(​Hybrid) – Stafford Park 1, Telford TF3 3BD (3 days/week Onsite)

Duration: 3months+

We are seeking a highly experienced Privileged Access Management (PAM) Consultant to lead the assessment and strategic planning of PAM solutions within a complex hosting infrastructure. This role focuses on evaluating existing access control mechanisms, identifying risks associated with over-privileged accounts, and recommending scalable PAM solutions tailored to diverse operating systems and on-premises environments.

Key Responsibilities:

• Conduct comprehensive assessments of internal infrastructure to identify privileged access risks and gaps.

• Analyze current access provisioning models, especially where elevated permissions (e.g., root, Admin access) are broadly granted.

• Analyze existing access control models and recommend enhancements using RBAC, ABAC, and least privilege principles.

• Design PAM architectures that support secure delegation of access across diverse platforms.

• Design and recommend PAM strategies that enforce least privilege, improve auditability, and enhance operational security.

• Evaluate and compare PAM solutions (e.g., CyberArk, BeyondTrust, Delinea) based on technical fit, scalability, and integration capabilities.

• Document findings in detailed reports including architecture diagrams, risk assessments, and implementation roadmaps.

• Collaborate with infrastructure, security, and operations teams to align PAM strategies with business and technical requirements.

• Support PoC and pilot deployments to validate solution effectiveness.

• Provide technical guidance on session monitoring, credential vaulting, access workflows, and policy enforcement.

Key Skills & Experience:

• 10+ years of experience in PAM consulting and implementation, with a strong focus on environmental assessment and solution design.

• Strong expertise in RBAC and ABAC models, including policy design and enforcement.

• Deep understanding of on-premises infrastructure and hosting environments.

• Hands-on experience with Windows, Linux, Solaris, and AIX server platforms.

• Familiarity with Active Directory, LDAP, SSH key management, and service account governance.

• Experience with PAM tools such as CyberArk, BeyondTrust, Delinea, etc

• Experience with identity federation, directory services, and authentication protocols (e.g., Kerberos, SAML, OAuth)

• Strong analytical skills to assess complex environments and recommend tailored solutions.

• Excellent documentation and presentation skills for technical and executive audiences.

​

Preferred Qualifications:

• Certifications in PAM technologies (e.g., CyberArk Defender/Sentry, BeyondTrust Certified).

• Experience with scripting (PowerShell, Bash, Python) for automation and discovery.

• Knowledge of compliance frameworks such as ISO 27001, SOC 2, PCI-DSS, or NIST.