Privileged Access Management (PAM) Engineer
InterSources
Title: Privileged Access Management (PAM) Engineer
Location: NYC NY
On-site/Remote/Hybrid: Hybrid 3 days onsite/2 days remote.
Duration: 12 Months
Total Work Hours: 37.5 Hours
Interview Process: 1-2 Rounds
NOTE: **PLEASE NOTE THIS POSITION WILL ALLOW CONSULTANT TO WORK A HYBRID REMOTE SCHEDULE.
UPON START DATE CONSULTANT WILL BE REQUIRED TO WORK FIRST MONTH FULLY ONSITE. ONCE WORK CAPABILITY IS ESTABLISHED, CONSULTANT WILL BE ALLOWED TO WORK A HYBRID REMOTE SCHEDULE CONSISTING OF 3 DAYS ONSITE/ 2 DAYS REMOTE. ASLO HOURS PER WEEK IS 37.5 NO OVERTIME**
Position Summary:
Role Overview
We are seeking a skilled Privileged Access Management (PAM) Engineer to join our cybersecurity team. This role will focus on securing privileged identities across Active Directory (AD), Entra ID, Linux, and major cloud platforms (Azure, AWS, and GCP). The PAM Engineer will design, implement, and maintain controls that ensure administrators and endpoints only have the access they need-at the right time and with the least privilege possible.
The ideal candidate will have strong expertise in vaulting platforms, endpoint privilege management, and zero-trust principles, with a proven track record of reducing attack surfaces and improving identity hygiene.
KEY RESPONSIBILITIES Privileged Identity Security
- Administer and enhance the corporate vaulting platform to manage privileged credentials across AD, Entra, Linux, and cloud platforms (Azure, AWS, GCP).
- Implement credential randomization for local/built-in administrator accounts, service accounts, and cloud root/admin accounts.
- Ensure time-bound, approval-based access for administrators following least privilege and just-in-time (JIT) principles.
Endpoint Privilege Management
- Implement and maintain endpoint least-privilege policies across Windows, Linux, and macOS environments.
- Replace standing local admin rights with controlled privilege elevation workflows.
- Apply application control and privilege granularity to reduce risks from malware, ransomware, and insider threats.
- Partner with desktop engineering teams to improve usability while enforcing strong endpoint controls.
Identity Hardening & Hygiene
- Lead local administrator cleanup projects and enforce removal of unauthorized admin rights.
- Harden Entra ID and cloud tenant hygiene by monitoring stale accounts, privileged roles, and excessive permissions.
- Apply ITDR (Identity Threat Detection & Response) practices to detect and mitigate suspicious privileged activity across on-prem and cloud platforms.
Security Architecture & Standards
- Contribute to enterprise Zero Trust architecture initiatives for hybrid and multi-cloud environments.
- Align privileged access controls with NIST standards and organizational policies.
- Drive adoption of passwordless authentication, MFA, and SSO for both on-prem and cloud privileged identities.
Cloud Identity & Access
- Manage and monitor privileged roles and accounts in Azure AD (Entra ID), AWS IAM, and GCP IAM.
- Implement least-privilege design for cloud workloads, service principals, keys, and secrets.
- Integrate cloud platform identities with PAM vaulting, session recording, and access approval workflows.
Identity Lifecycle Management
- Collaborate with IGA teams to automate provisioning, deprovisioning, and recertification of privileged accounts across on-prem and cloud.
- Ensure privileged entitlements are tied to clear business justification and ownership.
Documentation & Governance
- Create and maintain technical runbooks, architecture diagrams, and operational procedures.
- Provide reporting on privileged access usage, endpoint privilege management, hygiene metrics, and compliance results.
- Partner with audit, compliance, and risk teams to demonstrate control effectiveness.
Required Qualifications
- 3-5+ years of experience in PAM, IAM, or related security engineering roles.
- Hands-on experience with AD, Entra ID, Linux, and at least one major cloud platform (Azure, AWS, or GCP).
- Strong knowledge of vaulting technologies and endpoint privilege management practices (least privilege, privilege elevation, application control).
