Key skills
BeyondTrust PWSBeyondTrust PRAHashiCorp VaultPowerShellPythonAPI integrationsTroubleshootingEnterprise integrationSecurity complianceSession SecurityVaultSAMLLDAPGitVersion ControlServiceNowJiraCloud SecurityZero Trust
About this role
Cognizant is a leading professional services company specializing in digital transformation. They are seeking a Privileged Access Management Engineer responsible for managing and optimizing cloud security tooling, ensuring robust security operations across various environments, and providing consultancy on cloud security risks.
Responsibilities:
- Administer managed accounts/systems, asset discovery, smart rules, password rotation, and check-in/check-out workflows for privileged credentials (service/functional/local admin/app accounts)
- Configure access approvals (request/release), ISA/user permissions, delegation models, dual control/password randomization, and auditing/reporting/alerting
- Troubleshoot rotation failures, account lockouts, and credential sync issues; enable/maintain API-based integrations for automated credential retrieval
- Administer PRA appliances (site/gateway policies), jump technology (jump clients/points), and protocol tunneling (RDP/SSH/VNC/HTTPS/Telnet)
- Implement RBAC/smart groups, session recording, command/keystroke logging, and vendor/JIT access workflows with time-bound controls
- Maintain PRA↔PWS session injection; integrate with ticketing (e.g., ServiceNow/Jira), CMDB, and enterprise authentication (LDAP/RADIUS/SAML/OIDC)
- Administer secrets engines, auth methods, policies/namespaces, dynamic secrets (DB/cloud/SSH/apps), transit encryption, leases, and agent-based injection
- Deliver HA/clustering, DR/backup, upgrades/patching, performance tuning, certificate (TLS) management, storage/seal/unseal procedures, and technology refresh/migrations
- Build/maintain PowerShell + Python automation using REST APIs/SDKs; implement Git-based version control, documentation, health checks, and automated reporting/metrics
- Enforce least privilege/zero trust; support audits (SOX/PCI/ISO/NIST, etc.), access reviews, SIEM/syslog logging, incident response, and continuous control improvement
Requirements:
- Hands-on experience with BeyondTrust PWS, BeyondTrust PRA, and HashiCorp Vault
- Strong troubleshooting and enterprise integration experience