at IDEXX Distributions, Inc. in Westbrook, Maine, United States
Job Description
IT accelerates the success of IDEXX employees and customers by providing scalable, secure, and innovative technology solutions. As a global organization supporting critical systems across cloud and onprem environments, we are committed to maturing our identity and security posture-particularly in the area of Privileged Access Management (PAM).
The PAM Engineer plays a pivotal role in ensuring secure, compliant, and tightly governed privileged access across the enterprise. This role is responsible for planning, implementing, and operating our PAM platform (e.g., CyberArk Privilege Cloud), supporting our strategy to reduce risk, strengthen identity governance, and meet audit and regulatory requirements.
This position partners closely with Security, Infrastructure, Cloud Engineering, Application teams, and IAM functions to enforce best practices, monitor privileged activity, and support the operational lifecycle of privileged accounts across servers, endpoints, cloud platforms, network devices, and SaaS environments.
If you are passionate about reducing privileged-access risk and enabling secure operations through automation, governance, and modern PAM tooling, we encourage you to apply.
In this role, you willbe responsible for:
Privileged Access Platform Administration
Deploy, configure, andmaintainthe enterprise PAM platform (e.g., CyberArk) including credential vaulting, session management, password rotation, andjustIntime(JIT) access.
Manage platform components such as vault servers, connectors, session recording infrastructure, credential providers, and privileged session gateways.
Ensure high availability, performance optimization, and adherence to operational SLAs.
Privileged Account & Credential Lifecycle Management
Onboard andmaintainprivileged accounts across Windows, Linux, network devices, databases, cloud platforms (Azure, AWS, GCP), and SaaS admin consoles.
Implement automated password rotation, check-in/checkout workflows, and lifecycle governance for service accounts, application credentials, and secrets.
Maintain leastprivilege standards, including enforcement of cloudonly admin accounts and removal of unnecessary or stale privileged principals.
JIT Access, PIM/PAM Integration & Access Elevation
Administerjustintimeelevation policies for cloud roles (e.g., Entra PIM) and integrate them with the enterprise PAM strategy.
Configureapprovalworkflows, MFA enforcement, activation duration settings, and monitoring for high-risk role activation.
Ensure alignment between PIM (role elevation) and PAM (credential vaulting/session control) platforms.
Security, Compliance & Audit Support
Maintaincontrolsrequiredfor SOX, SOC2, ISO, and internal/external audit reviews of privileged access activity.
Support regular access reviews for privileged accounts and roles, collaborating with managers and system owners.
Provide evidence for audits related to privileged access, session logs, credential governance, and administrative workflows.
Automation, Scripting & Operational Efficiency
Develop andmaintainautomation (e.g., PowerShell, Python, APIs) for onboarding, credential rotation, vault management, and reporting.
Build integrations between PAM and enterprise systems such as ServiceNow, SIEM, CMDB, IGA platforms, and cloud identity services.
Streamline manual processes and reduce ticket volume through automation and mature workflow design.
Monitoring&Incident Response
Monitor for suspicious privileged behavior, anomalous sign-ins, risky activations, or vault activity using SIEM and platform analytics.
Maintain and periodically validatebreakglass/emergency access controls across critical systems.
Serve as an escalation point for privileged access issues or failuresimpactingoperations.
CrossFunctional Collaboration & Governance
Partner with infrastructure, application, cloud, and security teams to enforce standards for privileged access governance.
Assistsystem owners inidentifyingwhat constitutes privileged access and mapping roles, entitlements, and required controls.
Contribute to PAM roadmap planning, tool evaluations, and ongoing PAM maturity initiatives.
Location: Driving distance to our Westbrook, Maine HQ. Flexible hybrid on-site of 8 days per month/2 days per week on average, is required.
What You Will Need to Succeed:
2 to 5 years of hands-on experience administering enterprise PAM solutions such as CyberArk.
Strong understanding of privileged access concepts including:
Credential vaulting
Session monitoring and recording
JIT elevation & PIM
Password rotation
Tiering/Zero Trust/least privilege
Expertisewith Windows/MacOS/Linuxadministration, Active Directory/Entra ID, cloud IAM roles (Azure, AWS, GCP), and integration of privileged accounts across these systems.
Scripting & Automation: Proficiencyin PowerShell, APIs, JSON, and automation... For full info follow application link.
IDEXX is an EOE/Minority/Female/Disabled Veteran employer
To view full details and how to apply, please login or create a Job Seeker account