- Proficiency with authentication methods: MFA, SSO, passwordless, Kerberos, and certificate-based access.
- Familiarity with NIST 800-63B, Zero Trust frameworks, ITDR, and cloud security standards (CIS, CSA, etc.).
- Strong scripting/automation skills (PowerShell, Python, Bash, Terraform, etc.).
- Excellent documentation and communication abilities.
Preferred Qualifications
- Experience securing privileged access in multi-cloud environments (Azure, AWS, GCP).
- Knowledge of Entra ID Conditional Access, PIM, AWS IAM policies, and GCP IAM roles.
- Experience integrating PAM solutions with CI/CD pipelines, DevOps tools, or ITSM workflows.
Success in This Role Looks Like
- Reduction of standing local administrator rights and adoption of endpoint least-privilege controls.
- Demonstrated adoption of MFA, passwordless, vault-based workflows, and privilege elevation.
- Improved audit and compliance posture with clear reporting of privileged activity and endpoint control enforcement.
- Measurable reduction in attack surface through consistent identity hygiene and lifecycle management.
bout Us:
InterSources Inc , is a Small, Woman, and Minority-Owned Business Enterprise, ISO/IEC 27001, SOC 2 Type 2 certified company with massive 18+ years of diversified experience in providing IT Consulting Services, Artificial Intelligence, Data Analysis, Application Development, Cloud Services, Cybersecurity, Digital Marketing, ERP Management, Custom Software Development, Web Development, UI/ UX Design, System Integration, QA Support etc. We make reasonable accommodations for clients and employees, and we do not discriminate based on any protected attribute including race, religion, color, national origin, gender sexual orientation, gender identity, age, or marital status. We also are a Google Cloud and Oracle partner company.
Location: NYC NY
On-site/Remote/Hybrid: Hybrid 3 days onsite/2 days remote.
Duration: 12 Months
Total Work Hours: 37.5 Hours
Interview Process: 1-2 Rounds
NOTE: **PLEASE NOTE THIS POSITION WILL ALLOW CONSULTANT TO WORK A HYBRID REMOTE SCHEDULE.
UPON START DATE CONSULTANT WILL BE REQUIRED TO WORK FIRST MONTH FULLY ONSITE. ONCE WORK CAPABILITY IS ESTABLISHED, CONSULTANT WILL BE ALLOWED TO WORK A HYBRID REMOTE SCHEDULE CONSISTING OF 3 DAYS ONSITE/ 2 DAYS REMOTE. ASLO HOURS PER WEEK IS 37.5 NO OVERTIME**
Position Summary:
Role Overview
We are seeking a skilled Privileged Access Management (PAM) Engineer to join our cybersecurity team. This role will focus on securing privileged identities across Active Directory (AD), Entra ID, Linux, and major cloud platforms (Azure, AWS, and GCP). The PAM Engineer will design, implement, and maintain controls that ensure administrators and endpoints only have the access they need-at the right time and with the least privilege possible.
The ideal candidate will have strong expertise in vaulting platforms, endpoint privilege management, and zero-trust principles, with a proven track record of reducing attack surfaces and improving identity hygiene.
KEY RESPONSIBILITIES Privileged Identity Security
- Administer and enhance the corporate vaulting platform to manage privileged credentials across AD, Entra, Linux, and cloud platforms (Azure, AWS, GCP).
- Implement credential randomization for local/built-in administrator accounts, service accounts, and cloud root/admin accounts.
- Ensure time-bound, approval-based access for administrators following least privilege and just-in-time (JIT) principles.
Endpoint Privilege Management
- Implement and maintain endpoint least-privilege policies across Windows, Linux, and macOS environments.
- Replace standing local admin rights with controlled privilege elevation workflows.
- Apply application control and privilege granularity to reduce risks from malware, ransomware, and insider threats.
- Partner with desktop engineering teams to improve usability while enforcing strong endpoint controls.
Identity Hardening & Hygiene
- Lead local administrator cleanup projects and enforce removal of unauthorized admin rights.
