Job Specifications
SC Cleared PAM Engineer Contract - 6 Months Rolling - Hybrid Wokingham/Reading - Inside IR35
We're seeking a skilled Privileged Access Management Engineer for a 6 month rolling contract starting ASAP. The role is hybrid (roughly 50/50 split) at a client site in the Reading area.
Key details:
Duration: 6 months initially, with rolling extensions
Start: ASAP
Inside IR35
Clearance: Active SC clearance is mandatory
This is a confidential, high impact security project in a secure environment. We can't share full client/project details upfront, but selected candidates will receive comprehensive information during the interview process.
The role involves designing, deploying, and managing Privileged Access Management (PAM) solutions to enforce least privilege, secure credential handling, and robust access controls across hybrid and cloud infrastructures.
What you'll do:
Design, deploy, and manage Privileged Access Management platforms (primarily CyberArk, with exposure to BeyondTrust, Delinea, or equivalents)
Implement and enforce least privilege models, credential rotation, vaulting, and just in time access
Monitor, audit, and review privileged sessions and activities for compliance and threat detection
Integrate PAM tools with SIEM, IAM systems, Active Directory/LDAP, and other security ecosystems
Develop automation scripts (PowerShell, Python) for onboarding, reporting, and operational efficiency
Conduct privilege audits, risk assessments, access reviews, and remediation planning
Collaborate closely with IT, DevOps, and security teams on integration and policy enforcement
Provide troubleshooting, technical support, and contribute to PAM related documentation/procedures
Keep abreast of evolving threats, industry standards, and best practices in privileged access security
Essential requirements:
Active SC clearance
Hands on experience in PAM engineering or related Cyber Security roles
Proficiency with leading PAM tools such as CyberArk, BeyondTrust, or Delinea (implementation, configuration, administration)
Strong knowledge of Active Directory, LDAP, authentication protocols, and credential management
Scripting/automation experience (PowerShell, Python, or similar)
Familiarity with cloud environments (AWS, Azure, GCP) and hybrid infrastructures
Understanding of compliance frameworks (e.g. ISO 27001, NIST, GDPR)
Relevant certifications advantageous (e.g. CyberArk Defender/Sentry, CISSP, CISM)
This is an excellent opportunity to apply your PAM expertise on meaningful, secure projects in a collaborative setting.
If this matches your profile and you're available (or know someone suitable), please send an updated CV along with your current availability ASAP and I'll call straight away.
Looking forward to hearing from you!
About the Company
CBSbutler is a multi-award winning recruitment firm specialising in technical appointments across global industries.
The company has won no less than 20 major business awards over the last decade and notably, ‘Best Engineering’ category in the ‘Recruiter Awards for Excellence’ on 6 separate occasions. The company has been consistently listed in the Recruiter Hot 100, together with Best Companies 3* rating for employee engagement. Moreover, the company ranked #24 in the 2016 Sunday Times ‘Best Small Companies to work for’...
Know more