Lead Security Engineer - Privilege Access Management

(Privileged Access Management) will be responsible in engineering, evolution and operations of our Privileged Access Management ecosystem, specifically leveraging BeyondTrust Password Safe. The engineer will also provide escalation support and resolution for complex incidents that cannot be resolved at the L2 level to ensure reliable and compliant service delivery in collaboration with internal stakeholders and external providers.

Primary duties and responsibilities :-

Implementation & Configuration: Deploy, configure and support PAM solution using BeyondTrust Password Safe

Migration & Optimization: Support ongoing efforts to migrate legacy privileged accounts into the BeyondTrust vault and optimize existing workflow

Identity Infrastructure (AD & Entra ID): Manage the integration of BeyondTrust with Active Directory (OU structures, GPOs, and Kerberos) and Microsoft Entra ID

API & Scripting: Design and deploy PowerShell or Python scripts using BeyondTrust REST APIs to automate bulk onboarding, secret rotation, and session monitoring alerts.

Incident Response Support: Investigate, troubleshoot and resolve security incidents involving endpoint compromise or privilege escalation.

Operational Excellence: Perform regular platform upgrades, patching, and health checks.

Technical Mentorship: Provide guidance and training to junior security analysts on Privileged Access Management best practices and incident handling.