Sign up to access all features of our service.
  • Job search
  • Favorites
  • Create a CV
    New
  • Salaries
  • Subscriptions

Privileged Access Management (PAM) Engineer

InterSources

Title: Privileged Access Management (PAM) Engineer

Location: NYC NY

On-site/Remote/Hybrid: Hybrid 3 days onsite/2 days remote.

Duration: 12 Months
Total Work Hours: 37.5 Hours

Interview Process: 1-2 Rounds



NOTE: **PLEASE NOTE THIS POSITION WILL ALLOW CONSULTANT TO WORK A HYBRID REMOTE SCHEDULE.
UPON START DATE CONSULTANT WILL BE REQUIRED TO WORK FIRST MONTH FULLY ONSITE. ONCE WORK CAPABILITY IS ESTABLISHED, CONSULTANT WILL BE ALLOWED TO WORK A HYBRID REMOTE SCHEDULE CONSISTING OF 3 DAYS ONSITE/ 2 DAYS REMOTE. ASLO HOURS PER WEEK IS 37.5 NO OVERTIME**



Position Summary:

Role Overview
We are seeking a skilled Privileged Access Management (PAM) Engineer to join our cybersecurity team. This role will focus on securing privileged identities across Active Directory (AD), Entra ID, Linux, and major cloud platforms (Azure, AWS, and GCP). The PAM Engineer will design, implement, and maintain controls that ensure administrators and endpoints only have the access they need-at the right time and with the least privilege possible.
The ideal candidate will have strong expertise in vaulting platforms, endpoint privilege management, and zero-trust principles, with a proven track record of reducing attack surfaces and improving identity hygiene.



KEY RESPONSIBILITIES

Privileged Identity Security
- Administer and enhance the corporate vaulting platform to manage privileged credentials across AD, Entra, Linux, and cloud platforms (Azure, AWS, GCP).
- Implement credential randomization for local/built-in administrator accounts, service accounts, and cloud root/admin accounts.
- Ensure time-bound, approval-based access for administrators following least privilege and just-in-time (JIT) principles.



Endpoint Privilege Management
- Implement and maintain endpoint least-privilege policies across Windows, Linux, and macOS environments.
- Replace standing local admin rights with controlled privilege elevation workflows.
- Apply application control and privilege granularity to reduce risks from malware, ransomware, and insider threats.
- Partner with desktop engineering teams to improve usability while enforcing strong endpoint controls.



Identity Hardening & Hygiene
- Lead local administrator cleanup projects and enforce removal of unauthorized admin rights.
- Harden Entra ID and cloud tenant hygiene by monitoring stale accounts, privileged roles, and excessive permissions.
- Apply ITDR (Identity Threat Detection & Response) practices to detect and mitigate suspicious privileged activity across on-prem and cloud platforms.



Security Architecture & Standards
- Contribute to enterprise Zero Trust architecture initiatives for hybrid and multi-cloud environments.
- Align privileged access controls with NIST standards and organizational policies.
- Drive adoption of passwordless authentication, MFA, and SSO for both on-prem and cloud privileged identities.



Cloud Identity & Access
- Manage and monitor privileged roles and accounts in Azure AD (Entra ID), AWS IAM, and GCP IAM.
- Implement least-privilege design for cloud workloads, service principals, keys, and secrets.
- Integrate cloud platform identities with PAM vaulting, session recording, and access approval workflows.



Identity Lifecycle Management
- Collaborate with IGA teams to automate provisioning, deprovisioning, and recertification of privileged accounts across on-prem and cloud.
- Ensure privileged entitlements are tied to clear business justification and ownership.



Documentation & Governance
- Create and maintain technical runbooks, architecture diagrams, and operational procedures.
- Provide reporting on privileged access usage, endpoint privilege management, hygiene metrics, and compliance results.
- Partner with audit, compliance, and risk teams to demonstrate control effectiveness.



Required Qualifications
- 3-5+ years of experience in PAM, IAM, or related security engineering roles.
- Hands-on experience with AD, Entra ID, Linux, and at least one major cloud platform (Azure, AWS, or GCP).
- Strong knowledge of vaulting technologies and endpoint privilege management practices (least privilege, privilege elevation, application control).
- Proficiency with authentication methods: MFA, SSO, passwordless, Kerberos, and certificate-based access.
- Familiarity with NIST 800-63B, Zero Trust frameworks, ITDR, and cloud security standards (CIS, CSA, etc.).
- Strong scripting/automation skills (PowerShell, Python, Bash, Terraform, etc.).
- Excellent documentation and communication abilities.



