Privileged Access Management (PAM) Engineer

IT accelerates the success of IDEXX employees and customers by providing scalable secure and innovative technology solutions. As a global organization supporting critical systems across cloud and onprem environments we are committed to maturing our identity and security postureparticularly in the area of Privileged Access Management (PAM).

The PAM Engineer plays a pivotal role in ensuring secure compliant and tightly governed privileged access across the enterprise. This role is responsible for planning implementing and operating our PAM platform (e.g. CyberArk Privilege Cloud) supporting our strategy to reduce risk strengthen identity governance and meet audit and regulatory requirements.

This position partners closely with Security Infrastructure Cloud Engineering Application teams and IAM functions to enforce best practices monitor privileged activity and support the operational lifecycle of privileged accounts across servers endpoints cloud platforms network devices and SaaS environments.

If you are passionate about reducing privileged-access risk and enabling secure operations through automation governance and modern PAM tooling we encourage you to apply.

In this role you willbe responsible for:

Privileged Access Platform Administration

• Deploy configure andmaintainthe enterprise PAM platform (e.g. CyberArk) including credential vaulting session management password rotation andjustIntime(JIT) access.
• Manage platform components such as vault servers connectors session recording infrastructure credential providers and privileged session gateways.
• Ensure high availability performance optimization and adherence to operational SLAs.

Privileged Account & Credential Lifecycle Management

• Onboard andmaintainprivileged accounts across Windows Linux network devices databases cloud platforms (Azure AWS GCP) and SaaS admin consoles.
• Implement automated password rotation check-in/checkout workflows and lifecycle governance for service accounts application credentials and secrets.
• Maintain leastprivilege standards including enforcement of cloudonly admin accounts and removal of unnecessary or stale privileged principals.

JIT Access PIM/PAM Integration & Access Elevation

• Administerjustintimeelevation policies for cloud roles (e.g. Entra PIM) and integrate them with the enterprise PAM strategy.
• Configureapprovalworkflows MFA enforcement activation duration settings and monitoring for high-risk role activation.
• Ensure alignment between PIM (role elevation) and PAM (credential vaulting/session control) platforms.

Security Compliance & Audit Support

• Maintaincontrolsrequiredfor SOX SOC2 ISO and internal/external audit reviews of privileged access activity.
• Support regular access reviews for privileged accounts and roles collaborating with managers and system owners.
• Provide evidence for audits related to privileged access session logs credential governance and administrative workflows.

Automation Scripting & Operational Efficiency

• Develop andmaintainautomation (e.g. PowerShell Python APIs) for onboarding credential rotation vault management and reporting.
• Build integrations between PAM and enterprise systems such as ServiceNow SIEM CMDB IGA platforms and cloud identity services.
• Streamline manual processes and reduce ticket volume through automation and mature workflow design.

Monitoring&Incident Response

• Monitor for suspicious privileged behavior anomalous sign-ins risky activations or vault activity using SIEM and platform analytics.
• Maintain and periodically validatebreakglass/emergency access controls across critical systems.
• Serve as an escalation point for privileged access issues or failuresimpactingoperations.

CrossFunctional Collaboration & Governance

• Partner with infrastructure application cloud and security teams to enforce standards for privileged access governance.
• Assistsystem owners inidentifyingwhat constitutes privileged access and mapping roles entitlements and required controls.
• Contribute to PAM roadmap planning tool evaluations and ongoing PAM maturity initiatives.

Location: Driving distance to our Westbrook Maine HQ. Flexible hybrid on-site of 8 days per month/2 days per week on average is required.

What You Will Need to Succeed:

• 2 to 5 years of hands-on experience administering enterprise PAM solutions such as CyberArk.
• Strong understanding of privileged access concepts including:
• Credential vaulting
• Session monitoring and recording
• JIT elevation & PIM
• Password rotation
• Tiering/Zero Trust/least privilege
• Expertisewith Windows/MacOS/Linuxadministration Active Directory/Entra ID cloud IAM roles (Azure AWS GCP) and integration of privileged accounts across these systems.
• Scripting & Automation: Proficiencyin PowerShell APIs JSON and automation automating password rotation onboarding workflows and data collection.
• Soft Skills: Strong analytical abilities and troubleshooting skills for complex privileged access scenarios. Excellent communication skills and ability to translate technical concepts to nontechnical partners. Demonstratedcross-functionalcollaboration with security engineering and operations teams.
• Compliance & Security Knowledge: Familiarity with audits risk controls and compliance frameworks (SOX SOC2 ISO 27001).Experience supporting audit evidence gathering and implementing controls to reduce privileged access risk.

Why IDEXX

Were proud of the work we do because our work matters. An innovation leader in every industry we serve we follow our Purpose and Guiding Principles to help pet owners worldwide keep their companion animals healthy and happy to ensure safe drinking water for billions and to help farmers protect livestock and poultry from diseases. We have customers in over 175 countries and a global workforce of over 10000 talented people.

So what does that mean for you We enrich the livelihoods of our employees with a positive and respectful work culture that embraces challenges and encourages learning and discovery. At IDEXX you will be supported by competitive compensation incentives and benefits while enjoying purposeful work that drives improvement.

Lets pursue what matters together.

IDEXX values a diverse workforce and workplace and strongly encourages women people of color LGBTQ individuals people with disabilities members of ethnic minorities foreign-born residents and veterans to apply.

IDEXX is an equal opportunity employer. Applicants will not be discriminated against because of race color creed sex sexual orientation gender identity or expression age religion national origin citizenship status disability ancestry marital status veteran status medical condition or any protected category prohibited by local state or federal laws.

#LI-EV1