PAM Engineer - BeyondTrust & HashiCorp Vault

Privileged Access Management (PAM) Engineer

About The Role

We are seeking a highly skilled Privileged Access Management (PAM) Engineer to design, implement, and support enterprise privileged access solutions. This role will focus on securing critical systems and sensitive data using BeyondTrust technologies and HashiCorp Vault, while driving automation, compliance, and operational excellence across hybrid environments.

In This Role, You Will

• Administer and maintain BeyondTrust Password Safe (PWS) and Privileged Remote Access (PRA) solutions.
• Manage privileged accounts, credential lifecycle, password rotation, and access request workflows.
• Configure and maintain session management, auditing, reporting, and alerting controls.
• Implement and support HashiCorp Vault including secrets engines, authentication methods, and policies.
• Develop and maintain automation scripts (PowerShell, Python) to streamline PAM operations and integrations.
• Integrate PAM platforms with enterprise systems such as ServiceNow, SIEM tools, and APIs.
• Design and implement secure PAM architecture across on-premises and cloud environments.
• Monitor and troubleshoot credential issues, access failures, and system performance.
• Support internal and external security audits and compliance requirements (SOX, PCI-DSS, ISO, NIST).
• Enforce least privilege and zero-trust principles for privileged access control.
  
  

We strive to provide flexibility wherever possible. Based on this role’s business requirements, this is a remote position open to qualified applicants in the United States. Regardless of your working arrangement, we are here to support a healthy work-life balance though our various wellbeing programs.

The working arrangements for this role are accurate as of the date of posting. This may change based on the project you’re engaged in, as well as business and client requirements. Rest assured; we will always be clear about role expectations.

Required Qualifications

• 2 years of hands-on experience with:
• BeyondTrust Password Safe (PWS) administration
• BeyondTrust Privileged Remote Access (PRA)
• HashiCorp Vault (secrets management, authentication, and policies)
• Strong understanding of PAM architecture, credential management, and access control models.
• Proficiency in PowerShell and Python scripting, including REST API integrations.
• Experience working with Active Directory, Windows/Linux environments, and enterprise systems.
• Knowledge of security best practices, compliance frameworks, and auditing requirements.
• Strong analytical, troubleshooting, and problem-solving skills.
  

Preferred Qualifications

• Experience with Kubernetes and container security practices.
• Familiarity with Multi-Factor Authentication (MFA) solutions (e.g., Okta, Duo, Microsoft Authenticator).
• Exposure to cloud platforms (Azure, AWS, GCP) and cloud-native secrets management tools.
• Knowledge of CI/CD pipelines, Infrastructure as Code (IaC), and Git workflows.
• Understanding of modern security concepts such as Zero Trust and MITRE ATT&CK.
  
  

Salary And Other Compensation

Applications will be accepted until June 26, 2025.

The annual salary for this position is between $84,000 - $134,000 depending on experience and other qualifications of the successful candidate.

This position is also eligible for Cognizant’s discretionary annual incentive program, based on performance and subject to the terms of Cognizant’s applicable plans.

Benefits: Cognizant offers the following benefits for this position, subject to applicable eligibility requirements:

• Medical/Dental/Vision/Life Insurance
• Paid holidays plus Paid Time Off
• 401(k) plan and contributions
• Long-term/Short-term Disability
• Paid Parental Leave
• Employee Stock Purchase Plan
  
  

Disclaimer: The salary, other compensation, and benefits information is accurate as of the date of this posting. Cognizant reserves the right to modify this information at any time, subject to applicable law.