Preferred Qualifications
- Experience securing privileged access in multi-cloud environments (Azure, AWS, GCP).
- Knowledge of Entra ID Conditional Access, PIM, AWS IAM policies, and GCP IAM roles.
- Experience integrating PAM solutions with CI/CD pipelines, DevOps tools, or ITSM workflows.



Success in This Role Looks Like
- Reduction of standing local administrator rights and adoption of endpoint least-privilege controls.
- Demonstrated adoption of MFA, passwordless, vault-based workflows, and privilege elevation.
- Improved audit and compliance posture with clear reporting of privileged activity and endpoint control enforcement.
- Measurable reduction in attack surface through consistent identity hygiene and lifecycle management.



bout Us:

InterSources Inc , is a Small, Woman, and Minority-Owned Business Enterprise, ISO/IEC 27001, SOC 2 Type 2 certified company with massive 18+ years of diversified experience in providing IT Consulting Services, Artificial Intelligence, Data Analysis, Application Development, Cloud Services, Cybersecurity, Digital Marketing, ERP Management, Custom Software Development, Web Development, UI/ UX Design, System Integration, QA Support etc. We make reasonable accommodations for clients and employees, and we do not discriminate based on any protected attribute including race, religion, color, national origin, gender sexual orientation, gender identity, age, or marital status. We also are a Google Cloud and Oracle partner company.
Vacancy posted 10 hours ago
Similar jobs that could be interesting for youBased on the Privileged Access Management (PAM) Engineer in New York, NY vacancy
  •  ...We are seeking two skilled Privileged Access Management (PAM) Engineers for direct-hire, on-site positions in New York, NY or Alpharetta, GA. The successful candidates will design, implement, and support secure privileged access solutions while integrating AI-driven automation... 
    Suggested

    Macpower Digital Assets Edge

    New York, NY
    4 days ago
  •  ...Veteran Firm Seeking a Privileged Access Management (PAM) Engineer for a Hybrid Assignment in New York, NY My name is Stephen Hrutka. I lead a Veteran-Owned management consulting firm in Washington, DC. We specialize in Technical and Cleared Recruiting for the Department... 
    Suggested
    Hourly pay

    HRUCKUS LLC

    New York, NY
    1 day ago
  • $95.86k - $208.27k

    Senior Associate, Privileged Access Management Delivery Engineer KPMG is currently seeking a Senior Associate, Privileged Access Management Delivery Engineer...  ...operationalization of Privileged Access Management (PAM) solutions as part of enterprise Identity & Access Management... 
    Suggested
    H1b
    Local area

    Sarasota Memorial Hospital

    New York, NY
    4 days ago
  • $160k - $240k

    A global financial services company in New York is seeking a Senior Software Engineer for its Identity & Privileged Access Management team. The ideal candidate will design scalable identity and access control services and engineer automation for managing credentials across... 
    Suggested

    Bloomberg

    New York, NY
    2 days ago
  • Nscale, based in New York, is looking for a Staff Security Engineer who will focus on optimizing privileged access and access automation across enterprise systems. This role involves building workflows and security patterns to reduce risks associated with standing privileges... 
    Suggested
    Flexible hours

    Nscale

    New York, NY
    2 days ago
  • primarily a traditional PAM (Privileged Access Management) Engineer role, with AI experience being a secondary requirement. The core focus is on strong PAM expertise, and candidates should be evaluated first and foremost on their hands‑on experience with PAM technologies... 

