DTCC

Lead Privileged Access Management Engineer

DTCC$120K — $150K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 6+ years in security/platform engineering or IAM
  • Solid understanding of privileged account lifecycle and credential vaulting
  • Expertise in automation (Jenkins, Python, Groovy or equivalent)
  • Familiarity with Windows, Unix/Linux, Active Directory, and hybrid cloud environments
  • Understanding of regulatory compliance and audit processes in regulated industries

Responsibilities

  • Design and evolve PAM platform architecture focusing on scalability and security
  • Drive platform maturity by implementing sophisticated capabilities and standardizing onboarding
  • Implement end-to-end observability for PAM platforms using monitoring tools
  • Establish governance policies for privileged account lifecycle and compliance
  • Embed PAM into CI/CD pipelines and develop automated provisioning scripts
  • Monitor PAM performance and lead incident response for breaches
  • Communicate platform health and manage vendor relationships

Benefits

  • Mentoring opportunities for junior engineers
  • Engagement with senior leadership for platform communication
  • Participation in disaster recovery readiness exercises
  • Opportunity to work with advanced PAM capabilities and Zero Trust architectures
  • Contributing to the evolution of IT product management and engineering solutions
Full Job Description
Job Description

The Impact you will have in this role:

Being a Senior / Lead Engineer within the CISO organization, you will serve as a technical authority for DTCC's Privileged Access Management (PAM) platforms. You will design, build, and operate highly available, secure PAM services across hybrid environments, ensuring privileged access is controlled, observable, and resilient.

This role plays a critical part in advancing Zero Trust principles by embedding PAM into infrastructure, cloud, and application workflows. You will lead by example-owning production outcomes, driving automation, and ensuring the platform is observable, auditable, and operationally sound.

Your Primary Responsibilities:
  • Design and evolve PAM platform architecture with a focus on scalability, resilience (HA/DR), and security-by-design.
  • Drive platform maturity: Implement sophisticated capabilities (JIT access, session recording, credential vaulting, API integrations) and standardize onboarding of new systems.
  • Implement and maintain end-to-end observability for PAM platforms using monitoring, logging, and alerting tools (e.g., Splunk, Prometheus, Grafana, or equivalent).
  • Governance & compliance: Establish policies for privileged account lifecycle, enforce password complexity and rotation, and ensure audit readiness for SOX, PCI, and internal controls.
  • Automation & integration: Embed PAM into CI/CD pipelines and workflows; develop scripts and connectors for automated provisioning and session management.
  • Operational excellence: Monitor PAM performance, lead incident response for privileged access breaches, and conduct root-cause analysis and remediation.
  • Stakeholder engagement: Communicate platform health, roadmap, and risk posture to senior leadership; manage vendor relationships and licensing.
  • Act as a mentor for other engineers-reviewing designs, code, and operational practices.
  • Disaster recovery readiness: Participate in DR exercises and ensure PAM resilience in loss-of-region scenarios.

**NOTE: The Primary Responsibilities of this role are not limited to the details above. **

Qualifications:
  • Minimum of 6 years of related experience
  • Bachelor's degree preferred and/or equivalent experience

Talents Needed for Success:
  • 6+ years in security/platform engineering or IAM
  • Solid understanding of privileged account lifecycle, credential vaulting, and session management.
  • Expertise in automation (Jenkins, Python, Groovy or equivalent) and integration with CI/CD a.
  • Familiarity with Windows, Unix/Linux, Active Directory, and hybrid cloud environments.
  • Understanding of regulatory compliance and audit processes in financial or highly regulated industries.

Preferred Qualifications
  • Experience implementing and managing Bravura PAM or similar enterprise PAM solutions (e.g. CyberArk).
  • Experience with Zero Trust architectures, API-based integrations, and sophisticated PAM features (JIT, ephemeral credentials).
  • Familiarity with cloud, Kubernetes, OpenShift platform and PAM integration patterns.
  • Knowledge of risk frameworks and evidence automation for audits.

The salary range is indicative for roles at the same level within DTCC across all US locations. Actual salary is determined based on the role, location, individual experience, skills, and other considerations.

About the Team

Enterprise Product & Platform Engineering transforms the way we deliver infrastructure to our business clients. A key construct of EP&PE will be the evolution of the IT Product Manager, who will partner with the Engineering organization, the Business Aligned Service Delivery organization, the DevSecOps organization as well as our operational support teams to ensure that this organization provides high quality, commercially attractive and timely solutions to support our business strategy.

About DTCC

The Depository Trust & Clearing Corporation (DTCC) is a financial services company that provides clearing, settlement, and information services for the global financial industry. DTCC was founded in 1999 and is headquartered in New York City. The company operates through subsidiaries that provide services such as trade matching, risk management, and asset servicing. DTCC is owned by its users, which include broker-dealers, banks, and other financial institutions. The company is committed to reducing risk and increasing efficiency in the financial markets.
Learn more about DTCC
Size
4,000 employees
Industry
Founded
1973

Similar Jobs

More Jobs at DTCC

More Information Technology Jobs

Find similar Lead Privileged Access Management Engineer jobs: