IT Engineer, Privileged Access Management (PAM)

IT Engineer, Privileged Access Management (PAM)   Job Summary The Privileged Access Management (PAM) Engineer reports to the Information Security Manager and is responsible for designing, implementing, and operating enterprise PAM capabilities using Microsoft Security technologies and related platforms. This role secures privileged identities and access to critical systems, enforces least‑privilege and Zero Trust principles, and supports regulatory and audit requirements. The PAM Engineer collaborates closely with IAM, Security Operations, Infrastructure, and Application teams to reduce organizational risk while maintaining a secure and user‑friendly access model. The role may support security operations and incident response activities when privileged access is involved.   Duties/Responsibilities Core PAM Engineering Design, implement, and maintain PAM solutions across cloud and hybrid environments using Microsoft Entra ID, Privileged Identity Management (PIM), Conditional Access, and related Microsoft security tooling Onboard and manage privileged user, service, and application accounts, including credential vaulting, rotation, and lifecycle management Configure and maintain Just‑In‑Time (JIT) access and privileged role workflows Ensure all in‑scope systems, applications, vendors, and integrations are protected by PAM controls Ensure availability, reliability, and security of PAM platforms and services Monitoring, Detection & Incident Support Monitor PAM‑related alerts and logs using Microsoft Sentinel and Defender XDR Support investigation and response to incidents involving privileged account misuse or compromise Collaborate with Security Operations and MSSPs to enhance PAM monitoring and detection use cases Governance, Risk & Compliance Support Support periodic access reviews and privileged role attestations Maintain PAM documentation, standards, runbooks, and operational procedures Provide input to security policies, standards, and annual review processes under the guidance of IT and Security leadership Support audits and compliance reporting related to privileged access       Integration & Enablement Integrate PAM controls with IAM, endpoint, cloud, SIEM, and application platforms Partner with application owners and business stakeholders to define privileged access roles and requirements Provide technical guidance and training to stakeholders on PAM processes and best practices Automation & Continuous Improvement Develop automation and scripting for PAM account management, reporting, and operational efficiency Track PAM KPIs and apply metric driven improvements to reduce risk and operational friction Evaluate emerging Microsoft security features and recommend roadmap enhancements Required Technical Skills Hands‑on experience with Microsoft Entra ID, Privileged Identity Management (PIM), Conditional Access, and Microsoft Defender products Strong understanding of privileged access models, least‑privilege principles, and Zero Trust security architecture Experience managing identities and access within Microsoft 365 and Azure environments Experience with Windows platforms, Active Directory, and authentication/authorization concepts Scripting or automation experience (PowerShell preferred) Familiarity with SIEM/XDR platforms (Microsoft Sentinel and Defender XDR preferred) Technical documentation and runbook development skills Professional & Behavioral Skills Strong communication skills with the ability to explain technical concepts to non‑technical audiences Proven ability to collaborate across security, IT, and business teams Strong analytical, troubleshooting, and problem‑solving skills Ability to operate effectively in fast‑paced and regulated environments Continuous‑learning mindset with adaptability to evolving security technologies                   KPI  Description  Policy Implementation Timely implementation and maintenance of PAM policies and controls Incident Reduction Reduction in privileged account-related security incidents Audit Compliance Compliance with internal and external audit requirements Integration Success Successful integration of Microsoft Security Suite components Stakeholder Feedback Positive feedback from stakeholders on PAM processes and support   Education & Experience Bachelor’s degree in computer science, Information Technology, or a related field preferred 3+ years of experience in Microsoft Windows and Microsoft 365 environments with direct responsibility for identity or security controls 2+ years of hands‑on experience with Microsoft Azure, Entra ID, Defender, and Purview portals Experience supporting hybrid (cloud and on‑premises) environments Experience with application authentication (IdP) and authorization (IdM) concepts Experience working across multiple concurrent projects in a dynamic environment Preferred Experience & Certifications Microsoft Certified: Identity and Access Administrator Associate Microsoft Certified: Security Operations Analyst Associate CISSP or equivalent security certification Additional Microsoft Security certifications Experience with IAM, Active Directory, Windows Server, SQL Server, or networking fundamentals (DNS, DHCP, LAN/WAN)             About ArchWell Health:     At ArchWell Health, we’re creating a community of caring designed to help our members stay healthy and engaged. By focusing on a strong provider-patient relationship, routine wellness, and staying active, our members enjoy a higher level of care and better quality of life after the age of 60. Everything we do is for seniors. We believe seniors should be heard, listened to, and given ample time by their physicians to live well later in life.    Our value-based care model is designed to prevent illnesses while keeping members healthy and happy in every aspect of their life. We deliver best-in-class primary care at comfortable, accessible neighborhood centers where older adults can feel at home and become part of a vibrant, wellness-focused community. We’re passionate about caring for older adults and united by the belief that caring has the power to change everything for our members.    ArchWell Health is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to their race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other protected classification.