Privileged Access Management Engineer

Provides advanced analysis, recommendations, and implementation of privileged access management solutions to ensure best practice security across the enterprise. Coordinates with other teams and departments to review access rights and potential risks.

Core Responsibilities

• Implement and manage the privileged access lifecycle for Windows and Linux servers.

• Onboard, classify, and manage privileged accounts, including local admin, service accounts, and break-glass identities.

• Configure credential rotation policies and enforce strong authentication standards.

• Deploy and maintain Just-in-Time (JIT) and Just-Enough Access (JEA) models.

• Integrate PAM with cloud-native identity frameworks such as AWS IAM Roles, Azure Managed Identities, and GCP Service Accounts.

• Operate and administer CyberArk components (Safes, CPM, PSM/PSMP) and cloud-native secret stores.

• Automate PAM tasks using PowerShell, Python, or Bash.

• Use Infrastructure-as-Code (Terraform preferred) to define and deploy PAM integrations and policies.

• Work with the business to be able to accomplish Privilege Access Operations standard workflows as well as efficiently resolve complex incidents through creative problem solving.

• Work with enterprise stakeholders to understand business requirements and IT standards that influence how PAM solutions/services should operate.

• Be action oriented; taking on new opportunities and tough challenges with a sense of urgency, high-energy and enthusiasm.

• Identifies and recommends opportunities for continuous improvement. Supports the implementation of changes to department policies and procedures to meet changing business needs and to achieve department objectives.

• Ability to mentor and provide oversight to analysts on the Privileged Access Management Team.

• Basic administration skills for Windows Server and Linux systems. (Required)

• Foundational understanding of IAM concepts and privileged access principles. (Preferred)

• Exposure to AWS, Azure, or GCP services related to compute, identity, and access management. (Required)

• Scripting experience using PowerShell, Python, or Bash. (Required)

• Familiarity with vaulting/secrets management solutions (CyberArk, AWS Secrets Manager, Azure Key Vault).

• Experience with Terraform or other Infrastructure-as-Code tools. (Preferred)

• Familiarity with CyberArk Enterprise Password Vault (EPV), EPM, PSM and WPM.

• Hands-on experience with log analysis, security monitoring, or SIEM tools. (Preferred)

• Experience in Change/Incident Management Tools such as Service Now

• A team player and quick learner with a heavy emphasis on communication skills.

• Understanding of the Follow the Sun Model and how companies operate on the global scale.

• Minimum 5-7 years related work experience. Experience with information security, system administration, cloud engineering, network administration or IT preferred.

About Vanguard At Vanguard, we don't just have a mission-we're on a mission. To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients' lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne, our mission drives us forward and inspires us to be our best. How We Work Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.