- Harden Entra ID and cloud tenant hygiene by monitoring stale accounts, privileged roles, and excessive permissions.
- Apply ITDR (Identity Threat Detection & Response) practices to detect and mitigate suspicious privileged activity across on-prem and cloud platforms.
Security Architecture & Standards
- Contribute to enterprise Zero Trust architecture initiatives for hybrid and multi-cloud environments.
- Align privileged access controls with NIST standards and organizational policies.
- Drive adoption of passwordless authentication, MFA, and SSO for both on-prem and cloud privileged identities.
Cloud Identity & Access
- Manage and monitor privileged roles and accounts in Azure AD (Entra ID), AWS IAM, and GCP IAM.
- Implement least-privilege design for cloud workloads, service principals, keys, and secrets.
- Integrate cloud platform identities with PAM vaulting, session recording, and access approval workflows.
Identity Lifecycle Management
- Collaborate with IGA teams to automate provisioning, deprovisioning, and recertification of privileged accounts across on-prem and cloud.
- Ensure privileged entitlements are tied to clear business justification and ownership.
Documentation & Governance
- Create and maintain technical runbooks, architecture diagrams, and operational procedures.
- Provide reporting on privileged access usage, endpoint privilege management, hygiene metrics, and compliance results.
- Partner with audit, compliance, and risk teams to demonstrate control effectiveness.
Required Qualifications
- 3-5+ years of experience in PAM, IAM, or related security engineering roles.
- Hands-on experience with AD, Entra ID, Linux, and at least one major cloud platform (Azure, AWS, or GCP).
- Strong knowledge of vaulting technologies and endpoint privilege management practices (least privilege, privilege elevation, application control).
- Proficiency with authentication methods: MFA, SSO, passwordless, Kerberos, and certificate-based access.
- Familiarity with NIST 800-63B, Zero Trust frameworks, ITDR, and cloud security standards (CIS, CSA, etc.).
- Strong scripting/automation skills (PowerShell, Python, Bash, Terraform, etc.).
- Excellent documentation and communication abilities.
Preferred Qualifications
- Experience securing privileged access in multi-cloud environments (Azure, AWS, GCP).
- Knowledge of Entra ID Conditional Access, PIM, AWS IAM policies, and GCP IAM roles.
- Experience integrating PAM solutions with CI/CD pipelines, DevOps tools, or ITSM workflows.
Success in This Role Looks Like
- Reduction of standing local administrator rights and adoption of endpoint least-privilege controls.
- Demonstrated adoption of MFA, passwordless, vault-based workflows, and privilege elevation.
- Improved audit and compliance posture with clear reporting of privileged activity and endpoint control enforcement.
- Measurable reduction in attack surface through consistent identity hygiene and lifecycle management.
bout Us:
InterSources Inc , is a Small, Woman, and Minority-Owned Business Enterprise, ISO/IEC 27001, SOC 2 Type 2 certified company with massive 18+ years of diversified experience in providing IT Consulting Services, Artificial Intelligence, Data Analysis, Application Development, Cloud Services, Cybersecurity, Digital Marketing, ERP Management, Custom Software Development, Web Development, UI/ UX Design, System Integration, QA Support etc. We make reasonable accommodations for clients and employees, and we do not discriminate based on any protected attribute including race, religion, color, national origin, gender sexual orientation, gender identity, age, or marital status. We also are a Google Cloud and Oracle partner company.
