IT Engineer, Privileged Access Management (PAM)Job DescriptionPosted Monday, June 1, 2026 at 6:00 AMIT Engineer, Privileged Access Management (PAM)Job SummaryThe Privileged Access Management (PAM) Engineer reports to the Information Security Manager and is responsible for designing, implementing, and operating enterprise PAM capabilities using Microsoft Security technologies and related platforms. This role secures privileged identities and access to critical systems, enforces least‑privilege and Zero Trust principles, and supports regulatory and audit requirements.The PAM Engineer collaborates closely with IAM, Security Operations, Infrastructure, and Application teams to reduce organizational risk while maintaining a secure and user‑friendly access model. The role may support security operations and incident response activities when privileged access is involved.Duties/ResponsibilitiesCore PAM EngineeringDesign, implement, and maintain PAM solutions across cloud and hybrid environments using Microsoft Entra ID, Privileged Identity Management (PIM), Conditional Access, and related Microsoft security toolingOnboard and manage privileged user, service, and application accounts, including credential vaulting, rotation, and lifecycle managementConfigure and maintain Just‑In‑Time (JIT) access and privileged role workflowsEnsure all in‑scope systems, applications, vendors, and integrations are protected by PAM controlsEnsure availability, reliability, and security of PAM platforms and servicesMonitor PAM‑related alerts and logs using Microsoft Sentinel and Defender XDRSupport investigation and response to incidents involving privileged account misuse or compromiseCollaborate with Security Operations and MSSPs to enhance PAM monitoring and detection use casesGovernance, Risk & Compliance SupportSupport periodic access reviews and privileged role attestationsMaintain PAM documentation, standards, runbooks, and operational proceduresProvide input to security policies, standards, and annual review processes under the guidance of IT and Security leadershipSupport audits and compliance reporting related to privileged accessIntegration & EnablementIntegrate PAM controls with IAM, endpoint, cloud, SIEM, and application platformsPartner with application owners and business stakeholders to define privileged access roles and requirementsProvide technical guidance and training to stakeholders on PAM processes and best practicesDevelop automation and scripting for PAM account management, reporting, and operational efficiencyTrack PAM KPIs and apply metric driven improvements to reduce risk and operational frictionEvaluate emerging Microsoft security features and recommend roadmap enhancementsRequired Technical SkillsHands‑on experience with Microsoft Entra ID, Privileged Identity Management (PIM), Conditional Access, and Microsoft Defender productsStrong understanding of privileged access models, least‑privilege principles, and Zero Trust security architectureExperience managing identities and access within Microsoft 365 and Azure environmentsExperience with Windows platforms, Active Directory, and authentication/authorization conceptsScripting or automation experience (PowerShell preferred)Familiarity with SIEM/XDR platforms (Microsoft Sentinel and Defender XDR preferred)Technical documentation and runbook development skillsProfessional & Behavioral SkillsStrong communication skills with the ability to explain technical concepts to non‑technical audiencesProven ability to collaborate across security, IT, and business teamsStrong analytical, troubleshooting, and problem‑solving skillsAbility to operate effectively in fast‑paced and regulated environmentsContinuous‑learning mindset with adaptability to evolving security technologiesKPIDescriptionPolicy ImplementationTimely implementation and maintenance of PAM policies and controlsReduction in privileged account-related security incidentsAudit ComplianceCompliance with internal and external audit requirementsIntegration SuccessSuccessful integration of Microsoft Security Suite componentsStakeholder FeedbackPositive feedback from stakeholders on PAM processes and supportEducation & ExperienceBachelor's degree in computer science, Information Technology, or a related field preferred3+ years of experience in Microsoft Windows and Microsoft 365 environments with direct responsibility for identity or security controls2+ years of hands‑on experience with Microsoft Azure, Entra ID, Defender, and Purview portalsExperience supporting hybrid (cloud and on‑premises) environmentsExperience with application authentication (IdP) and authorization (IdM) conceptsExperience working across multiple concurrent projects in a dynamic environmentPreferred Experience & CertificationsMicrosoft Certified: Identity and Access Administrator AssociateMicrosoft Certified: Security Operations Analyst AssociateCISSP or equivalent security certificationAdditional Microsoft Security certificationsExperience with IAM, Active Directory, Windows Server, SQL Server, or networking fundamentals (DNS, DHCP, LAN/WAN)About ArchWell Health:At ArchWell Health, we're creating a community of caring designed to help our members stay healthy and engaged. By focusing on a strong provider‑patient relationship, routine wellness, and staying active, our members enjoy a higher level of care and better quality of life after the age of 60. Everything we do is for seniors. We believe seniors should be heard, listened to, and given ample time by their physicians to live well later in life.Our value‑based care model is designed to prevent illnesses while keeping members healthy and happy in every aspect of their life. We deliver best‑in‑class primary care at comfortable, accessible neighborhood centers where older adults can feel at home and become part of a vibrant, wellness‑focused community. We're passionate about caring for older adults and united by the belief that caring has the power to change everything for our members.ArchWell Health is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to their race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other protected classification.#J-18808-Ljbffr