Privilege Access Management Engineer II

Information Technology (IT) is the unified IT organization that supports the vision values mission and goals of the University by providing IT infrastructure systems administrative applications academic resources and related services to faculty students and staff. Embracing DUs Impact 2025 the division aligns IT resources with the Universitys strategic goals and operational plans providing service in the spirit of One DU.

Position Summary

The Privilege Access Management (PAM) Engineer II is responsible for the administration configuration and operational support of the universitys PAM solutions. This role is a key member of the security team managing and securing privileged accounts credentials and access across university systems using platforms such as CyberArk BeyondTrust or Delinea. The engineer will actively enforce the principle of least privilege ensuring all privileged access is effectively monitored audited and controlled. This position also provides direct support for related endpoint security platforms including Microsoft Intune and Apple JAMF ensuring a cohesive approach to access control across all endpoints. The position will also collaborate with the IAM team to manage user identities provisioning deprovisioning and access control policies ensuring compliance with university standards and regulatory frameworks.

The Privilege Access Management (PAM) Engineer II serves within the University of Denvers Information Security team and reports to the Director of Cyber Operations.

Essential Functions

• Administer configure and maintain PAM platforms (e.g. CyberArk BeyondTrust Delinea) to secure monitor and manage privileged accounts credentials and access across university systems.
• Design and enforce PAM policies including credential rotation session monitoring and least privilege principles.
• Implement and manage just-in-time access and privileged session recording to enhance security for critical systems.
• Monitor triage and investigate security events and alerts specifically related to privileged access with a focus on detecting unauthorized access or privilege escalation.
• Conduct analysis and optimization of PAM tools to enhance detection and prevention capabilities.
• Collaborate with IT and business units to integrate PAM solutions ensuring minimal disruption while enforcing strong controls.
• Assist with incident response activities related to privileged access security incidents including containment remediation and post-incident analysis.
• Maintain and update documentation for PAM processes configurations and workflows.
• Provide direct administration and support for Endpoint Privilege Management (EPM) and Mobile Device Management (MDM) policies within platforms like Microsoft Intune and Apple JAMF as they relate to privileged access control and security.
• Support incident detection and response efforts by analyzing security logs correlating privileged access events with potential incidents and coordinating with the incident response team to mitigate threats.
• Contribute to email security initiatives by integrating PAM controls with email platforms to prevent unauthorized access to sensitive email accounts and detect phishing or credential theft attempts.
• Assist in vulnerability management by identifying and prioritizing vulnerabilities in privileged accounts and systems collaborating with the team to remediate risks through PAM configurations.
• Work with the network architecture team to ensure PAM solutions align with network security policies including firewall rules network segmentation and secure remote access protocols.
• Collaborate with the IAM team to manage user identities provisioning deprovisioning and access control policies ensuring compliance with university standards and regulatory frameworks.
• Collaborate with the information security team to enhance the universitys overall security posture.

Knowledge Skills and Abilities

• Strong understanding of Privileged Access Management (PAM) concepts including least privilege credential vaulting and privileged account auditing.
• Experience administering and supporting PAM platforms such as CyberArk BeyondTrust or Delinea or willing to learn the platform in a short time.
• Solid knowledge of operating systems (Windows macOS Linux) and their integration with PAM solutions.
• Strong analytical and problem-solving skills to investigate security events and assess the impact of incidents.
• Experience with scripting languages (e.g. PowerShell Python) and automation tools to streamline security tasks.
• Familiarity with compliance frameworks (e.g. NIST CIS GDPR) and their application to privileged access security.
• Hands-on experience with endpoint security tools specifically Endpoint Privilege Management (EPM) and Mobile Device Management (MDM) within platforms like Microsoft Intune and Apple JAMF.
• Excellent communication skills to collaborate with cross-functional teams and explain complex security findings.

Required Qualifications

• Bachelors degree in Cybersecurity Information Systems Computer Science or a related field or equivalent professional experience.
• Minimum of three (3) years of experience in an IT role.
• At least two (1) year of direct experience with Privileged Access Management (PAM) concepts and tools with some hands-on administration in IAM tools.
• One (1) year of experience with endpoint security EPM or MDM solutions like Microsoft Intune or Apple JAMF.

Preferred Qualifications

• An Information Security Certification such as Security SSCP CAMS vendor-specific certifications or willing to obtain the ISC2 SSCP within one year of employment.
• Experience managing PAM solutions in an enterprise-level information security environment.
• Experience with PAM integrations (e.g. AWS Azure AD Intune etc.)

Working Environment

• Unexpected interruptions occur often and stress levels are moderate to high.
• The noise level is quiet to moderate.

Physical Activities

• Ability to sit in front of a computer for an extended period of time.
• Occasionally required to move about the office/campus with the capability of transporting objects up to 20 lbs.
• Ability to manage frequent interruptions and perform effectively in a dynamic occasionally high-pressure environment.

Work Schedule
Monday - Friday 8:00 a.m. - 4:30 p.m. In accordance with the Universitys flexible work policy this position is eligible to be considered for partial remote work. Further details regarding this plan will be determined with the hiring manager and are dependent on the division and team specific needs.

Application Deadline
For consideration please submit your application materials by 4:00 p.m. (MST) January 28 2026.

Special Instructions
Candidates must apply online through to be considered. Only applications submitted online will be accepted.

Salary Grade Number:
The salary grade for the position is 12.

Salary Range:
The salary range for this position is $75000 - $85000.

The University of Denver has provided a compensation range that represents its good faith estimate of what the University may pay for the position at the time of posting. The University may ultimately pay more or less than the posted compensation range. The salary offered to the selected candidate will be determined based on factors such as the qualifications of the selected candidate departmental budget availability internal salary equity considerations and available market information but not based on a candidates sex or any other protected status.

Benefits:
The University of Denver offers excellent benefits including medical dental retirement paid time off tuition benefit and ECO pass. The University of Denver is a private institution that empowers students who want to make a difference. Learn more about the University of Denver.

Please include the following documents with your application:
1. Resume
2. Cover Letter

The University of Denver is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race color religion sex (including sex stereotypes sex characteristics sexual orientation gender identity and gender expression) marital family or parental status pregnancy or related conditions national origin disability or status as a protected veteran. The University of Denver does not discriminate and prohibits discrimination on the basis of race color national origin ancestry age religion creed disability sex (including sex stereotypes sex characteristics sexual orientation gender identity and gender expression) marital family and parental status pregnancy genetic information military enlistment or veteran status and any other class of individuals protected from discrimination under federal state or local law regulation or ordinance in any of the Universitys educational programs and activities and in the employment (including application for employment) and admissions (including application for admission) context as required by Title IX of the Education Amendments of 1972; the Americans with Disabilities Act; Section 504 of the Rehabilitation Act of 1973; Title VI and VII of the Civil Rights Act of 1964; the Age Discrimination Act of 1975; the Age Discrimination in Employment Act of 1967; the Equal Pay Act; the Colorado Equal Pay for Equal Work Act; the Colorado Protecting Opportunities and Workers Rights (POWR) Act; and any other federal state and local laws regulations or ordinances that prohibit discrimination harassment and/or retaliation. For more information please see the University of Denvers NonDiscriminationStatement.

All offers of employment are contingent upon satisfactory completion of a criminal history background check.