Privileged Access Management (PAM) Consultant

Description

Job Title: Privileged Access Management (PAM) Consultant

Location: UK

Job Type: Contract

Experience Level: Senior

We are seeking a highly experienced Privileged Access Management (PAM) Consultant to lead the assessment and strategic planning of PAM solutions within a complex hosting infrastructure. This role focuses on evaluating existing access control mechanisms, identifying risks associated with over-privileged accounts, and recommending scalable PAM solutions tailored to diverse operating systems and on-premises environments.

• Conduct comprehensive assessments of internal infrastructure to identify privileged access risks and gaps.
• Analyze current access provisioning models, especially where elevated permissions (e.g., root, Admin access) are broadly granted.
• Analyze existing access control models and recommend enhancements using RBAC, ABAC, and least privilege principles.
• Design PAM architectures that support secure delegation of access across diverse platforms.
• Design and recommend PAM strategies that enforce least privilege, improve auditability, and enhance operational security.
• Evaluate and compare PAM solutions (e.g., CyberArk, BeyondTrust, Delinea) based on technical fit, scalability, and integration capabilities.
• Document findings in detailed reports including architecture diagrams, risk assessments, and implementation roadmaps.
• Collaborate with infrastructure, security, and operations teams to align PAM strategies with business and technical requirements.
• Support PoC and pilot deployments to validate solution effectiveness.
• Provide technical guidance on session monitoring, credential vaulting, access workflows, and policy enforcement.

• Experience in PAM consulting and implementation, with a strong focus on environmental assessment and solution design.
• Strong expertise in RBAC and ABAC models, including policy design and enforcement.
• Deep understanding of on-premises infrastructure and hosting environments.
• Hands-on experience with Windows, Linux, Solaris, and AIX server platforms.
• Familiarity with Active Directory, LDAP, SSH key management, and service account governance.
• Experience with PAM tools such as CyberArk, BeyondTrust, Delinea, etc
• Experience with identity federation, directory services, and authentication protocols (e.g., Kerberos, SAML, OAuth)
• Strong analytical skills to assess complex environments and recommend tailored solutions.
• Excellent documentation and presentation skills for technical and executive audiences.

• Certifications in PAM technologies (e.g., CyberArk Defender/Sentry, BeyondTrust Certified).
• Experience with scripting (PowerShell, Bash, Python) for automation and discovery.
• Knowledge of compliance frameworks such as ISO 27001, SOC 2, PCI-DSS, or NIST.

We are an equal opportunities employer and welcome applications from all suitably qualified persons. SC required, or lapsed SC or SC can be provided if eligible