Privileged Access Management Engineer

Core Responsibilities

• Implement and manage the privileged access lifecycle for Windows and Linux servers.

• Onboard classify and manage privileged accounts including local admin service accounts and break-glass identities.

• Configure credential rotation policies and enforce strong authentication standards.

• Deploy and maintain Just-in-Time (JIT) and Just-Enough Access (JEA) models.

• Integrate PAM with cloud-native identity frameworks such as AWS IAM Roles Azure Managed Identities and GCP Service Accounts.

• Operate and administer CyberArk components (Safes CPM PSM/PSMP) and cloud-native secret stores.

• Automate PAM tasks using PowerShell Python or Bash.

• Use Infrastructure-as-Code (Terraform preferred) to define and deploy PAM integrations and policies.

• Work with the business to be able to accomplish Privilege Access Operations standard workflows as well as efficiently resolve complex incidents through creative problem solving.

• Work with enterprise stakeholders to understand business requirements and IT standards that influence how PAM solutions/services should operate.

• Be action oriented; taking on new opportunities and tough challenges with a sense of urgency high-energy and enthusiasm.

• Identifies and recommends opportunities for continuous improvement. Supports the implementation of changes to department policies and procedures to meet changing business needs and to achieve department objectives.

• Ability to mentor and provide oversight to analysts on the Privileged Access Management Team.

Qualifications

• Basic administration skills for Windows Server and Linux systems. (Required)

• Foundational understanding of IAM concepts and privileged access principles. (Preferred)

• Exposure to AWS Azure or GCP services related to compute identity and access management. (Required)

• Scripting experience using PowerShell Python or Bash. (Required)

• Familiarity with vaulting/secrets management solutions (CyberArk AWS Secrets Manager Azure Key Vault).

• Experience with Terraform or other Infrastructure-as-Code tools. (Preferred)

• Familiarity with CyberArk Enterprise Password Vault (EPV) EPM PSM and WPM.

• Hands-on experience with log analysis security monitoring or SIEM tools. (Preferred)

• Experience in Change/Incident Management Tools such as Service Now

• A team player and quick learner with a heavy emphasis on communication skills.

• Understanding of the Follow the Sun Model and how companies operate on the global scale.

• Minimum 5-7 years related work experience. Experience with information security system administration cloud engineering network administration or IT preferred.

Special Factors

Sponsorship

About Vanguard

At Vanguard we dont just have a missionwere on a mission.

To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne our mission drives us forward and inspires us to be our best.

How We Work

Vanguard has implemented a hybrid working model for the majority of our crew members designed to capture the benefits of enhanced flexibility while enabling in-person learning collaboration and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.