    Akaasa Technologies

    New York, NY
    2 days ago
  •  ...: Hybrid - 3 days per quarter The Access Management & Authentication Lead Engineer is a senior, hands-on technical leader...  ..., session integrity, and privilege enforcement. Design and integrate...  ...security gaps and risks related to IGA, PAM, WAM, MFA, cloud IAM, and workload... 
    Local area

    New York Life

    New York, NY
    2 days ago
  • Solution design for CyberArk Endpoint Privilege Manager (EPM). Serve as the EPM Subject Matter Expert (SME) to drive Policy-Based Access Control (PBAC) policy development. Lead integration...  ...for business impacts related to CyberArk PAM/EPM solution deployments, including:... 
    Local area

    Prophecy Technologies

    New York, NY
    2 days ago
  •  ...are seeking a detail-oriented and proactive Identity & Access Management (IAM) Engineer to join our Information Security team. This role will be...  ...Single Sign-On (SSO), Multi-Factor Authentication (MFA), and privileged access tools. Work with HR, IT, and business units to... 
    Full time
    For contractors
    Summer work
    Work at office
    Home office

    J.Crew

    New York, NY
    2 days ago
  • HRUCKUS in New York, NY seeks an experienced Privileged Access Management (PAM) Engineer to design, implement, and support secure PAM solutions while integrating AI-driven automation. The role requires hands-on experience with CyberArk, BeyondTrust, Delinea, or One Identity... 
    Hourly pay

    HRUCKUS

    New York, NY
    2 days ago
  •  ...hour mealtime The Identity and Access Management (IAM) team seeks a highly motivated Engineer with the following...  ...modernization of our critical IAM/PAM infrastructure. The IAM...  ...Governance and Administration (IGA) and Privileged Access Management. This... 
    Full time
    Work at office
    Remote work

    Texas State Library and Archives Commision

    New York, NY
    11 hours ago
  • Seneca Resources is seeking a Privileged Access Management (PAM) Engineer to support a leading transportation organization in strengthening its cybersecurity posture. This hybrid role offers the opportunity to work on enterprise-level identity security initiatives while... 
    For contractors

    Seneca Resources

    New York, NY
    2 days ago
  • $125k - $150k

     ...Systems Engineer BBR Partners is a boutique wealth management firm that provides customized investment strategies and bespoke advice to high‑net‑worth...  ...environments, including Entra ID, conditional access, MFA, and privileged access tools. Configure and maintain cloud... 
    Full time
    Temporary work
    Casual work
    Work at office
    Remote work
    Flexible hours
    3 days per week

    Chris Baily

    New York, NY
    2 days ago
  •  ...Overview The Systems Engineer is a key contributor to the performance, reliability,...  ...best practices. Support identity and access management, including user provisioning, authentication...  ...Directory, Azure AD, MFA, SSO, and privileged access controls. Strong knowledge of operating... 

    PRI Technology

    New York, NY
    4 days ago
  • $140k - $165k

     ...trained and how business risk is managed. Our goal is to be the firm...  ...-on, detail-oriented Systems Engineer focused on IAM and hybrid...  ...responsibility for identity platforms, access controls, and core...  ...based access controls (RBAC), privileged identity management (PIM), and... 
    Work at office

    Cravath Swaine

    New York, NY
    4 days ago
  • $51.46 per hour

     ...vertically integrated investment manager with expertise in a wide...  .... Job Summary The Engineer will be responsible for assisting...  ...operational understanding of systems; accessibility and understanding of the...  ...receive other benefits and privileges of employment, please... 
    For contractors
    Local area
    Immediate start
    Weekend work

    RXR

    New York, NY
    2 days ago
  •  ...Position Name: Junior Project Engineer Reports to: Project Engineer...  ...'s mission is to shoulder IT management, user support, and cybersecurity...  ..., Teams, Intune, Conditional Access) Entra ID (Azure AD), Windows...  ...Access, and least privilege access models. Why Join Atlas... 
    Work at office

    Atlas Technica

    New York, NY
    1 day ago
  • Architect and manage Microsoft Hyper-V clusters including live migration...  ...Design and implement Role-Based Access Control (RBAC) models aligned to least-privilege principles Perform AD health...  ...experience in Windows infrastructure engineering or architecture role Deep hands-... 

