Senior Privileged Access Management (PAM) Engineer

Your Future Evolves Here

Evolent Health has a bold mission to change the health of the nation by changing the way health care is delivered.Our pursuit of this mission is the driving force that brings us to work each day. We believe in embracing new ideas, challenging ourselves and failing forward. We respect and celebrate individual talents and team wins. We have fun while working hard and Evolenteers often make a differencein everything from scrubs to jeans.

Are we growing Absolutely and Globally. In 2021 we grew our teams by almost 50% and continue to grow even more in 2022.Are we recognized as a company you are supported by for your career and growth, and a great place to workDefinitely. Evolent Health International (Pune, India) has been certified as Great Places to Work in 2021. In 2020 and 2021 Evolent in the U.S. was both named Best Company for Women to Advance list by Parity.org and earned a perfect score on the Human Rights Campaign (HRC) Foundation's Corporate Equality Index (CEI). This index is the nation's foremost benchmarking survey and report measuring corporate policies and practices related to LGBTQ+ workplace equality.

We recognize employees that live our values, give back to our communities each year, and are champions for bringing our whole selves to work each day. If you're looking for a place where your work can be personally and professionally rewarding, don't just join a company with a mission. Join a mission with a company behind it.

What You'll Be Doing:

About Evolent Health

Evolent Health is a leading healthcare technology firm empowering health systems and physicians to deliver highquality care with secure, resilient, and scalable systems. Our cybersecurity team protects highly sensitive data and critical infrastructure through modern identity and access controls, Zero Trust principles, and advanced security frameworks.

Position Summary

We are seeking a Senior Privileged Access Management (PAM) Engineer to lead the design, implementation, and operation of our enterprise PAM capability.

This role will focus on securing privileged credentials, enforcing leastprivilege access, and ensuring controlled and auditable access to critical systems across onpremises, cloud, and hybrid environments.

Handson experience with Delinea PAM solutions (including Delinea Secret Server and legacy Thycotic platforms) is strongly preferred, though experience with other leading PAM tools is also acceptable.

Key Responsibilities

Design, Deploy & Support PAM Capabilities

• Lead the architecture, configuration, deployment, and ongoing management of enterprise PAM solutions, with preference for Delinea (including historical Thycotic versions).

• Manage the full privileged credential lifecycle including discovery, onboarding, automated rotation, rolebased access control (RBAC), session monitoring, and audit trail generation.

• Build and maintain secure folder structures, access policies, templates, credential rotation mechanisms, and operational playbooks.

Integrations & Automation

• Integrate PAM platforms with enterprise systems such as Active Directory / LDAP, ServiceNow, SIEM tools, cloud identity providers, databases, and infrastructure platforms.

• Develop scripts and automation using PowerShell, Python, and APIs to standardize onboarding/offboarding, configuration, and reporting.

Security & Compliance

• Ensure PAM implementations align with security and compliance frameworks such as NIST, HITRUST, and SOX.

• Support audits, risk assessments, control testing, monitoring, and compliance reporting.

Operational Excellence & Troubleshooting

• Provide advanced troubleshooting, health monitoring, capacity planning, performance tuning, and patch/upgrade management for PAM platforms.

• Create and maintain documentation, SOPs, runbooks, and onboarding guides to ensure operational consistency.

Leadership & Collaboration

• Act as a technical mentor and advisor to other PAM and security engineers.

• Partner with infrastructure, cloud, application security, and compliance teams to embed PAM best practices into the broader security posture.

Required Qualifications

• 6-12+ years of experience in cybersecurity, with 4+ years in Privileged Access Management engineering and operations.

• Strong handson experience designing, deploying, and managing enterprisescale PAM solutions, preferably Delinea (including Thycoticbranded platforms).

• Deep understanding of privileged account lifecycle management, leastprivilege principles, Zero Trust, and secure access patterns.

• Experience integrating PAM with directory services, ticketing systems, SIEM/logging platforms, and cloud environments.

• Proficiency in scripting and automation (PowerShell, Python, REST APIs).

• Bachelor's degree in Computer Science, Information Security, or related field (or equivalent experience).

• Security certifications such as CISSP, CISM, or IAM/PAMspecific certifications are a strong plus.

Preferred Qualifications

• Advanced experience administering Delinea Secret Server, Server Suite, or related Delinea PAM capabilities.

• Exposure to multiple PAM tools (e.g., CyberArk, BeyondTrust) for comparison or migration scenarios.

• Familiarity with cloudnative secrets management (AWS Secrets Manager, Azure Key Vault).

• Experience supporting DevSecOps and CI/CD secrets automation.

Skills & Competencies

• Deep technical expertise in PAM architecture, configuration, and troubleshooting.

• Strong analytical and problemsolving skills.

• Excellent communication and documentation abilities, including translating complex security concepts for nontechnical audiences.

• Ability to work independently in a fastpaced, crossfunctional environment.

To ensure a secure hiring process we have implemented several identity verification steps, including submission of a government issued photo ID. We conduct identity verification during interviews, and final interviews may require onsite attendance. All candidates must complete a comprehensive background check, in-person I-9 verification, and may be subject to drug screening prior to employment. The use of artificial intelligence tools during interviews is prohibited and monitored. Misrepresentation will result in immediate disqualification from consideration.

Mandatory Requirements:

Employees must have a high-speed broadband internet connection with a minimum speed of50 Mbpsand the ability to set up a wired connection to their home network to ensure effective remote work. These requirements may be updated as needed by the business.

Evolent Health is an equal opportunity employer and considers all qualified applicants equally without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran status, or disability status.