Job Description

IMPORTANT NOTES (Read Carefully) NO C2C / NO 1099 W2 ONLY (Direct Hire through Vendor) LOCAL NYC / Tri-State candidates only Candidate must work onsite first month without exception

Role Overview
We are seeking an experienced Privileged Access Management (PAM) Engineer to strengthen enterprise identity security across Active Directory, Entra ID, Linux, and multi-cloud environments (Azure, AWS, Google Cloud Platform) . This role focuses on vaulting, endpoint privilege management, identity hygiene, and zero-trust security architecture . You will design and enforce least-privilege access, eliminate standing admin rights, and integrate PAM controls across hybrid and cloud platforms.

Key Responsibilities

• Privileged Identity Security Administer enterprise PAM vaulting platforms across AD, Entra ID, Linux, Azure, AWS, and Google Cloud Platform
• Implement credential rotation and vaulting for admins, service accounts, and cloud root accounts
• Enforce Just-In-Time (JIT), approval-based privileged access
• Endpoint Privilege Management Implement least-privilege controls for Windows, Linux, and macOS
• Replace standing admin access with controlled privilege elevation
• Apply application control to reduce ransomware and malware risks
• Identity Hygiene & Hardening Clean up unauthorized local admin accounts
• Monitor stale identities, excessive permissions, and privileged roles
• Implement ITDR (Identity Threat Detection & Response) practices
• Security Architecture Support Zero Trust initiatives
• Align PAM controls with NIST and enterprise security standards
• Drive MFA, passwordless authentication, and SSO adoption
• Cloud Identity & IAM Manage Azure AD (Entra ID), AWS IAM, and Google Cloud Platform IAM privileged roles
• Integrate cloud identities with PAM vaulting and session monitoring
• Governance & Documentation Maintain runbooks, diagrams, and operational documentation
• Support audit, compliance, and risk teams with reporting

Required Qualifications
10+ years in IAM / PAM / Security Engineering Hands-on experience with AD, Entra ID, Linux Strong PAM vaulting & endpoint privilege management expertise Experience with MFA, SSO, Kerberos, certificate-based auth Knowledge of Zero Trust, NIST, ITDR, CIS controls Scripting: PowerShell / Python / Bash / Terraform Excellent documentation and communication skills

Preferred Qualifications
Multi-cloud PAM experience (Azure, AWS, Google Cloud Platform) Entra ID PIM & Conditional Access CI/CD or ITSM integration with PAM tools Certifications (CyberArk, CISSP, CISM, CCSP, Azure/AWS Security)

Why This Role?
If you enjoy locking down privileged access , reducing attack surface, and driving enterprise-grade identity security - this is your seat at the table.

For applications and inquiries, contact: hirings@openkyber.com

Job Tags

Similar Jobs