City: Sant Just Desvern
State: Barcelona (ES-B)
Country: Spain (ES)
Overview
The PAM Specialist is part of the broader Bunge Global Identity and Access Management (IAM) team. You will play a central role in supporting and evolving our Privileged Access Management (PAM) platform, a critical component of our cybersecurity posture. This position is primarily focused on ensuring the stability, security, and integration of privileged access services across a complex, global environment. You will work closely with directory and authentication platforms such as Active Directory and Entra ID, ensuring seamless integration between PAM and core identity services. In this role, you will directly contribute to strengthening privileged access controls and advancing identity foundations within a hybrid enterprise landscape. This position offers a unique opportunity to work on privileged access at a global scale, where PAM is a critical control for cybersecurity and compliance. You will play a direct role in strengthening the organization’s security posture while contributing to broader identity modernization initiatives. You will operate in a highly complex international environment, collaborating with global teams and contributing to initiatives with direct visibility within cybersecurity leadership.
Main Responsibilities
* Support and operate global Privileged Access Management (PAM) services, ensuring high availability, security, and performance
* Manage and maintain directory services including Active Directory and Microsoft Entra ID, with a focus on enabling secure privileged access
* Integrate PAM solutions with core identity services to ensure consistent and controlled management of privileged accounts across on‑premises and cloud environments
* Manage privileged account onboarding, access provisioning, session management, and credential lifecycle processes
* Design and implement automation use cases for PAM operations, such as automated onboarding and offboarding of privileged accounts, credential rotation and password vault synchronization, just‑in‑time (JIT) privileged access provisioning, session initiation, monitoring and termination workflows
* Integration with ticketing systems (e.g., ServiceNow) for access requests and approvals
* Oversee and optimize domain services such as authentication, replication, and domain trust relationships, in support of privileged access use cases
* Support identity capabilities including Single Sign‑On (SSO), Multi‑Factor Authentication (MFA), and enterprise application integrations where they intersect with privileged access
* Troubleshoot and resolve complex issues related to PAM, directory services, and authentication mechanisms
* Collaborate with cybersecurity and infrastructure teams to enforce privileged access controls, audit requirements, and security best practices
* Contribute to ongoing PAM enhancements, automation initiatives, and operational efficiency improvements
* Explore opportunities for using Artificial Intelligence (AI) within the scope of IAM
Education & Experience
* Typically a Bachelor’s degree in Computer Science, Information Technology, or a related technical field. A Master’s degree is a plus
* 5+ years of progressively responsible experience in PAM and Directory Services within a large, global enterprise environment
* Working knowledge of PAM platforms (e.g., CyberArk, Okta, Segura)
* Strong understanding of PAM concepts including privileged account lifecycle, vaulting, session management, credential rotation, and least privilege enforcement
* Experience building or supporting automation within PAM environments, preferably using scripting (e.g., PowerShell) or API integrations
* Experience integrating PAM solutions with Active Directory, Entra ID, and enterprise applications
* Knowledge of privileged access controls, audit logging, and compliance requirements (e.g., SOX, internal audit)
* Relevant industry certifications such as MCSE: Core Infrastructure, Azure Administrator Associate, CISSP, ITIL Foundation, or equivalent are highly desirable
* Solid understanding of DNS, DHCP, Group Policy, LDAP, and Kerberos protocols
* Strong proficiency in scripting languages (e.g., PowerShell) for automation, administration, and reporting
* In‑depth knowledge of Identity and Access Management (IAM) principles and best practices, particularly related to privileged access, MFA, and authentication
Languages
* English (professional) required
* Other languages (e.g., Spanish) are a plus
#J-18808-Ljbffr