PAM Security Analyst

Role Overview

• Collaborate with product owners, architects, and business stakeholders to define and document business requirements related to secret management, privileged access management and access control.
• Conduct interviews and workshops to gather and clarify security-related business requirements for our privileged access across applications including APIs.
• Work with technical teams to design and implement API security policies and access models within privileged access management and secrets management solutions.
• Translate access management business needs into actionable specifications, including authentication methods (e.g., JWT, OAuth), request-response formats, and policy-based authorization.
• Create detailed documentation, security policies, and procedural guides for developers and other internal teams to secure applications.
• Provide operational support for the suite of privileged management solutions (e.g., CyberArk, HashiCorp Vault, PKI), including implementing hot fixes, resolving bugs, troubleshooting issues, performing break-fixes, managing secrets lifecycle, and delivering end-user support.
• Develop and deliver training to internal teams on Vault integration and application security best practices.
• Conduct application security assessments, penetration testing, and remediation planning with a focus on access management components.
• Design appropriate data access controls to secure applications.
• Ensure that PAM and application security measures follow regulatory and compliance standards (e.g., ISO 27001, NIST, GDPR, etc.).
• Support internal and external audits.

Requirements

• Bachelor's / Masters Degree in computer science, software engineering, management information systems, or related field or equivalent relevant years of experience.
• Requires minimum 5-8 years of experience in Cyber Security, Privileged Access Management and vault solutions.
• Experience with secrets management solutions (e.g., HashiCorp Vault, CyberArk Conjur).
• Working knowledge of HashiCorp Vault and its components, including secret engines (KV, PKI, Transit), auth methods, and policies.
• Knowledge of privileged access management methodologies and techniques for on-prem and Cloud implementation.
• Knowledge of application authentication and authorization systems (i.e., Active Directory, oAuth 2.0, OIDC, AWS IAM, App Role, k8s, LDAPS, Kerberos, Certificate).
• Experience defining security for REST APIs, including knowledge of JSON, API security best practices, and authentication protocols (OAuth, JWT).
• Experience with API testing tools such as Postman or SoapUI.
• Familiarity with modern software development methodologies (Agile, Scrum) and DevOps practices.
• Ability to translate complex business needs into clear, actionable technical requirements.
• Proficiency with visualization and documentation tools (e.g., Visio, Confluence, or JIRA).
• Familiarity with configuration management and automation tools (e.g., SALT, Ansible, or Terraform).
• Experience with OAuth2, OpenID Connect, JWT, and API gateway security patterns.
• Experience working with cloud-native environments (AWS, Azure, or GCP).

Tech Stack

• Ansible
• AWS
• Azure
• Cloud
• Cyber Security
• Google Cloud Platform
• Kubernetes
• SaltStack
• Terraform
• Vault

Benefits

• Comprehensive mindfulness programme with a premium membership to Calm.
• Volunteer Paid Time off available after 6 months of employment for eligible employees.
• Company volunteer and donation matching programme – Your volunteer hours or personal cash donations to an eligible charity can be matched with a charitable donation.
• Employee Assistance Program.
• Personalised wellbeing programmes through our OnTrack programme.
• On-demand digital course library for professional development.
• ... and other local benefits!