Jobs · Engineering · Texas

Lead Privileged Access Management Engineer

EngineeringFull-time

About the role

At DTCC, we are at the forefront of innovation in the financial markets. We are committed to helping our employees grow and succeed. We believe that you have the skills and drive to make a real impact. We foster a thriving internal community and are committed to creating a workplace that looks like the world that we serve.

Responsibilities

  • Design and evolve PAM platform architecture with a focus on scalability, resilience (HA/DR), and security-by-design.
  • Drive platform maturity: Implement sophisticated capabilities (JIT access, session recording, credential vaulting, API integrations) and standardize onboarding of new systems.
  • Implement and maintain end-to-end observability for PAM platforms using monitoring, logging, and alerting tools (e.g., Splunk, Prometheus, Grafana, or equivalent).
  • Governance & compliance: Establish policies for privileged account lifecycle, enforce password complexity and rotation, and ensure audit readiness for SOX, PCI, and internal controls.
  • Automation & integration: Embed PAM into CI/CD pipelines and workflows; develop scripts and connectors for automated provisioning and session management.
  • Operational excellence: Monitor PAM performance, lead incident response for privileged access breaches, and conduct root-cause analysis and remediation.
  • Stakeholder engagement: Communicate platform health, roadmap, and risk posture to senior leadership; manage vendor relationships and licensing.
  • Act as a mentor for other engineers—reviewing designs, code, and operational practices.
  • Disaster recovery readiness: Participate in DR exercises and ensure PAM resilience in loss-of-region scenarios.

Qualifications

  • Minimum of 6 years of related experience
  • Bachelor's degree preferred and/or equivalent experience
  • Solid understanding of privileged account lifecycle, credential vaulting, and session management
  • Expertise in automation (Jenkins, Python, Groovy or equivalent) and integration with CI/CD
  • Familiarity with Windows, Unix/Linux, Active Directory, and hybrid cloud environments
  • Understanding of regulatory compliance and audit processes in financial or highly regulated industries

Skills

  • Talents Needed For Success: 6+ years in security/platform engineering or IAM
  • Experience implementing and managing Bravura PAM or similar enterprise PAM solutions (e.g. CyberArk)
  • Experience with Zero Trust architectures, API-based integrations, and sophisticated PAM features (JIT, ephemeral credentials)
  • Familiarity with cloud, Kubernetes, OpenShift platform and PAM integration patterns
  • Knowledge of risk frameworks and evidence automation for audits

Benefits

Competitive compensation, including base pay and annual incentive
Comprehensive health and life insurance and well-being benefits, based on location
Pension / Retirement benefits
Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.

Pay and Schedule

The salary range is indicative for roles at the same level within DTCC across all US locations. Actual salary is determined based on the role, location, individual experience, skills, and other considerations.

Impact You Will Have

In this role, you will serve as a technical authority for DTCC’s Privileged Access Management (PAM) platforms. You will design, build, and operate highly available, secure PAM services across hybrid environments, ensuring privileged access is controlled, observable, and resilient. This role plays a critical part in advancing Zero Trust principles by embedding PAM into infrastructure, cloud, and application workflows. You will lead by example—owning production outcomes, driving automation, and ensuring the platform is observable, auditable, and operationally sound.

Note

The Primary Responsibilities of this role are not limited to the details above.

Similar jobs