Senior Privileged Access Management Engineer

Southern New Hampshire University is a team of innovators. World changers. Individuals who believe in progress with purpose. Since 1932, our people-centered strategy has defined us — and helped us grow a team that now serves over 180,000 learners worldwide.

Our mission to transform lives is made possible by talented people who bring diverse industry experience, backgrounds and skills to the university. And today, we're ready to expand our reach. All we need is you.

Make an impact — from near or far

At SNHU, you'll have the option to work remotely in the following states: Alabama, Arizona, Arkansas, Delaware, Florida, Georgia, Hawaii, Idaho, Indiana, Iowa, Kansas, Kentucky, Louisiana, Maine, Maryland, Massachusetts, Michigan, Mississippi, Missouri, Nebraska, New Hampshire, New Mexico, North Carolina, North Dakota, Ohio, Oklahoma, South Carolina, South Dakota, Tennessee, Texas, Utah, Vermont, Virginia, West Virginia, Wisconsin and Wyoming.

We ask that our remote employees have access to a reliable internet connection and a dedicated, properly equipped workspace that is free of distractions. Employees must reside in, and work from, one of the above approved states.

The Opportunity

Reporting to the Senior Director of Identity and Access Management, the Senior Privileged Access Management Engineer designs, administers, and maintains Southern New Hampshire University's Privileged Access Management (PAM) solution(s) with a specific focus on the enterprise CyberArk service. You will also help align PAM practices with industry standards and controls such as CMMC, PCI-DSS, and NIST. You will be the subject knowledge expert as it relates to securing privileged access to SNHU's ecosystem which includes hybrid on-prem and cloud hosted services. This role also mentors less experienced resources who perform and support IAM and PAM activities within IT and across operations.

The Senior PAM Engineer will be an important contributor to an Identity and Access Management (IAM) team that support identity governance and administration (IGA) and access control responsibilities. As such, and at the discretion of the Senior Director of Identity and Access Management, may participate in administrating and supporting other services of SNHU's IAM ecosystem including SailPoint IdentityNow, Entra ID, Active Directory, and Entra Federated Authentication Services (SSO). You will work remotely within any of our approved states. #LI-Remote

What You'Ll Do:

• Develop and implement PAM solutions, including CyberArk Privileged Access Manager (PASM), Endpoint Privilege Manager (PEDM), Secure Cloud Access (CIEM), and Secrets Hub.
• Manage the daily operations of PAM systems, including vault architecture, account onboarding, and component maintenance.
• Build integrations with other systems using APIs (e.g., CyberArk's API, REST APIs), and automating tasks using scripting (e.g., PowerShell).
• Ensure PAM solutions follow security frameworks, policies, and industry regulations (NIST, CMMC, PCI-DSS).
• Resolve complex technical issues, providing support to users, and participating in after-hours and on-call support. Provide T3/escalation level support including incident response, troubleshooting, root cause analysis, and problem resolution.
• Guide junior engineers, contributing to team knowledge, and potentially leading technical implementations.
• Contribute to the development of PAM strategies and roadmaps, including zero-trust models.
• Work with multiple teams (security, infrastructure, application teams) to integrate PAM solutions and ensure their effectiveness. Develop high-quality system configuration and process design documentation, knowledge base articles, troubleshooting guides, operating procedures, application integration documentation and other materials. Lead in the creation and management of reporting related to the PAM services.
• With guidance from architects and in collaboration with IAM Engineers the role may also be engaged with the following activities with the IGA and other services associated with the IAM program:
• Develop IGA certification workflows
• Perform business analysis activities (process mapping, requirements gathering, documentation maintenance).
• Perform quality assurance and testing activities (test plan execution, documentation) to support IAM components.
• Be a subject matter expert for IAM technologies and processes on projects with identity components.
• Work with DBAs, application administrators, developers, testers, and others to troubleshoot issues, address design challenges, and improve performance.
• Other responsibilities as assigned
• Administration and troubleshooting of IAM services (SailPoint ISC, Entra ID)
• Integrations with upstream and downstream services and applications
• Develop roles, mapped to authorization models (RBAC, ABAC, PBAC)
• Development of IGA workflows for entitlement assignment
• Development of IGA access request flows

What We'Re Looking For:

• 5+ years of experience managing PAM services.
• 3 years with hands-on experience with the CyberArk suite of products (including PASM, EPM for Windows/Linux/MacOS, and Secure Cloud Access (CIEM).
• Professional Certification(s): CyberArk Certified Delivery Engineer (CDE) or CyberArk Certified Defender (CCD)
• Experience with broader IAM principles, concepts, and experience with other IAM tools (e.g. SailPoint ISC, Microsoft EntraID).
• Working knowledge of cloud platforms like Azure, AWS, and GCP for secrets and entitlement management.
• Experience with Windows and Linux environments, Active Directory, Group Policy, and LDAP-based directory services.
• Experience with scripting languages like PowerShell and Python for automating PAM tasks and integrating CyberArk with other systems.
• Experience with ITIL processes (Change, Incident, Request, and Problem) management.
• Experience with relevant security and compliance frameworks such as FERPA, PCI-DSS, NIST CSF, OWASP, CIS Top 20.

We believe real innovation comes from inclusion - where different experiences, perspectives and talents are celebrated. So if you're wondering whether SNHU is right for you, take the leap and apply. You might be just the person we're looking for.

Compensation

The annual pay range for this position is $100,560.00 - $160,926.00. Actual offer will be based on skills, qualifications, experience and internal equity, in addition to relevant business considerations. We expect this position to be hired in the following target hiring range $111,119.00 - $150,338.00.

Exceptional benefits (because you’re exceptional)

You’re the whole package. Your benefits should be, too. As a full-time employee at SNHU, you’ll get:

• High-quality, low-deductible medical insurance
• Low to no-cost dental and vision plans
• 5 weeks of paid time off (plus almost a dozen paid holidays)

• Employer-Funded Retirement

• Free Tuition Program

• Parental Leave

• Mental health and wellbeing resources