    Stone Search, LLC

    New York, NY
    2 days ago
  • Job Title: IT Project Engineer Reports to: Project Engineering Manager Type: Full-Time, Salaried, Exempt Employee Shift...  ...considerations, including access controls, logging, data protection...  ...Conditional Access controls Least privilege and role‑based access Logging and... 
    Full time
    Work at office
    Shift work

    Atlas Technica

    New York, NY
    2 days ago
  • $104k - $210k

     ...member for the role of Forward Deployed Engineer  to join our Engineering Hub Team. This...  ...and maintain software functionality while managing technical debt. Apply security and...  ...-for-performance philosophy. We provide access to flexible global resources and tools for... 
    Temporary work
    Work experience placement
    Worldwide
    Flexible hours

    BNY

    New York, NY
    17 days ago
  • IT Operations & Trust Engineer - Standard Template Labs About Us: Standard...  ...IT Service and Configuration Management. Backed by leading investors,...  .../offboarding, MFA, and access control through centralized...  ...controls such as MFA enforcement, privileged access audits, and device... 
    Full time
    Work at office
    Local area

    Standard Template Labs

    New York, NY
    2 days ago
  • $75 - $80 per hour

     ...Position Overview Title: Identity and Access Management (IAM) Engineer Client: Department of Information Technology and Telecommunications Location: Hybrid Schedule (2 days onsite and 3 days remote) Projected Assignment Dates: July 27, 2026 – July 25, 2027 Work Schedule... 
    Hourly pay
    Remote work
    Monday to Friday

    Network ESC A Division of Network Temps, Inc.

    New York, NY
    4 days ago
  • $66.56k - $87.36k

     ...preventative maintenance to critical emergency response, while managing vendor relationships and inventory systems that keep our facilities...  ...at 100% of salary* Paid Time Off and Company Holidays* Early access to earned wages through Daily PayAt JLL, we harness the power... 
    Immediate start
    Night shift

    Jones Lang LaSalle Incorporated

    New York, NY
    4 days ago
  •  ...Job Description Delivery Management with ITIL Experience Customer management Leading strategic discussions and roadmap with customer leadership...  ...) Understanding of Cisco Wireless LAN Controllers and Access points IP routing and switching Understanding of Cisco ACI and... 

    Openkyber

    New York, NY
    2 days ago
  • $225k

     ...Bridgewater Associates is a premier asset management firm, focused on delivering unique...  ...important edge. When we get it right, it’s the engine that powers everything else. About the...  ...and confers no contractual rights, privileges, or benefits on any applicant or potential... 
    Full time
    Contract work
    H1b
    Work at office
    Visa sponsorship

    Bridgewater Associates

    New York, NY
    1 day ago
  • $110.26k

     ...shape a brighter way forward.**Operating Engineer- JLL****What this job involves:**As an...  ...systems and building automation to energy management controls. We believe the most effective...  ...Paid Time Off and Company Holidays* Early access to earned wages through Daily PayAt JLL,... 
    Apprenticeship
    Work experience placement
    Local area
    Immediate start

    Jones Lang LaSalle Incorporated

    New York, NY
    17 hours ago
  • $96k - $134k

     ...lifecycle through our core construction management services and complementary business lines...  ...a program that provides employees with access to a wide variety of options that can be...  ...ambitions and build your legacy. The Digital Engineering Group promotes a holistic approach to... 
    Contract work
    Temporary work
    For contractors
    Work at office

    Unavailable

    New York, NY
    17 hours ago
  • $110.26k

     ...a brighter way forward. Operating Engineer- JLL What this job involves: As...  ...systems and building automation to energy management controls. We believe the most effective...  ...Off and Company Holidays ~ Early access to earned wages through Daily Pay... 
    Daily paid
    Apprenticeship
    Work experience placement
    Local area
    Immediate start
    Monday to Friday

    JLL

    New York, NY
    2 days ago
  • Amtex Systems Inc. seeks a Microsoft Windows Active Directory Engineer to manage and secure enterprise AD infrastructure in a hybrid NYC...  ...production. You will implement password automation, MFA, and PAM controls (e.g., CyberArk), design forests and trusts, and drive... 

    Amtex Systems Inc

    New York, NY
    2 days ago
  •  ...expertise in design systems and AI-augmented engineering to a code-first foundation built to...  ...Deliver high production-quality, accessible, sub-atomic code that other teams can build...  ...financial transaction processing and asset management. We offer a competitive total... 
    Immediate start

    J.P. Morgan

    New York, NY
    23 hours ago

Do you want to receive more vacancies?

Subscribe and receive similar vacancies to Privileged Access Management (PAM) Engineer. Be the first to apply!