Capgemini Government Solutions (CGS) LLC is seeking a PIM/PAM Engineer to support mission-critical government clients. The ideal candidate will collaborate with a high-performing team, engage with a broad range of stakeholders, and play a key role in expanding CGS capabilities while continuing to grow their technical and consulting expertise.
The PIM/PAM Engineer is responsible for the design, implementation, and long-term sustainment of the BeyondTrust ecosystem, including Privileged Remote Access (PRA), Endpoint Privilege Management (EPM), and Password Safe. This role ensures the secure management of privileged identities within the DHA ICAM framework by maintaining a hardened appliance posture and enforcing the Principle of Least Privilege across the enterprise. The ideal candidate is a technical specialist who understands that identity is the new perimeter. You will act as the primary administrator for our PAM vaulting solutions, working closely with Infrastructure, DevOps, and Security Operations teams to integrate vaulting into every layer of our tech stack.
Key Responsibilities - Lead the deployment of B Series and U-Series virtual appliances (OVA/OVF) and manage the configuration of Jumpoints for secure, segmented network access.
- Assume full responsibility for the continuous health of the platform, including performing software upgrades, security patching, and SSL certificate renewals for all BeyondTrust appliances.
- Periodically review and tune EPM Workstyles (Windows/Linux/macOS) to ensure least-privilege policies remain effective without impacting user productivity.
- Perform routine maintenance of Password Safe, including account discovery jobs, troubleshooting credential rotation failures, and managing functional accounts for automated injections.
- Execute and verify regular backups of appliance configurations and the BeyondInsight database to ensure rapid recovery in accordance with Disaster Recovery (DR) protocols.
- Monitor syslog/HEC data streams to Splunk for continuous security auditing and troubleshoot integration gaps between PAM and identity providers (SAML/AD).
Desired Education & Experience - Bachelor's degree in Cybersecurity, Computer Science, or a related technical field.
- Security+ CE or CASP+ desired.
- BeyondTrust Certified Professional (BTCP) in PRA, EPM, or Password Safe is highly preferred.
- 4+ years of IAM experience, with at least 2 years focused on BeyondTrust product administration and sustainment.
- Ability to obtain and maintain a DoD Secret Clearance. U.S. Citizenship is required.
The base salary range for the tagged location is $110k - $135k.
This role may be eligible for other compensation including variable compensation, bonus, or commission. Full time regular employees are eligible for paid time off, medical/dental/vision insurance, 401(k), and any other benefits to eligible employees.
Note: No amount of pay is considered to be wages or compensation until such amount is earned, vested, and determinable. The amount and availability of any bonus, commission, or any other form of compensation that are allocable to a particular employee remains in the Company's sole discretion unless and until paid and may be modified at the Company's sole discretion, consistent with the law.
