Lighthouse Technology Services is partnering with our client to fill their Privieleged Access Management (PAM) Engineer position! This is a 12+ month contract opportunity with a preference for hybrid on site in Buffalo, NY. This role will be a W2 employee of Lighthouse Technology Services. No C2C or subcontracting arrangements will be considered. 

What You'll Be Doing:

Design & Operate Enterprise PAM Solutions

• Build, implement, and maintain CyberArk-based Privileged Access Management solutions at enterprise scale within a highly regulated financial services environment
• Manage credential vaulting, privileged session management, access policy enforcement, and audit logging
• Implement and oversee credential lifecycle automation and rotation processes
• Leverage Azure Key Vault for secure storage and management of application secrets, keys, and certificates

Integrate Security into DevOps Pipelines

• Embed PAM and secrets management capabilities directly into DevOps and CI/CD workflows
• Build automation using PowerShell and REST APIs to enable scalable onboarding, credential rotation, and access workflows
• Partner with application, cloud, and platform teams to implement security controls in cloud-native architectures without impeding development velocity

Ensure Compliance & Security Standards

• Enforce least privilege principles and session monitoring across the enterprise
• Design resilient, highly available PAM integrations across hybrid on-premises and Azure cloud environments
• Maintain compliance with internal risk, audit, and regulatory requirements

What You'll Need:

• 5+ years of Expert-level, hands-on PAM engineering experience (not advisory/consulting only) in large, regulated enterprise environments
• Deep expertise with CyberArk platforms, including practical implementation and operational experience
• Proven track record in financial services or similarly regulated industries
• Strong background with hybrid infrastructure: Windows, Linux, Active Directory, Entra ID, and Azure services
• Automation proficiency with PowerShell and REST APIs
• Ability to operate independently and contribute immediately with minimal ramp-up time
• Strong understanding of authentication, authorization, enterprise security architecture, and cloud security
• Experience integrating security tools with CI/CD and DevOps platforms
• Financial Industry / Regulatory Environment Experience
• Excellent collaboration skills when working with cross-functional technical teams

Highly Preferred Qualifications:

• CyberArk CDE (Cloud DevOps Extensions) Certification
• If this person has the CDE Certification - they will consider remote candidates with this.

Pay Range: $90-100/hr 

Questions about any of our jobs? Email us at recruiting@lhtservices.com 

View all of our open jobs here: jobs.lhtservices.com