Senior PAM Engineer: Secure Privileged Access (BeyondTrust)

We're building a world of health around every individual - shaping a more connected, convenient and compassionate health experience. At CVS Health, you'll be surrounded by passionate colleagues who care deeply, innovate with purpose, hold ourselves accountable and prioritize safety and quality in everything we do. Join us and be part of something bigger - helping to simplify health care one person, one family and one community at a time.Position SummaryThe Privileged Access Management (PAM) Security Engineer will play a critical role in safeguarding enterprise systems by designing, implementing, and maintaining secure access controls for privileged accounts. This role will focus on the deployment and operational support of PAM solutions-primarily BeyondTrust-across a diverse technology landscape including Active Directory, Windows, UNIX, MSSQL, Oracle, and cloud platforms (Azure, GCP, AWS). The engineer will collaborate with cross-functional teams to ensure compliance with enterprise security standards (e.g., ISTS, GRC), streamline credential management, and support automation of access provisioning and deprovisioning processes.Required Qualifications5+ years of experience in Identity and Access Management (IAM) with a focus on Privileged Access Management.3+ years of hands-on experience with BeyondTrust or similar PAM platforms (e.g., CyberArk, Thycotic).3+ years of experience with Active Directory, LDAP, and enterprise authentication protocols.3+ years of experience onboarding privileged accounts for infrastructure and applications (e.g., Oracle, Linux/Unix, MSSQL).Preferred QualificationsProven ability to troubleshoot access issues and manage policy updates in a complex environment.Familiarity with password rotation, vaulting, and service account onboarding processes.Excellent communication and documentation skills.Experience with API integrations for PAM automation and service account onboarding.Familiarity with IAM modernization tools such as SailPoint, Ping, or Neo4j.Prior involvement in enterprise-wide remediation or migration projects (BeyondTrust).CISSP, CISM, or other relevant security certifications.EducationBachelor's degree or equivalent experience (High School Diploma and 4 years relevant experience)Anticipated Weekly Hours40Time TypeFull timePay RangeThe typical pay range for this role is:$92,700.00 - $185,400.00This pay range represents the base hourly rate or base annual full-time salary for all positions in the job grade within which this position falls. The actual base salary offer will depend on a variety of factors including experience, education, geography and other relevant factors. This position is eligible for a CVS Health bonus, commission or short-term incentive program in addition to the base pay range listed above.Our people fuel our future. Our teams reflect the customers, patients, members and communities we serve and we are committed to fostering a workplace where every colleague feels valued and that they belong.Great benefits for great peopleWe take pride in our comprehensive and competitive mix of pay and benefits - investing in the physical, emotional and financial wellness of our colleagues and their families to help them be the healthiest they can be. In addition to our competitive wages, our great benefits include:Affordable medical plan options, a 401(k) plan (including matching company contributions), and an employee stock purchase planNo-cost programs for all colleagues including wellness screenings, tobacco cessation and weight management programs, confidential counseling and financial coaching.Benefit solutions that address the different needs and preferences of our colleagues including paid time off, flexible work schedules, family leave, dependent care resources, colleague assistance programs, tuition assistance, retiree medical access and many other benefits depending on eligibility.For more information, visit https://jobs.cvshealth.com/us/en/benefitsWe anticipate the application window for this opening will close on: 03/25/2026Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state and local laws.J-18808-Ljbffr