Senior PAM Engineer

Senior Privileged Access Management Engineer – Phoenix Group

Job Type: Permanent
Location: Hybrid – Edinburgh, Telford or Birmingham office (1–2 days per week in office)
Flexible working: Part‑time, job‑share and other flexibility options available; discussed during recruitment
Closing Date: 12/01/2026
Salary and benefits: £60,000‑£70,000 plus indicative bonus 16%‑32%, private medical cover, 38 days annual leave, excellent pension, life assurance, career breaks, income protection, volunteering days and more

As a Senior Privileged Access Management (PAM) Engineer you will lead the design, implementation and optimisation of Phoenix Group’s PAM services. You will engineer secure, scalable solutions using Cyber Ark and related technologies, ensuring privileged accounts are managed in line with Zero Trust principles. You will collaborate with architecture, infrastructure and application teams to deliver robust controls that protect critical systems and sensitive data.

• Design and solutionise PAM architectures using Cyber Ark and its modules (Vault, PSM, CPM, EPM, SIA).
• Define and maintain onboarding processes for privileged accounts across Windows, Linux, cloud and SaaS platforms.
• Integrate PAM with identity platforms (Microsoft Entra ) and SIEM (Sentinel) for centralised monitoring and alerting.
• Work with projects and business units to embed PAM controls into new solutions and services; automate PAM workflows using scripts (Power Shell, Python) to improve efficiency and reduce operational risk.
• Establish policies for credential rotation, session recording and least‑privilege access.
• Troubleshoot complex PAM issues and provide escalation support for critical incidents.
• Support audit and compliance activities with accurate documentation and evidence of control effectiveness.
• Mentor junior engineers and contribute to knowledge sharing across the team.

• Demonstrable experience designing and optimising PAM solutions using Cyber Ark in complex enterprise environments.
• Hands‑on expertise across Cyber Ark modules (Vault, PSM, CPM, EPM, SIA).
• Experience with Cyber Ark Privilege Cloud is highly desirable.
• Knowledge of Microsoft Entra n for identity‑driven security.
• Strong scripting skills (Power Shell, Python) for automation and operational efficiency.
• Understanding of Zero Trust principles and their application to privileged access.
• Awareness of regulatory and compliance standards (e.g., ISO 27001, NIST, GDPR, ISF Standard of Good Practice).

We want to hire the whole version of you. We are committed to ensuring that everyone feels accepted and welcome; applicants from all backgrounds are encouraged to apply. If your experience differs from what we’ve advertised and you believe you can bring value to the role, we’d love to hear from you. Please let us know if you require any adjustments to the recruitment process so we can help you to be at your best.

For more information, see the Guide for Candidates and the talk‑to‑us page on our careers website.