PAM EngineerLocation: Switzerland - Basel – RemoteDuration: 6 monthsPay Rate: 500CHF – 550CHF per day Overview The role is responsible for establishing robust security controls for privileged identities, ensuring compliance with regulatory requirements, and embedding PAM as a core enterprise security capability. The PAM SME will act as a technical authority, owning PAM architecture, policy definition, onboarding standards, and operational governance, and will work closely with Cyber Security, Infrastructure, IAM, and Application teams to drive adoption and continuous improvement. Key ResponsibilitiesStrategy & ArchitectureDefine and maintain the PAM architecture aligned with enterprise security strategy and Zero Trust principles.Develop and maintain PAM roadmaps, standards, and design patterns.Ensure PAM solutions integrate effectively with IAM, SIEM, directory services, and cloud platforms.Own PAM Tiering models and enforce Tier 0 protections. Engineering & ImplementationLead PAM deployments and technical onboarding of:o Domain and directory accountso Service accountso Local administrator accountso Application and DevOps identitiesDesign and configure:o Credential vaulting and rotationo Session brokering and recordingo Just-in-Time accesso Secrets managementProvide technical leadership for PAM upgrades, migrations, and platform consolidation. Governance, Risk & Compliance Develop PAM policies, procedures, and control frameworks.Ensure alignment with security standards (e.g. ISO 27001, NIST, CIS Controls, GMP / GxP where applicable).Support audits, internal controls testing, and regulatory inspections.Own risk assessments related to privileged access and remediation planning. Operations & Continuous ImprovementEstablish PAM operational models and procedures (runbooks and SOPs).Define service KPIs and performance metrics.Manage incident response activities involving privileged access compromise.Drive onboarding automation and self-service capabilities.Stakeholder EngagementAct as technical advisor to IT Security leadership and programme sponsors.Collaborate with application owners and infrastructure teams to onboard systems securely.Provide training, coaching, and knowledge transfer to operational teams.Support vendor management and product evaluations. Essential Skills & ExperienceTechnical ExpertiseDeep expertise with at least one enterprise PAM platform (e.g. Delinea, CyberArk, BeyondTrust, One Identity, HashiCorp Vault).Strong Active Directory / Entra ID integration knowledge.Experience with Windows, Linux, Unix privileged account management.Understanding of networking, certificates, and identity security controls.SIEM integration and PAM alerting experience. Professional ExperienceProven experience as a PAM engineer, architect, or SME in a large enterprise environment.Experience designing Tier 0 / Tier 1 controls and identity security frameworks.Experience working with regulated environments (e.g. finance, healthcare, life sciences, manufacturing).Demonstrated ability to lead technical designs and influence stakeholders. Soft Skills Strong communication and stakeholder management skills.Ability to translate technical controls into business risk language.Structured problem-solving approach.Capable of operating independently and leading workstreams. Desirable QualificationsCertifications such as:o CISSP / CISM / CCSPo Vendor certifications (CyberArk Defender, Delinea Specialist, etc.)
Nokwanda Khanyile
