Identity Management Consultant

Privileged Access Management (PAM) Engineer

Location: Vienna, VA

Employment Type: W2 Contract

Hourly Rate: $72 W2

We are seeking a highly skilled Privileged Access Management (PAM) Engineer to join our cybersecurity team. In this role, you will support, enhance, and evolve our enterprise PAM environment while working closely with security, infrastructure, and application teams across the organization. The ideal candidate has hands-on experience with CyberArk or similar PAM platforms and a strong background in enterprise identity security.

Responsibilities

• Operate and maintain enterprise PAM technologies, including account management, secrets management, and system patching.
• Lead and contribute to projects delivering new PAM features, security enhancements, and software updates.
• Automate administration tasks and integrate PAM with external systems and services.
• Support PAM strategy through discovery, gap analysis, onboarding, and ongoing service improvement.
• Design, configure, and maintain PAM solutions across AIX, RHEL, Windows, and Mainframe environments.
• Integrate PAM tools with technologies such as ServiceNow, hosting platforms, IGA tools, SIEM, and other enterprise systems.
• Provide security consultation to internal teams on identity and data protection best practices.
• Create and maintain documentation, diagrams, and inventories for PAM processes and infrastructure.
• Monitor PAM infrastructure for performance, capacity, and licensing needs; provide regular reporting to leadership.
• Participate in an on-call rotation supporting production PAM systems.

Qualifications

• Bachelor’s degree in Computer Science, IT, or related field.
• 5–7 years of experience administering and maintaining PAM solutions (CyberArk, BeyondTrust, Delinea).
• Experience delivering large security projects within SAFe, Scrum, or Kanban frameworks.
• Strong background supporting enterprise IT environments, preferably in financial services.
• Experience with identity and access management tools (Microsoft, CyberArk, Saviynt, ServiceNow, RSA, etc.).
• Hands-on administration experience with Active Directory, Azure AD, PKI, Federation Services, RSA, and other core identity technologies.
• Advanced communication, analytical, and problem-solving skills.
• Experience developing automation using PowerShell (Windows) and Bash (Linux/UNIX).
• Understanding of PAM integrations with common enterprise resources including Windows, Linux/UNIX, VMware, Azure, SQL/Oracle/DB2, network appliances, and Mainframe.
• Familiarity with change control processes and production discipline.

Preferred Qualifications

• CyberArk certifications (Defender, Sentry, Guardian).
• Experience building and deploying PSM and CPM connectors.
• Scripting and automation background (including Ansible).
• Experience with Credential Providers (AAM, CCP).
• PTA experience (nice to have).
• Physical server and OS platform expertise (nice to have).

We are an Equal Opportunity Employer committed to a diverse and inclusive workplace. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, age, gender identity, national origin, disability, or veteran status. We value diverse perspectives and actively seek to create an inclusive environment that celebrates the unique qualities of all employees.