Senior PAM Engineer

Job Type:Permanent

Location:Hybrid – Edinburgh, Telfordor Birmingham office. Expected 1–2 days per week in office, subject to business needs.

Flexible working:All of our roles are open to part-time, job-share and other types of flexibility. We will discuss what is important to you and balancing this with business requirements during the recruitment process. You can read more about Phoenix Flex here.

Closing Date:08/12/2025

Salary and benefits: £45,000 - £60,000 plus 16% bonus up to 32%, private medical cover, 38 days annual leave, excellent pension, 12x salary life assurance, career breaks, income protection, 3x volunteering days and much more

We want to be the best place that any of our 6,600 colleagues have ever worked.

We’re Phoenix Group, we’re a long-term savings and retirement business. We offer a range of products across our market-leading brands, Standard Life, SunLife, Phoenix Life and ReAssure. Around 1 in 5 people in the UK has a pension with us. We’re a FTSE 100 organisation that is tackling key issues such as transitioning our portfolio to net zero by 2050, and we’re not done yet.

As a Senior Privileged Access Management (PAM) Engineer, you’ll lead the design, implementation, and optimisation of Phoenix Group’s PAM services. You’ll be responsible for engineering secure, scalable solutions using CyberArk and related technologies, ensuring privileged accounts are managed in line with Zero Trust principles. You’ll work closely with architecture, infrastructure, and application teams to deliver robust controls that protect critical systems and sensitive data.

• Design and solutionise PAM architectures using CyberArk and its modules (Vault, PSM, CPM, EPM, SIA).
• Define and maintain onboarding processes for privileged accounts across Windows, Linux, cloud, and SaaS platforms.
• Integrate PAM with identity platforms (Microsoft Entra ID) and SIEM (Sentinel) for centralised monitoring and alerting.
• Work with projects and business units to embed PAM controls into new solutions and services.
• Automate PAM workflows using scripts (PowerShell, Python) to improve efficiency and reduce operational risk.
• Establish policies for credential rotation, session recording, and least-privilege access.
• Troubleshoot complex PAM issues and provide escalation support for critical incidents.
• Support audit and compliance activities with accurate documentation and evidence of control effectiveness.
• Mentor junior engineers and contribute to knowledge sharing across the team.

• Demonstrable experience designing and optimising PAM solutions using CyberArk in complex enterprise environments.
• Hands‑on expertise across CyberArk modules (Vault, PSM, CPM, EPM, SIA).
• Experience with CyberArk Privilege Cloud is highly desirable.
• Knowledge of Microsoft Entra ID integration for identity‑driven security.
• Strong scripting skills (PowerShell, Python) for automation and operational efficiency.
• Ability to engage with projects and stakeholders to embed PAM controls effectively.
• Understanding of Zero Trust principles and their application to privileged access.
• Awareness of regulatory and compliance standards (e.g., ISO 27001, NIST, GDPR, ISF Standard of Good Practice).

We are committed to ensuring that everyone feels accepted and welcome applicants from all backgrounds. If your experience looks different from what we’ve advertised and you believe that you can bring value to the role, we’d love to hear from you.

If you require any adjustments to the recruitment process, please let us know so we can help you to be at your best.

Please note that we reserve the right to remove adverts earlier than the advertised closing date. We encourage you to apply at the earliest opportunity.

• Guide for Candidates: thephoenixgroup.pagetiger.com/guideforcandidates
• Find or get answers from our colleagues: www.thephoenixgroup.com/careers/talk-to-us