Privileged Access Management (PAM) Engineer
Client: International Organization
Location:
* Option 1 - prefer Valencia, Spain or willing to relocate (preferred location).
* Option 2 – Other locations in EU or LATAM.
Daily Rate: Based on experience and budget availability
Duration of the mission: Initial 3 Months.
DropaCode is looking for a Privileged Access Management (PAM) Engineer, for one of our international clients, for the deployment, administration, and operational management of Privileged Access Management (PAM) solutions, ensuring secure onboarding, governance, and lifecycle management of privileged accounts and secrets across on-premises and cloud environments
This role could be hybrid from Europe/LATAM or onsite in the Valencia office.
You will be responsible for:
* Install, configure, and maintain CyberArk components including Vault, PVWA, CPM, PSM, PTA, and Conjur.
* Perform onboarding of privileged accounts across platforms such as Windows, Linux, databases (Oracle, SQL), cloud, and application environments, ensuring proper classification and secure vaulting.
* Manage end-to-end privileged account lifecycle including inventory collection, validation, ownership mapping, approval coordination, and onboarding.
* Implement and manage Just-in-Time (JIT) privileged access and session management controls.
* Enforce password and credential management policies including automated password rotation, password complexity enforcement, and secure credential storage.
* Manage secrets for applications using Conjur or equivalent secrets management solutions.
* Identify and manage accounts requiring special handling (e.g., service accounts, shared accounts, non-rotating accounts), ensuring appropriate controls and risk mitigation.
* Monitor password compliance and remediate accounts not adhering to defined rotation or policy standards.
* Provide Level 2/3 support for PAM-related incidents and service requests.
* Troubleshoot issues related to CyberArk and integrations with Active Directory, Entra ID (Azure AD), IAM tools, SIEM platforms, and ServiceNow.
* Perform regular health checks, system monitoring, patching, and upgrades of CyberArk infrastructure.
* Automate PAM processes using scripting and APIs (PowerShell, Python, REST APIs, psPAS) to reduce manual effort.
* Support bulk onboarding and large-scale privileged account management through automation and standardized methods.
* Design and support integrations between PAM and enterprise IAM systems (e.g., SailPoint, Saviynt, Entra ID) for identity lifecycle and access governance alignment
* Maintain documentation including SOPs, onboarding procedures, runbooks, and automation scripts.
* Collaborate with application, infrastructure, and cloud teams to enforce least privilege access and secure credential usage.
* Participate in audit and compliance activities by providing evidence, reporting, and demonstrating control effectiveness.
* Support governance activities including account recertification, ownership validation, and compliance monitoring.
For this role you will need the following skills and qualifications:
* Bachelor’s degree in Computer Science, Information Security, or related field.
* 4–8 years of experience in IT security, IAM, or PAM engineering.
* Strong hands-on experience with CyberArk PAM suite (Vault, CPM, PSM, PVWA).
* Experience with CyberArk Conjur or other enterprise secrets management solutions.
* Strong understanding of Just-in-Time (JIT) access and privileged session management.
* Experience integrating PAM with IAM platforms (e.g., SailPoint, Saviynt, Entra ID / Azure AD).
* Experience managing privileged access in cloud environments (Azure, AWS).
* Strong understanding of Windows, Linux, Active Directory, and database systems (Oracle, SQL).
* Strong scripting and automation experience (PowerShell, Python, REST APIs).
* Experience with ITSM tools such as ServiceNow and incident/change management processes.
* Knowledge of security controls, audit frameworks, and compliance standards.
* Strong analytical and problem-solving skills.
Preferred qualifications:
* CyberArk Defender / Sentry certification.
* Experience implementing Conjur in DevOps / CI-CD environments.
* Experience with Privileged Threat Analytics (PTA) or advanced monitoring tools.
* Exposure to container platforms (Kubernetes, OpenShift) and secrets management.
* Familiarity with Zero Trust security architecture.
Soft skills:
* Strong analytical and troubleshooting abilities.
* Ability to work independently and within cross-functional teams.
* Excellent communication skills with both technical and non-technical stakeholders.
* Attention to detail and commitment to security best practices.