PAM Engineer

We are seeking a highly skilled Privileged Access Management (PAM) Engineer to join our
Identity & Access Management (IAM) team. This role is critical for designing, implementing,
and supporting UCSFs enterprise-wide PAM solutions that secure access to sensitive
systems and applications for both Windows, Linux and other environments. The ideal
candidate will bring deep expertise in PAM principles, Delinea PAM products, Active
Directory integration, Linux AD-bridging, and large-scale hybrid environments.

We are a company committed to creating inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity employer that believes everyone matters. Qualified candidates will receive consideration for employment opportunities without regard to race, religion, sex, age, marital status, national origin, sexual orientation, citizenship status, disability, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to Human Resources Request Form. The EEOC "Know Your Rights" Poster is available here.

To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/ .

PAM Platform Ownership:
o Administer and maintain Delinea Secret Server for privileged account
vaulting, session management, and policy enforcement.
Identity & Access Management:
o Implement and manage Linux AD-binding using Delinea Server Suite
(Centrify) for consistent identity and access controls across Linux/Unix
systems.
o Manage Linux/Unix Kerberos authentication and AD-binding strategies.
Enterprise Integration:
o Onboard servers, applications, and accounts (service, functional, user, etc.)
into PAM.
o Integrate PAM solutions with ServiceNow for ticketing and workflow
automation.
o Ensure service account secret management in zero-downtime
environments.
System Management:
o Manage enterprise NFS shares and permissions for hybrid Linux
environments.
o Support a hybrid cloud/on-prem Linux environment of 2000+ servers,
ensuring security and compliance.
Policy & Security:
o Create, implement, and maintain PAM policies based on UC/UCSF security
governance and least privilege principles.
o Collaborate with other IAM and IT teams to align PAM with IGA,SSO and
other IT initiatives.
Documentation & Evangelism:
o Create and maintain accurate, detailed technical documentation for PAM
processes and procedures.
o Host PAM governance workgroups, promoting best practices and adoption
across teams.
Operational Excellence:
o Provide outstanding customer service in managing requests and resolving
incidents through ticket systems.
o Partner with application owners and infrastructure teams to enable secure
PAM solutions.

Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.