PAM Engineer

Job Description Description:RedMatter Solutions is seeking a PAM Engineer to lead the implementation and administration of enterprise Privileged Access Management (PAM) solutions supporting federal cybersecurity and Zero Trust initiatives. This role is responsible for securing privileged identities, enforcing least-privilege access, and integrating PAM capabilities across hybrid enterprise environments.Please note: This position is hybrid, with onsite support required for 3-days per week.Key Responsibilities:Lead the design, implementation, and ongoing administration of PAM solutions across cloud and on-premises environmentsDeploy and support enterprise PAM platforms such as CyberArk, BeyondTrust, or DelineaSecure privileged accounts including administrative, service, and shared accounts through credential vaulting, password rotation, and session monitoringImplement least-privilege and Just-In-Time (JIT) access workflows across enterprise systemsIntegrate PAM solutions with Entra ID, Active Directory, and other enterprise identity providersDesign and support privileged session management (PSM) and privileged threat analytics capabilitiesDevelop automation scripts and workflows using PowerShell or Python to streamline PAM administration and account lifecycle managementPerform access certifications, entitlement reviews, and audit reporting activities to support compliance requirementsCollaborate with Security Operations and Incident Response teams to monitor privileged activity and investigate anomalous behaviorTranslate stakeholder and operational requirements into scalable PAM configurations and processesSupport implementation of phishing-resistant authentication methods including certificate-based authentication and FIDO2Contribute to documentation efforts including System Security Plans (SSPs), control narratives, and ATO artifactsRequirements:Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field5+ years of experience in Identity and Access Management with at least 3 years focused on Privileged Access ManagementHands-on experience administering enterprise PAM platforms such as CyberArk, BeyondTrust, Delinea, or equivalent technologiesStrong understanding of least-privilege principles, Zero Trust architecture, and privileged access security best practicesExperience integrating PAM solutions with Entra ID, Active Directory, and SIEM platforms such as Microsoft Sentinel or SplunkProficiency in PowerShell or Python scripting for automation and administrationFamiliarity with NIST SP 800-53, FISMA, and federal identity security standardsKnowledge of federal compliance frameworks including FedRAMP and applicable CISA guidanceExperience supporting ATO activities and documenting PAM controls within SSPsRelevant certifications preferred (e.g., CyberArk Defender/Sentry, SC-300, CISSP, Security+, AZ-500)Ability to obtain a Public Trust clearanceU.S. citizenship required