Job Specifications
"All candidates must be directly contracted by ASK Consulting on their payroll and cannot be subcontracted. We are unable to provide sponsorship at this moment".
Job Title: Privileged Access Management (PAM) Platform Sr Engineer
Location: Seattle, WA 98101 (HYBRID)
Duration: 6 months
Pay rate: $83.80/hr. - $97.30/hr. on W2
Job Description:
As a PAM Platform Engineer on Identity & Access Management team, you'll be a key technical specialist responsible for designing, implementing, and maintaining our enterprise-wide Privileged Access Management infrastructure. You'll lead the rollout and ongoing management of our privileged access solutions, including password management, endpoint privilege management, and session management capabilities across our retail technology ecosystem.
Join our cybersecurity team to drive enterprise-level PAM adoption while maintaining commitment to innovation, security excellence, and work-life balance.
A day in the life...
PAM Platform Leadership: Serve as the primary technical expert for privileged access management solutions, including architecture, deployment, configuration, and optimization of password vaults and endpoint privilege management systems
Enterprise PAM Implementation: Design and execute large-scale PAM deployments across Windows, macOS, and Linux environments, ensuring seamless integration with existing infrastructure
Policy Development & Management: Create and maintain privilege elevation policies, credential rotation schedules, access request workflows, and governance rules aligned with security and compliance requirements
Integration & Automation: Integrate PAM solutions with ITSM platforms, SIEM tools, vulnerability scanners, directory services, and other security infrastructure to create comprehensive privileged access workflows
Troubleshooting & Support: Provide expert-level technical support for PAM platform issues, performance optimization, privileged account onboarding, and user access requests
Security & Compliance: Ensure PAM implementations meet PCI DSS, and other requirements through proper audit trails, session recording and monitoring, and privileged account governance
Documentation & Training: Develop technical documentation, procedures, and training materials for internal teams and end users
Continuous Improvement: Monitor platform performance, evaluate new features, and implement best practices to enhance security posture and operational efficiency
You own this if you have...
Required Qualifications:
4-6+ years of hands-on experience implementing and managing enterprise PAM platforms such as CyberArk, BeyondTrust, Delinea (Thycotic) in large-scale environments
Vendor certifications in one or more major PAM platforms (CyberArk Certified Delivery Engineer, BeyondTrust Certified Implementation Engineer, Delinea certified professional, etc.) preferred
Deep expertise in privileged account discovery, credential management, password rotation, session management, and access request workflows using enterprise PAM solutions
Strong understanding of Windows Server administration, Active Directory, Group Policy, and PowerShell scripting
Experience with Linux/Unix system administration and shell scripting for cross-platform PAM deployments
Knowledge of networking fundamentals including protocols, ports, certificates, load balancing, and security hardening
Experience with cloud platforms (AWS, Azure) and containerization technologies (Docker, Kubernetes)
Understanding of identity and access protocols (SAML, OIDC, OAuth, SCIM, LDAP) and their integration with PAM solutions
Preferred Qualifications:
Experience with multiple PAM vendors and platform migration/integration projects
Knowledge of DevOps practices, CI/CD pipelines, and Infrastructure as Code (Terraform, Ansible)
Familiarity with ITSM integration (ServiceNow, Jira) for ticket-driven privileged access workflows
Experience with SIEM integration and security monitoring platforms (Splunk, QRadar, etc.)
Understanding of zero trust architecture and least privilege access principles
Experience with secrets management platforms (HashiCorp Vault, AWS Secrets Manager, Azure Key Vault)
Previous experience in retail technology environments or large-scale enterprise deployments
Industry certifications such as CISSP, CISM, or relevant cloud security certifications
Technical Skills:
PAM Platforms: Experience with major vendors (CyberArk Privileged Access Security, BeyondTrust Password Safe/EPM, Delinea Secret Server/Privilege Manager, Ping Identity PingOne Protect)
Operating Systems: Windows Server (2016/2019/2022), Windows 10/11, macOS, RHEL, Ubuntu, SUSE
Databases: SQL Server, MySQL, PostgreSQL, Oracle for PAM backend configuration
Virtualization: VMware vSphere, Hyper-V, cloud-based virtual machines
Scripting: PowerShell, Bash, Python for automation and integration tasks
Security Tools: Integration experience with vulnerability scanners, endpoint detection tools, and identity governance platforms
Ab