PAM Engineer / CyberArk

We are hiring PAM Lead - Temp to Hire in Tampa! W2 only, no visa sponsorship available.

The Privileged Access Management (PAM) Lead is responsible for leading, operating, and maturing clients Privileged Access Management (PAM) program using the CyberArk platform. This role serves as the primary CyberArk subject matter expert, ensuring effective privileged account lifecycle management, least privilege enforcement, privileged credential protection, and privileged access governance programs across both enterprise IT and Operational Technology (OT) environments.

This position works closely with IAM, Infrastructure, OT/SCADA Operations, Application Owners, Compliance, Risk, and Enterprise Architecture teams to enforce least privilege access, support regulatory requirements, and improve visibility into privileged and non-human access across the enterprise. The role is hands-on within the CyberArk platform and executes designs aligned to enterprise security architecture standards and critical infrastructure security requirements.

PRIMARY DUTIES AND RESPONSIBILITIES

Privileged Access Management (PAM – CyberArk)

• Serve as the enterprise lead and technical owner for the CyberArk PAM platform, providing hands-on leadership and subject matter expertise.

• Design, implement, and maintain:

o Privileged account onboarding and lifecycle management

o Least privilege and privileged access governance models

o Password vaulting, credential rotation, and session management capabilities

o Privileged access review and attestation campaigns, including administrative, service, shared, and OT privileged account reviews

• Configure and manage CyberArk workflows and platform components, including:

o Central Policy Manager (CPM)

o Privileged Session Manager (PSM)

o Privileged Vault

o Endpoint Privilege Manager (EPM), where applicable

• Lead onboarding of systems and applications into CyberArk in coordination with IAM, Infrastructure, OT/SCADA teams, and application SMEs, including:

o Privileged account discovery and onboarding

o Credential management and reconciliation

o Session management configuration

o Privileged access review design

• Support privileged access security across enterprise and OT/ICS environments, including:

o SCADA systems

o Industrial control systems (ICS)

o Windows and Linux operational servers

o Engineering workstations

o Network infrastructure devices

o Service and shared operational accounts

• Design and maintain CyberArk integration capabilities, including:

o Microsoft Entra ID (authentication, directory integration, SSO alignment)

o ServiceNow request and approval workflows

o Windows, Linux, databases, network devices, and enterprise applications

o SAP and other enterprise or custom applications

• Implement and tune CyberArk security and governance controls, including:

o Least privilege enforcement

o Just-in-Time (JIT) privileged access

o Shared and emergency access account governance

o Privileged credential rotation and policy enforcement

• Partner with Cyber Security and OT teams to support secure privileged access strategies for critical infrastructure environments while minimizing operational disruption to plant and grid operations.

• Support SOX, NERC CIP, and audit evidence requests by providing privileged access reports, session logs, credential governance evidence, and PAM documentation.

• Leverage CyberArk analytics, reporting, and dashboards to improve visibility into privileged access risk, unmanaged privileged accounts, excessive standing access, and operational technology access exposure.

• Maintain operational documentation, runbooks, procedures, and support models for PAM.

• Drive continuous improvement of PAM maturity, reducing standing privileged access, improving credential security, and strengthening privileged access monitoring and accountability.

RELATIONSHIPS

Key Internal:

IAM Team, Infrastructure Teams, OT/SCADA Operations Teams, Application Owners, Enterprise Architecture, Compliance, Risk, Audit, ServiceNow Team.

Key External:

CyberArk Professional Services, System Integrators, Auditors.

LICENSES / CERTIFICATIONS

Required:

From the list of certification vendors, one or more related Information Security or Identity certifications, or ability to obtain via self-study within one year of hire date

(e.g., ISC², ISACA, CompTIA, Microsoft, CyberArk).

Preferred:

CyberArk Defender or Sentry Certifications, Microsoft Identity certifications, CISA, CISM, CISSP, CRISC, ITIL v3 or v4.

RELATED EXPERIENCE

Required:

5–8 years of related Cyber Security or IT experience with a focus on privileged access management, identity security, or access management, including:

• PAM or IAM platforms

• Privileged account governance and onboarding

• Privileged access reviews and audit support

• Integration with enterprise applications and identity services

Preferred:

• Experience supporting OT/ICS/SCADA privileged access security within critical infrastructure or utility environments

• Familiarity with NERC CIP requirements and operational technology security controls

KNOWLEDGE / SKILLS / ABILITIES (KSA)

Required:

• Strong hands-on knowledge of CyberArk PAM configuration and operations

• Understanding of privileged account lifecycle management and least privilege principles

• Familiarity with IAM platforms such as Microsoft Entra ID

• Knowledge of privileged credential protection and session management

• Understanding of regulatory requirements impacting privileged access management

• Ability to collaborate with technical and business stakeholders

• Strong documentation and communication skills

• Attention to detail and commitment to continuous improvement

Preferred:

• Familiarity with OT/ICS/SCADA environments and operational technology security concepts

• Understanding of privileged access challenges within industrial and utility environments