Vacancy posted 10 hours ago
Similar jobs that could be interesting for youBased on the Privileged Access Management (PAM) Engineer in New York, NY vacancy
- ...We are seeking two skilled Privileged Access Management (PAM) Engineers for direct-hire, on-site positions in New York, NY or Alpharetta, GA. The successful candidates will design, implement, and support secure privileged access solutions while integrating AI-driven automation...Suggested
- ...Veteran Firm Seeking a Privileged Access Management (PAM) Engineer for a Hybrid Assignment in New York, NY My name is Stephen Hrutka. I lead a Veteran-Owned management consulting firm in Washington, DC. We specialize in Technical and Cleared Recruiting for the Department...SuggestedHourly pay
$95.86k - $208.27k
Senior Associate, Privileged Access Management Delivery Engineer KPMG is currently seeking a Senior Associate, Privileged Access Management Delivery Engineer... ...operationalization of Privileged Access Management (PAM) solutions as part of enterprise Identity & Access Management...SuggestedH1bLocal area$160k - $240k
A global financial services company in New York is seeking a Senior Software Engineer for its Identity & Privileged Access Management team. The ideal candidate will design scalable identity and access control services and engineer automation for managing credentials across...Suggested- Nscale, based in New York, is looking for a Staff Security Engineer who will focus on optimizing privileged access and access automation across enterprise systems. This role involves building workflows and security patterns to reduce risks associated with standing privileges...SuggestedFlexible hours
- primarily a traditional PAM (Privileged Access Management) Engineer role, with AI experience being a secondary requirement. The core focus is on strong PAM expertise, and candidates should be evaluated first and foremost on their hands‑on experience with PAM technologies...
- ...: Hybrid - 3 days per quarter The Access Management & Authentication Lead Engineer is a senior, hands-on technical leader... ..., session integrity, and privilege enforcement. Design and integrate... ...security gaps and risks related to IGA, PAM, WAM, MFA, cloud IAM, and workload...Local area
- Solution design for CyberArk Endpoint Privilege Manager (EPM). Serve as the EPM Subject Matter Expert (SME) to drive Policy-Based Access Control (PBAC) policy development. Lead integration... ...for business impacts related to CyberArk PAM/EPM solution deployments, including:...Local area
- ...are seeking a detail-oriented and proactive Identity & Access Management (IAM) Engineer to join our Information Security team. This role will be... ...Single Sign-On (SSO), Multi-Factor Authentication (MFA), and privileged access tools. Work with HR, IT, and business units to...Full timeFor contractorsSummer workWork at officeHome office
- HRUCKUS in New York, NY seeks an experienced Privileged Access Management (PAM) Engineer to design, implement, and support secure PAM solutions while integrating AI-driven automation. The role requires hands-on experience with CyberArk, BeyondTrust, Delinea, or One Identity...Hourly pay
- ...hour mealtime The Identity and Access Management (IAM) team seeks a highly motivated Engineer with the following... ...modernization of our critical IAM/PAM infrastructure. The IAM... ...Governance and Administration (IGA) and Privileged Access Management. This...Full timeWork at officeRemote work
- Seneca Resources is seeking a Privileged Access Management (PAM) Engineer to support a leading transportation organization in strengthening its cybersecurity posture. This hybrid role offers the opportunity to work on enterprise-level identity security initiatives while...For contractors
$125k - $150k
...Systems Engineer BBR Partners is a boutique wealth management firm that provides customized investment strategies and bespoke advice to high‑net‑worth... ...environments, including Entra ID, conditional access, MFA, and privileged access tools. Configure and maintain cloud...Full timeTemporary workCasual workWork at officeRemote workFlexible hours3 days per week- ...Overview The Systems Engineer is a key contributor to the performance, reliability,... ...best practices. Support identity and access management, including user provisioning, authentication... ...Directory, Azure AD, MFA, SSO, and privileged access controls. Strong knowledge of operating...
$140k - $165k
...trained and how business risk is managed. Our goal is to be the firm... ...-on, detail-oriented Systems Engineer focused on IAM and hybrid... ...responsibility for identity platforms, access controls, and core... ...based access controls (RBAC), privileged identity management (PIM), and...Work at office$51.46 per hour
...vertically integrated investment manager with expertise in a wide... .... Job Summary The Engineer will be responsible for assisting... ...operational understanding of systems; accessibility and understanding of the... ...receive other benefits and privileges of employment, please...For contractorsLocal areaImmediate startWeekend work- ...Position Name: Junior Project Engineer Reports to: Project Engineer... ...'s mission is to shoulder IT management, user support, and cybersecurity... ..., Teams, Intune, Conditional Access) Entra ID (Azure AD), Windows... ...Access, and least privilege access models. Why Join Atlas...Work at office
- Architect and manage Microsoft Hyper-V clusters including live migration... ...Design and implement Role-Based Access Control (RBAC) models aligned to least-privilege principles Perform AD health... ...experience in Windows infrastructure engineering or architecture role Deep hands-...
