GuidePoint enables some of the nation’s top organizations, such as Fortune 500 companies and U.S. government agencies, to identify threats, optimize resources and integrate best-fit solutions that mitigate risk.

Position Overview

We are growing! GuidePoint Security is hiring a PAM Engineer to join our implementation team on a full-time basis. This is a fully remote role where we are looking for relevant experience with Delinea/Thycotic, CyberArk or BeyondTrust. CyberArk HIGHLY preferred.

The Privileged Access Management (PAM) Engineer is responsible for designing, deploying, administering, and optimizing enterprise-grade PAM solutions with a primary focus on Delinea Secret Server, CyberArk Privileged Cloud, and modern PAM practices. This role ensures secure management of privileged accounts, service accounts, credentials, secrets, and high-risk access workflows across the organization. The engineer will work closely with security, infrastructure, DevOps, and application teams to implement and maintain advanced PAM controls and best practices.

Key Responsibilities

• Deploy, configure, manage, and support Delinea Secret Server (On-Prem/Cloud) and CyberArk Privileged-Cloud environments.
• Manage vaulting, onboarding, and lifecycle governance for privileged, shared, and service accounts.
• Maintain password rotation policies, session management, access workflows, and security controls.
• Implement and oversee privileged session monitoring, session recording, and behavioral alerts.
• Ensure adherence to least-privilege and Zero-Trust principles for all privileged identities.

Modern PAM & Non-Human Identity Management (NHIM)

• Support modern PAM capabilities such as:
• Just-in-Time (JIT) privilege elevation
• Ephemeral and dynamic credentials
• Secrets management APIs / integrations
• Cloud-native privileged access management
• Credential discovery, scanning, and risk classification
• Hybrid identity governance for machine accounts
• Assist in building automated credential workflows for CI/CD pipelines and DevOps systems.

Technical Implementation & Engineering

• Integrate PAM platforms with AD/LDAP, Azure AD, SSO/IDP, SIEM, MFA, ticketing systems, and cloud services (AWS/Azure/GCP).
• Onboard new systems, servers, applications, databases, and network devices to Delinea and CyberArk.
• Configure connectors, distributed engines, secrets management API endpoints, and credential plugins.
• Develop automation for onboarding, rotation, and monitoring using PowerShell, Python, or REST APIs.

Minimum Qualifications

• Bachelor’s degree in Computer Science, Information Security, or related field — or equivalent work experience.
• 3-5+ years of experience in Privileged Access Management engineering or Consulting
• Hands-on experience with Delinea Secret Server (on-prem or cloud) including password rotation, connectors, RBAC, and auditing.
• Experience in implementing CyberArk Privileged Cloud (or CyberArk CorePAS)
• Strong understanding of privileged account governance, password rotation, service account automation, and session management.
• Experience with Windows/Linux server administration and Active Directory.
• Familiarity with scripting (PowerShell, Python) and REST APIs.
• Knowledge of common security frameworks and access control principles.

Preferred Qualifications

• 3-5 years of IT Professional services and consulting experience
• Professional certifications such as:
• Delinea Certified Engineer
• CyberArk Defender / CyberArk Sentry / Guardian
• CISSP, CISM, Security+, CCSP, or similar
• Exposure to modern PAM capabilities:
• Ephemeral access
• Credential-less access
• Cloud secrets management
• Certificate lifecycle management
• Experience integrating PAM with DevOps pipelines (Jenkins, GitHub, Azure DevOps, GitLab).
• Background in cloud security for AWS, Azure, and/or GCP.
• Experience in NHIM/Machine Identity Governance tools.
• Ability to design PAM architectures and drive enterprise-wide PAM programs.

The Team

Coming to the PAM team means working on the leading edge in the PAM space. As a PAM Engineer, you will be partnering with other engineers and architects to help some of the largest companies in the US implement their own PAM programs. From participating in assessments to full delivery of a PAM platform, you can expect to be involved at all levels of interaction with our customers. Your leadership and expertise are critical to providing our customers with the guidance they need, and the excellence they expect from GuidePoint Security.

We partner with the largest vendors in the space to ensure that the latest training is always available to our team. High level communication and collaboration are the standard. Mentorship at all levels, from Senior Architects to Junior Engineers, is foundational to our culture. We don’t just talk about work life balance; we facilitate it with an unlimited PTO benefit.

We understand that in order to retain our talented team, leadership must provide regular feedback and coaching. We recruit new members to the team with the understanding that opportunities for growth are important. Whether your goals include future leadership opportunities, becoming an Architect or even moving to another discipline within security in time, the leadership team is focused on partnering with you to help achieve them.