Lead Privileged Access Management (PAM) Engineer

ole:Being a Senior / Lead Engineer within the CISO organization, you will serve as a technical authority for DTCC's Privileged Access Management (PAM) platforms. You will design, build, and operate highly available, secure PAM services across hybrid environments, ensuring privileged access is controlled, observable, and resili

ent.This role plays a critical part in advancing Zero Trust principles by embedding PAM into infrastructure, cloud, and application workflows. You will lead by example-owning production outcomes, driving automation, and ensuring the platform is observable, auditable, and operationally so

und. Your Primary Responsibili

• ties:Design and evolve PAM platform architecture with a focus on scalability, resilience (HA/DR), and security-by-de
• sign.Drive platform maturity: Implement sophisticated capabilities (JIT access, session recording, credential vaulting, API integrations) and standardize onboarding of new sys
• tems.Implement and maintain end-to-end observability for PAM platforms using monitoring, logging, and alerting tools (e.g., Splunk, Prometheus, Grafana, or equival
• ent).Governance & compliance: Establish policies for privileged account lifecycle, enforce password complexity and rotation, and ensure audit readiness for SOX, PCI, and internal cont
• rols.Automation & integration: Embed PAM into CI/CD pipelines and workflows; develop scripts and connectors for automated provisioning and session manage
• ment.Operational excellence: Monitor PAM performance, lead incident response for privileged access breaches, and conduct root-cause analysis and remedia
• tion.Stakeholder engagement: Communicate platform health, roadmap, and risk posture to senior leadership; manage vendor relationships and licen
• sing.Act as a mentor for other engineers-reviewing designs, code, and operational pract
• ices.Disaster recovery readiness: Participate in DR exercises and ensure PAM resilience in loss-of-region scena

• tions:Minimum of 6 years of related expe
• rienceBachelor's degree preferred and/or equivalent expe

rienceTalents Needed for Su

• ccess:6+ years in security/platform engineering
• or IAMSolid understanding of privileged account lifecycle, credential vaulting, and session manag
• ement.Expertise in automation (Jenkins, Python, Groovy or equivalent) and integration with CI
• /CD a.Familiarity with Windows, Unix/Linux, Active Directory, and hybrid cloud environ
• ments.Understanding of regulatory compliance and audit processes in financial or highly regulated indus

tries.Preferred Qualific

• ationsExperience implementing and managing Bravura PAM or similar enterprise PAM solutions (e.g. Cybe
• rArk).Experience with Zero Trust architectures, API-based integrations, and sophisticated PAM features (JIT, ephemeral credent
• ials).Familiarity with cloud, Kubernetes, OpenShift platform and PAM integration pat
• terns.Knowledge of risk frameworks and evidence automation for a

• ts:Competitive compensation, including base pay and annual incent
• iveComprehensive health and life insurance and well-being benefits, based on locat
• ionPension / Retirement benef
• itsPaid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-bei
• ng.DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employe, udits.The salary range is indicative for roles at the same level within DTCC across all US locations. Actual salary is determined based on the role, location, individual experience, skills, and other considerations. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommod ation.

Are you ready to make an impact at DTCC? Do you want to work on innovative projects, collaborate with a dynamic and supportive team, and receive investment in your professional development? At DTCC, we are at the forefront of innovation in the financial markets. We are committed to helping our employees grow and succeed. We believe that you have the skills and drive to make a real impact. We foster a thriving internal community and are committed to creating a workplace that looks like the world that we serve The Information Technology group delivers secure, reliable technology solutions that enable DTCC to be the trusted infrastructure of the global capital markets. The team delivers high-quality information through activities that include development of essential, building infrastructure capabilities to meet client needs and implementing data standards and governanc