- Job Title: IT Project Engineer Reports to: Project Engineering Manager Type: Full-Time, Salaried, Exempt Employee Shift... ...considerations, including access controls, logging, data protection... ...Conditional Access controls Least privilege and role‑based access Logging and...Full timeWork at officeShift work
$104k - $210k
...member for the role of Forward Deployed Engineer to join our Engineering Hub Team. This... ...and maintain software functionality while managing technical debt. Apply security and... ...-for-performance philosophy. We provide access to flexible global resources and tools for...Temporary workWork experience placementWorldwideFlexible hours- IT Operations & Trust Engineer - Standard Template Labs About Us: Standard... ...IT Service and Configuration Management. Backed by leading investors,... .../offboarding, MFA, and access control through centralized... ...controls such as MFA enforcement, privileged access audits, and device...Full timeWork at officeLocal area
$75 - $80 per hour
...Position Overview Title: Identity and Access Management (IAM) Engineer Client: Department of Information Technology and Telecommunications Location: Hybrid Schedule (2 days onsite and 3 days remote) Projected Assignment Dates: July 27, 2026 – July 25, 2027 Work Schedule...Hourly payRemote workMonday to Friday$66.56k - $87.36k
...preventative maintenance to critical emergency response, while managing vendor relationships and inventory systems that keep our facilities... ...at 100% of salary* Paid Time Off and Company Holidays* Early access to earned wages through Daily PayAt JLL, we harness the power...Immediate startNight shift- ...Job Description Delivery Management with ITIL Experience Customer management Leading strategic discussions and roadmap with customer leadership... ...) Understanding of Cisco Wireless LAN Controllers and Access points IP routing and switching Understanding of Cisco ACI and...
$225k
...Bridgewater Associates is a premier asset management firm, focused on delivering unique... ...important edge. When we get it right, it’s the engine that powers everything else. About the... ...and confers no contractual rights, privileges, or benefits on any applicant or potential...Full timeContract workH1bWork at officeVisa sponsorship$110.26k
...shape a brighter way forward.**Operating Engineer- JLL****What this job involves:**As an... ...systems and building automation to energy management controls. We believe the most effective... ...Paid Time Off and Company Holidays* Early access to earned wages through Daily PayAt JLL,...ApprenticeshipWork experience placementLocal areaImmediate start$96k - $134k
...lifecycle through our core construction management services and complementary business lines... ...a program that provides employees with access to a wide variety of options that can be... ...ambitions and build your legacy. The Digital Engineering Group promotes a holistic approach to...Contract workTemporary workFor contractorsWork at office$110.26k
...a brighter way forward. Operating Engineer- JLL What this job involves: As... ...systems and building automation to energy management controls. We believe the most effective... ...Off and Company Holidays ~ Early access to earned wages through Daily Pay...Daily paidApprenticeshipWork experience placementLocal areaImmediate startMonday to Friday- Amtex Systems Inc. seeks a Microsoft Windows Active Directory Engineer to manage and secure enterprise AD infrastructure in a hybrid NYC... ...production. You will implement password automation, MFA, and PAM controls (e.g., CyberArk), design forests and trusts, and drive...
- ...expertise in design systems and AI-augmented engineering to a code-first foundation built to... ...Deliver high production-quality, accessible, sub-atomic code that other teams can build... ...financial transaction processing and asset management. We offer a competitive total...Immediate start
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Privileged Access Management (PAM) Engineer. Be the first to apply!
Related searches
- pest management New York, NY
- pain management New York, NY
- order management specialist New York, NY
- cash management service teller New York, NY
- management development specialist New York, NY
- material management specialist New York, NY
- entry level management training New York, NY
- sales management training program New York, NY
- wealth management intern New York, NY
- aviation management New York, NY


