Lead Pam Engineer

Job Title: Lead PAM (Privileged Access Management) Engineer

Location: Bury

Job Type: Full-Time

Job Description:

We are seeking a skilled and experienced Privileged Access Management (PAM) Engineer to deliver best-in-class design, implementation and management of our PAM solutions in a large-scale, fast-paced retail environment.

You will be joining the Identity & Access Management (IAM) team reporting to the Head of IAM, all of which is part of our growing Information Security function.

This role requires deep CyberArk expertise (both on-prem and cloud), strong operational knowledge and the ability to work effectively across security, infrastructure and DevOps teams.

Key Responsibilities:

• Design, deploy and manage CyberArk Privilege Cloud, including secure onboarding of privileged accounts, credential rotation policies and session monitoring.
• Support hybrid environments by integrating Privilege Cloud with on-prem infrastructure and identity sources (e.g. Active Directory)
• Collaborate with internal colleagues and teams to maintain optimal configuration, availability and performance.
• Engineering, support and maintenance of other CyberArk components such as PSM, CPMs, HTML5 gateways and PTA in hybrid and legacy environments.
• Implement PAM controls in alignment with internal security standards, and data protection policies relevant to the retail sector
• Participate in security reviews and support audit-related activities related to privileged account governance
• Leverage CyberArk REST APIs and other automation frameworks to enable automated onboarding, reporting and policy enforcement
• Provide integration support across ITSM ticket systems, SIEMs and CI/CD pipelines to ensure secure DevOps practices.
• Perform regular health checks, maintenance and upgrades, and incident resolution for CyberArk platforms
• Provide level 2/3 support for CyberArk-related issues and respond to alerts generated by Privilege Cloud, or threat analytics tools.
• Document architecture, procedures and incident response playbooks.
• Work with Technology, Security and Application teams to understand privileged access needs across the organisation’s systems and cloud environments
• Educate internal teams on best practices for using CyberArk Privilege Cloud securely and efficiently.

Skills & Experience:

• Proven hands-on experience with CyberArk in hybrid environments
• Demonstrable experience of having performed the role of PAM Engineer
• Solid understanding of Active Directory, Windows/Linux systems, and cloud platforms (AWS, Azure, GCP)
• Experience with automation/scripting (Powershell, Ansible, Python) and CyberArk’s REST APIs
• Excellent problem-solving skills and attention to detail
• Strong written and verbal communication and collaboration skills
• Detail-oriented with a strong security mindset and ability to think proactively.

Nice to have:

• Hands-on experience with CyberArk Conjur or CyberArk Secrets Manager (or similar Secrets Management solutions, e.g. Hashicorp Vault)

Preferred Qualifications :

• CyberArk Certified Defender (or better)
• Security certifications such as CISSP, CISM or CCSP are a plus.
• Knowledge of security frameworks, regulatory requirements and compliance standards (e.g. NIST, PCI DSS, GDPR).