Makpar is a comprehensive professional and technical solutions provider for the Federal government. The PAM Engineer will support USCIS privileged access management modernization, CyberArk/vaulting, secrets management, and privileged access governance across various environments.
Responsibilities:
- Implement and support NIST-aligned least privilege practices
- Support Just-in-Time provisioning for privileged access
- Support privileged session management, privilege elevation, delegation management, and lifecycle management
- Support enterprise secrets management use cases and integration with back-end vault platforms
- Discover, classify, manage, and govern privileged accounts across systems and applications
- Identify owners and usage patterns for privileged human and non-human accounts
- Implement RBAC and ABAC for privileged accounts
- Support PIV-based SSO for privileged access to prevent credential exposure
- Register applications for PAM across multiple environments
- Randomize, manage, and vault passwords, keys, and other credentials for administrative, service, and application accounts
- Broker credentials to applications, databases, services, network devices, operating systems, and other systems
- Coordinate vulnerability remediation with security teams
- Support STIG configurations and hardened container images
- Monitor, record, audit, and analyze privileged sessions and actions
- Develop security audit dashboards and support FISMA/compliance data pulls
- Support Active Directory tiering and permission improvements
Requirements:
- Experience implementing or operating PAM solutions
- Experience with privileged accounts, privileged session management, secrets management, and credential vaulting
- Experience with CyberArk or comparable PAM platform
- Experience with least privilege, privileged account discovery, account ownership, and lifecycle governance
- Ability to support cloud, hybrid, and on-prem privileged access use cases
- Ability to obtain favorable EOD / suitability and maintain required USCIS access
- U.S. citizenship likely required for DHS IT access unless waiver is granted — confirm before final posting
- CyberArk PAS Vault experience
- Experience supporting PAM adoption across many application teams
- Experience with PIV SSO for privileged access
- Experience with AD tiering, LDAP, CDM, STIGs, hardened containers, and FISMA dashboards
- Experience supporting DevOps secrets management and container platform integrations
- Prior DHS, USCIS, or federal Zero Trust/PAM experience