City: Sant Just Desvern
State: Barcelona (ES-B)
Country: Spain (ES)
Overview
The PAM Specialist is part of the broader Bunge Global Identity and Access Management (IAM) team. You will play a central role in supporting and evolving our Privileged Access Management (PAM) platform, a critical component of our cybersecurity posture. This position is primarily focused on ensuring the stability, security, and integration of privileged access services across a complex, global environment. You will work closely with directory and authentication platforms such as Active Directory and Entra ID, ensuring seamless integration between PAM and core identity services. In this role, you will directly contribute to strengthening privileged access controls and advancing identity foundations within a hybrid enterprise landscape. This position offers a unique opportunity to work on privileged access at a global scale, where PAM is a critical control for cybersecurity and compliance. You will play a direct role in strengthening the organization's security posture while contributing to broader identity modernization initiatives. You will operate in a highly complex international environment, collaborating with global teams and contributing to initiatives with direct visibility within cybersecurity leadership.
Main Responsibilities
Support and operate global Privileged Access Management (PAM) services, ensuring high availability, security, and performance
Manage and maintain directory services including Active Directory and Microsoft Entra ID, with a focus on enabling secure privileged access
Integrate PAM solutions with core identity services to ensure consistent and controlled management of privileged accounts across on‐premises and cloud environments
Manage privileged account onboarding, access provisioning, session management, and credential lifecycle processes
Design and implement automation use cases for PAM operations, such as automated onboarding and offboarding of privileged accounts, credential rotation and password vault synchronization, just‐in‐time (JIT) privileged access provisioning, session initiation, monitoring and termination workflows
Integration with ticketing systems (e.g., ServiceNow) for access requests and approvals
Oversee and optimize domain services such as authentication, replication, and domain trust relationships, in support of privileged access use cases
Support identity capabilities including Single Sign‐On (SSO), Multi‐Factor Authentication (MFA), and enterprise application integrations where they intersect with privileged access
Troubleshoot and resolve complex issues related to PAM, directory services, and authentication mechanisms
Collaborate with cybersecurity and infrastructure teams to enforce privileged access controls, audit requirements, and security best practices
Contribute to ongoing PAM enhancements, automation initiatives, and operational efficiency improvements
Explore opportunities for using Artificial Intelligence (AI) within the scope of IAM
Education & Experience
Typically a Bachelor's degree in Computer Science, Information Technology, or a related technical field. A Master's degree is a plus
5+ years of progressively responsible experience in PAM and Directory Services within a large, global enterprise environment
Working knowledge of PAM platforms (e.g., CyberArk, Okta, Segura)
Strong understanding of PAM concepts including privileged account lifecycle, vaulting, session management, credential rotation, and least privilege enforcement
Experience building or supporting automation within PAM environments, preferably using scripting (e.g., PowerShell) or API integrations
Experience integrating PAM solutions with Active Directory, Entra ID, and enterprise applications
Knowledge of privileged access controls, audit logging, and compliance requirements (e.g., SOX, internal audit)
Relevant industry certifications such as MCSE: Core Infrastructure, Azure Administrator Associate, CISSP, ITIL Foundation, or equivalent are highly desirable
Solid understanding of DNS, DHCP, Group Policy, LDAP, and Kerberos protocols
Strong proficiency in scripting languages (e.g., PowerShell) for automation, administration, and reporting
In‐depth knowledge of Identity and Access Management (IAM) principles and best practices, particularly related to privileged access, MFA, and authentication
Languages
English (professional) required
Other languages (e.g., Spanish) are a plus
#J-18808-Ljbffr