IT Engineer, Privileged Access Management (PAM)
IT Engineer, Privileged Access Management (PAM)
Job Summary
The Privileged Access Management (PAM) Engineer reports to the Information Security Manager and is responsible for designing, implementing, and operating enterprise PAM capabilities using Microsoft Security technologies and related platforms. This role secures privileged identities and access to critical systems, enforces least‑privilege and Zero Trust principles, and supports regulatory and audit requirements.
The PAM Engineer collaborates closely with IAM, Security Operations, Infrastructure, and Application teams to reduce organizational risk while maintaining a secure and user‑friendly access model. The role may support security operations and incident response activities when privileged access is involved.
Duties/Responsibilities
Core PAM Engineering
Design, implement, and maintain PAM solutions across cloud and hybrid environments using Microsoft Entra ID, Privileged Identity Management (PIM), Conditional Access, and related Microsoft security tooling
Onboard and manage privileged user, service, and application accounts, including credential vaulting, rotation, and lifecycle management
Configure and maintain Just‑In‑Time (JIT) access and privileged role workflows
Ensure all in‑scope systems, applications, vendors, and integrations are protected by PAM controls
Ensure availability, reliability, and security of PAM platforms and services
Monitoring, Detection & Incident Support
Monitor PAM‑related alerts and logs using Microsoft Sentinel and Defender XDR
Support investigation and response to incidents involving privileged account misuse or compromise
Collaborate with Security Operations and MSSPs to enhance PAM monitoring and detection use cases
Governance, Risk & Compliance Support
Support periodic access reviews and privileged role attestations
Maintain PAM documentation, standards, runbooks, and operational procedures
Provide input to security policies, standards, and annual review processes under the guidance of IT and Security leadership
Support audits and compliance reporting related to privileged access
Integration & Enablement
Integrate PAM controls with IAM, endpoint, cloud, SIEM, and application platforms
Partner with application owners and business stakeholders to define privileged access roles and requirements
Provide technical guidance and training to stakeholders on PAM processes and best practices
Automation & Continuous Improvement
Develop automation and scripting for PAM account management, reporting, and operational efficiency
Track PAM KPIs and apply metric driven improvements to reduce risk and operational friction
Evaluate emerging Microsoft security features and recommend roadmap enhancements
Required Technical Skills
Hands‑on experience with Microsoft Entra ID, Privileged Identity Management (PIM), Conditional Access, and Microsoft Defender products
Strong understanding of privileged access models, least‑privilege principles, and Zero Trust security architecture
Experience managing identities and access within Microsoft 365 and Azure environments
Experience with Windows platforms, Active Directory, and authentication/authorization concepts
Scripting or automation experience (PowerShell preferred)
Familiarity with SIEM/XDR platforms (Microsoft Sentinel and Defender XDR preferred)
Technical documentation and runbook development skills
Professional & Behavioral Skills
Strong communication skills with the ability to explain technical concepts to non‑technical audiences
Proven ability to collaborate across security, IT, and business teams
Strong analytical, troubleshooting, and problem‑solving skills
Ability to operate effectively in fast‑paced and regulated environments
Continuous‑learning mindset with adaptability to evolving security technologies
KPI
Description
Policy Implementation
Timely implementation and maintenance of PAM policies and controls
Incident Reduction
Reduction in privileged account-related security incidents
Audit Compliance
Compliance with internal and external audit requirements
Integration Success
Successful integration of Microsoft Security Suite components
Stakeholder Feedback
Positive feedback from stakeholders on PAM processes and support
Education & Experience
Bachelor’s degree in computer science, Information Technology, or a related field preferred
3+ years of experience in Microsoft Windows and Microsoft 365 environments with direct responsibility for identity or security controls
2+ years of hands‑on experience with Microsoft Azure, Entra ID, Defender, and Purview portals
Experience supporting hybrid (cloud and on‑premises) environments
Experience with application authentication (IdP) and authorization (IdM) concepts
Experience working across multiple concurrent projects in a dynamic environment
Preferred Experience & Certifications
Microsoft Certified: Identity and Access Administrator Associate
Microsoft Certified: Security Operations Analyst Associate
CISSP or equivalent security certification
Additional Microsoft Security certifications
Experience with IAM, Active Directory, Windows Server, SQL Server, or networking fundamentals (DNS, DHCP, LAN/WAN)
About ArchWell Health:
At ArchWell Health, we’re creating a community of caring designed to help our members stay healthy and engaged. By focusing on a strong provider-patient relationship, routine wellness, and staying active, our members enjoy a higher level of care and better quality of life after the age of 60. Everything we do is for seniors. We believe seniors should be heard, listened to, and given ample time by their physicians to live well later in life.
Our value-based care model is designed to prevent illnesses while keeping members healthy and happy in every aspect of their life. We deliver best-in-class primary care at comfortable, accessible neighborhood centers where older adults can feel at home and become part of a vibrant, wellness-focused community. We’re passionate about caring for older adults and united by the belief that caring has the power to change everything for our members.
ArchWell Health is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to their race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other protected classification.