Job ID: JOB_ID_861

Role Overview

The Senior Privileged Access Management (PAM) Engineer is a critical role within the cybersecurity infrastructure team, focusing on the protection of high-value assets and administrative credentials. As organizations face increasing threats from credential-based attacks, this position serves as the primary architect and implementer of security controls that govern how service accounts, non-human identities, and administrative users interact with enterprise systems. This role is available in both San Francisco, CA, and Cincinnati, OH, offering a hybrid or on-site presence in key technological hubs. The engineer will be responsible for the entire lifecycle of privileged access, from initial design to ongoing governance and optimization.

Key Responsibilities

  • Design and implement end-to-end PAM solutions that align with the Zero Trust security model and organizational risk appetite.
  • Enforce the principle of least privilege across all enterprise platforms, including cloud-native and legacy on-premise environments.
  • Develop and maintain secure jump infrastructure to facilitate controlled operational access for administrators and third-party vendors.
  • Automate privileged account lifecycle management, including automated discovery, onboarding, and password rotation.
  • Collaborate with Identity and Access Management (IAM), Network Security, and the Security Operations Center (SOC) to ensure integrated defense-in-depth.
  • Establish robust auditability and session recording protocols to meet stringent regulatory compliance requirements and internal policies.
  • Lead the technical authority for PAM architecture, providing expert guidance on best practices and emerging identity-based threats.
  • Reduce organizational risk by eliminating direct privileged access to sensitive systems and implementing “just-in-time” access.

Technical Requirements

  • Extensive experience with industry-leading PAM platforms such as CyberArk, BeyondTrust, or SailPoint.
  • Strong understanding of IAM protocols including SAML, OIDC, OAuth, and Kerberos.
  • Proficiency in scripting and automation using Python, PowerShell, or Bash to streamline security workflows.
  • Experience with cloud security controls in AWS, Azure, or GCP, specifically regarding IAM and secret management.
  • Knowledge of network security principles, including firewalls, VPNs, and micro-segmentation strategies.
  • Familiarity with regulatory frameworks such as SOX, HIPAA, PCI-DSS, or GDPR.

Operational Excellence and Leadership

Beyond technical implementation, the Senior PAM Engineer will drive operational excellence by establishing clear metrics for risk reduction. This includes monitoring the health of the PAM environment, troubleshooting complex integration issues, and ensuring high availability of security services. The role requires a leadership mindset, mentoring junior engineers and educating stakeholders on the importance of privileged access controls. By fostering a culture of security, the engineer ensures that PAM is not seen as a hurdle but as an enabler of secure business operations.

Strategic Impact

The Senior PAM Engineer will not only manage tools but will also drive the strategy for identity security. By implementing sophisticated access controls, the engineer will significantly reduce the attack surface and prevent lateral movement within the network. This role requires a proactive approach to identifying vulnerabilities in account management and developing scalable solutions to mitigate those risks. The successful candidate will be instrumental in transforming the organization’s security posture from reactive to proactive, ensuring that every privileged action is authenticated, authorized, and audited. This strategic oversight is vital for maintaining the integrity of the enterprise’s most sensitive data and systems in an increasingly hostile digital landscape.

Compensation & Location

Salary: $165,000 – $215,000 per year (Estimated)

Location: San Francisco, CA

Recruiter / Company – Contact Information

Recruiter / Employer: Savi Technologies INC.

Email: venkat.g@savi-tech.com

Interested in this position?
Apply via Email

Recruiter Notice:
To remove this job posting, please send an email from
venkat.g@savi-tech.com with the subject:

DELETE_JOB_ID_861

to delete@join-this.com.