Web Access Management Engineer
Role details
Job location
Tech stack
Job description
AspenView is seeking an experienced Privileged Access Management (PAM) Specialist to design and build a privileged access management capability from the ground up for a strategic enterprise client. With the client's current PAM maturity effectively at zero, this is a greenfield engagement: you will own PAM discovery, vaulting design, just-in-time (JIT) access workflows, session recording, and the integration of privileged access controls into the broader Identity Governance and Administration (IGA) model. Working across a complex hybrid estate, you will establish foundational privileged access controls and scale them to protect up to 500 privileged users. The shift hours for this role are allocated in European timezone. What You Will Do: Privileged Account Discovery
-
Perform privileged account discovery across a hybrid estate, including Active Directory, Windows and Linux servers, and databases.
-
Catalog and classify privileged, shared, and external privileged accounts to establish a complete access baseline. Credential Vaulting & Rotation
-
Design and implement secure credential vaulting with automated password rotation.
-
Define policies and controls for the full lifecycle management of privileged credentials. Just-in-Time Access
-
Design and implement just-in-time (JIT) privilege elevation workflows to eliminate standing privileged access. Session Management
-
Deploy privileged session proxy and session recording capabilities to support monitoring, audit, and forensic review. Governance Integration
-
Integrate PAM controls with IGA certification and access-review workflows so that privileged access remains governed and compliant.
-
Partner with identity governance stakeholders to align PAM with the wider IGA operating model. Scale & Scope
-
Build initially for up to 250 privileged users, scaling to 500, spanning AD and Entra ID administrators, Windows/Linux servers, databases, network and security devices, SAP administrators, ServiceNow administrators, shared privileged accounts, and external privileged users. What You Bring
Requirements
-
Bachelor's degree in Computer Science, Information Security, Information Technology, or a related field, or equivalent practical experience., + Demonstrated experience performing privileged account discovery across hybrid environments (Active Directory, Windows/Linux servers, and databases).
-
Hands-on experience implementing credential vaulting and automated credential rotation.
-
Experience designing and implementing JIT privilege elevation.
-
Experience deploying session proxy and session recording solutions.
-
Experience integrating PAM controls with IGA certification workflows. Technical Expertise
-
Deep expertise in a leading PAM platform - CyberArk or BeyondTrust. Experience with the PAM module within Saviynt is valuable where an integrated IGA/PAM model is adopted.
-
Strong understanding of privileged access across hybrid estates spanning identity, servers, databases, and network/security devices. Preferred (Good to Have)
-
SAP privileged access (Basis / admin accounts).
-
Break-glass / firefighter workflow design.
-
Non-human identity (NHI) credential governance.
-
Microsoft Entra ID Privileged Identity Management (PIM) integration. Certifications
-
Current CyberArk Defender / Sentry OR BeyondTrust certified professional certification is required.
-
Saviynt PAM experience is relevant where an integrated IGA/PAM model is selected. Visa Sponsorship AspenView does not provide visa sponsorship for this role. Candidates must already be legally authorized to work in their country of residence.