The PIM/PAM Engineer is responsible for the architecture, design, implementation, and administration of enterprise-level Privileged Identity Management (PIM) and Privileged Access Management (PAM) solutions. This role ensures the secure management of privileged identities within the framework by maintaining a hardened appliance posture and enforcing the Principle of Least Privilege across the enterprise. The ideal candidate is a technical specialist who understands that identity is the new perimeter. You will act as the primary administrator for our PAM vaulting solutions, working closely with Infrastructure, DevOps, and Security Operations teams to integrate vaulting into every layer of our tech stack.
Key Responsibilities :- Design, deploy, configure, and maintain robust PIM/PAM solutions across enterprise, cloud, and hybrid environments.
- Manage the lifecycle of privileged accounts, including automated vaulting, password rotation, privileged session management, and just-in-time (JIT) access.
- Integrate PIM/PAM tools with broader identity ecosystems (IdPs, IGA, SIEM, and ticketing systems like ServiceNow) using APIs and custom scripting.
- Define, implement, and enforce least-privilege access policies, role-based access control (RBAC), and attribute-based access control (ABAC).
- Conduct regular discovery audits to identify unmanaged privileged accounts, service accounts, and secrets, bringing them under centralized management.
- Provide tier-3 technical support for complex identity infrastructure issues, system upgrades, patches, and disaster recovery drills.
- Support continuous monitoring and audit readiness by generating compliance reports and ensuring adherence to federal and DoD security frameworks.
- Deep understanding of session recording, credential vaulting, secrets management, and delegation of authority.
- Strong foundational knowledge of Windows Active Directory, Linux/Unix administration, Group Policy Objects (GPOs), and basic networking protocols.
- Proficiency in scripting languages (e.g., PowerShell, Python, Bash) for automation and API integrations.
Required Qualifications:- Ability to obtain and maintain a DoD Secret Clearance. U.S. Citizenship is required.
- Bachelor's degree in computer science, Information Technology, Cybersecurity, or a related technical field is required.
- 6+ of progressive IT experience required with 2-3+ years of dedicated experience in Identity and Access Management (IAM), with a strong focus on PIM/PAM engineering highly-desired.
- CompTIA Security+ CE (Current) is highly desired.
Capgemini discloses salary range information in compliance with state and local pay transparency obligations. The disclosed range represents the lowest to highest salary we, in good faith, believe we would pay for this role at the time of this posting, although we may ultimately pay more or less than the disclosed range, and the range may be modified in the future. The disclosed range takes into account the wide range of factors that are considered in making compensation decisions including, but not limited to, geographic location, relevant education, qualifications, certifications, experience, skills, seniority, performance, sales or revenue-based metrics, and business or organizational needs. At Capgemini, it is not typical for an individual to be hired at or near the top of the range for their role. The base salary range for the tagged location is $110k - $135k.
This role may be eligible for other compensation including variable compensation, bonus, or commission. Full time regular employees are eligible for paid time off, medical/dental/vision insurance, 401(k), and any other benefits to eligible employees.
Note: No amount of pay is considered to be wages or compensation until such amount is earned, vested, and determinable. The amount and availability of any bonus, commission, or any other form of compensation that are allocable to a particular employee remains in the Company's sole discretion unless and until paid and may be modified at the Company's sole discretion, consistent with the law.
