About this PAM Engineer / CyberArk Specialist role at Makpar
This role requires hands-on privileged access experience, preferably with CyberArk and federal enterprise environments.
Key Responsibilities
• Support Just-in-Time provisioning for privileged access.
• Support privileged session management, privilege elevation, delegation management, and lifecycle management.
• Support enterprise secrets management use cases and integration with back-end vault platforms.
• Discover, classify, manage, and govern privileged accounts across systems and applications.
• Identify owners and usage patterns for privileged human and non-human accounts.
• Implement RBAC and ABAC for privileged accounts.
• Support PIV-based SSO for privileged access to prevent credential exposure.
• Register applications for PAM across multiple environments.
• Randomize, manage, and vault passwords, keys, and other credentials for administrative, service, and application accounts.
• Broker credentials to applications, databases, services, network devices, operating systems, and other systems.
• Coordinate vulnerability remediation with security teams.
• Support STIG configurations and hardened container images.
• Monitor, record, audit, and analyze privileged sessions and actions.
• Develop security audit dashboards and support FISMA/compliance data pulls.
• Support Active Directory tiering and permission improvements.
Required Qualifications
• Experience with privileged accounts, privileged session management, secrets management, and credential vaulting.
• Experience with CyberArk or comparable PAM platform.
• Experience with least privilege, privileged account discovery, account ownership, and lifecycle governance.
• Ability to support cloud, hybrid, and on-prem privileged access use cases.
• Ability to obtain favorable EOD / suitability and maintain required USCIS access.
• U.S. citizenship likely required for DHS IT access unless waiver is granted — confirm before final posting.
Preferred Qualifications
• Experience supporting PAM adoption across many application teams.
• Experience with PIV SSO for privileged access.
• Experience with AD tiering, LDAP, CDM, STIGs, hardened containers, and FISMA dashboards.
• Experience supporting DevOps secrets management and container platform integrations.
• Prior DHS, USCIS, or federal Zero Trust/PAM experience.