Offer summary

Qualifications:

Strong experience in BeyondTrust PAM architecture and deployment, especially in hybrid cloud environments., Deep expertise with Microsoft SQL Server and PAM audit integration., Strong knowledge of Active Directory and group-based access control design., Scripting skills in PowerShell or Python for automation tasks..

Key responsibilities:

Lead the design, implementation, and management of BeyondTrust PAM solutions.

Collaborate with cross-functional teams to ensure PAM aligns with IT security architecture.

Automate credential lifecycle and access provisioning using scripting.

Support compliance audits by providing architectural documentation and access reports.

Job description

Key Responsibilities:

Lead the design, implementation, and management of enterprise-grade BeyondTrust PAM solutions.
Architect secure, scalable solutions integrating PAM with Active Directory, AWS IAM, and Microsoft SQL Server.
Design and implement IAM-PAM integration strategies to support access control across hybrid cloud environments.
Define and enforce least privilege access policies and Zero Trust security models.
Collaborate with cross-functional teams including Security, Infrastructure, and Cloud Engineering to ensure PAM aligns with overall IT security architecture.
Identify access patterns such as logins from unapproved hosts with db_owner roles and set up alerts or reports accordingly.
Automate credential lifecycle, session monitoring, and access provisioning using PowerShell or Python scripting.
Ensure alignment with regulatory and industry standards such as NIST, ISO 27001, and SOX.
Support compliance audits and internal assessments by providing architectural documentation and access reports.
Use audit data to define appropriate Active Directory security groups for PAM implementation:

PAM Auto-Approval group – users approved automatically
PAM Escalated Approval group – users requiring manual approval

Recommend and document access adjustment plans for users whose access will be modified under the new PAM framework.
Advise on on-prem PAM solutions (including pricing) for managing Remote Desktop and SQL Server access via AD groups.
Develop technical documentation including architecture diagrams, SOPs, and operational runbooks.

Required Qualifications:

Strong experience in BeyondTrust PAM architecture and deployment, especially within hybrid cloud environments.
Deep expertise with Microsoft SQL Server, particularly in PAM and audit integration.
Hands-on experience with AWS EC2, IAM, and monitoring services (CloudWatch, Security Hub, Guard Duty, etc.).
Strong knowledge of Active Directory, including group-based access control design and implementation.
Familiarity with auditing tools such as Log360Cloud, and experience configuring logging, dashboards, and alerting.
In-depth understanding of IAM-PAM integration models, including federated identity and session management.
Solid grasp of Zero Trust architecture, least privilege principles, and compliance frameworks.
Strong scripting skills in PowerShell, Python, or similar for automation and integration tasks.
Ability to produce detailed technical documentation and architecture designs.
BeyondTrust Certified Implementation Engineer (BCIE) or similar credentials.
Experience in access control for Remote Desktop and SQL Server using AD groups.
Knowledge of compliance frameworks (e.g., ISO 27001, SOX, NIST).
Previous experience in environments with mixed monitoring tools (ManageEngine, AWS-native tools, third-party APM solutions).