All jobs

PAM Engineering Manager - Vice President

Statestreet22h ago
Hyderabad, IndiaHybridFull-timeDirector Level16+ yrs exp

Top focus

Engineering ManagerVp EngineeringSenior Engineering Manager

Role Summary We are seeking a highly skilled and motivated Privileged Access Management (PAM) Engineering Manager – Vice President to join the Global Cybersecurity organization. This is a hands-on technical leadership role for someone who thrives in complex, highly regulated environments and is passionate about privileged access security, CyberArk, HashiCorp Vault, PIM, AKV, AWS, automation, platform modernization, and operational resilience.

The role will drive engineering ownership for strategic PAM capabilities across the enterprise, including CyberArk, HashiCorp Vault, privileged account onboarding, secrets management, automation, access modernization, platform reliability, and integration with enterprise IAM, security, and cloud ecosystems.

Role Title: PAM Engineering Manager – Vice President Capability: Privileged Access Management / Infrastructure Access Management Function: Global Cybersecurity Primary Focus: CyberArk, HashiCorp Vault, PIM, AKV, AWS, PAM engineering, platform modernization, automation, and risk reduction Location: Bangalore or Hyderabad Key Responsibilities PAM Engineering Leadership Lead the engineering lifecycle for enterprise PAM platforms, including CyberArk, HashiCorp Vault, CA-PAM migration support, PIM, AKV, AWS, and related privileged access capabilities.

Drive platform architecture, design, implementation, integration, and continuous improvement for privileged access services. Own engineering delivery for strategic PAM initiatives such as CyberArk platform uplift, HashiCorp adoption, secrets management expansion, CPM/PSM capability development, access modernization, and migration from legacy PAM platforms.

Partner with product, operations, governance, application, infrastructure, and cloud teams to ensure PAM engineering outcomes align with business priorities, risk requirements, and enterprise security standards. Lead engineering design and implementation across CyberArk components including Vault, PVWA, CPM, PSM, PSMP, DR, connectors, integrations, monitoring, and platform automation.

Drive HashiCorp Vault engineering for secrets management use cases including cloud workload identities, Azure service principals, AWS workloads, static secrets, database secrets, certificate/PKI use cases, and application credential modernization.

Ensure PAM platforms are engineered for scalability, resilience, auditability, and secure operations. Support design patterns for privileged account onboarding across Windows, Unix/Linux, databases, network devices, cloud platforms, service accounts, application accounts, and non-human identities.

Identify and deliver automation opportunities to reduce manual effort, ticket volume, operational risk, and configuration errors. Drive API, scripting, CI/CD, Terraform, PowerShell, REST API, and workflow-based automation for PAM and secrets management use cases.

Establish reusable engineering patterns, onboarding templates, reference architectures, and technical accelerators. Promote engineering practices such as test automation, code review, tech debt reduction, platform refactoring, and continuous improvement.

Ensure PAM engineering solutions support least privilege, zero trust, credential vaulting, session monitoring, access control, audit logging, and regulatory expectations. Partner with governance and audit teams to close control gaps, support evidence generation, remediate findings, and improve control traceability.

Drive remediation of platform-related vulnerabilities, configuration gaps, audit issues, and resiliency risks. Ensure PAM controls integrate with IAM, SIEM, ServiceNow, SailPoint, monitoring, change management, and incident response processes.

Collaborate with global technology, cybersecurity, infrastructure, application, cloud, risk, audit, and business stakeholders. Translate business and regulatory requirements into scalable PAM engineering solutions. Provide senior technical leadership during major incidents, platform escalations, design reviews, audit discussions, and program governance forums.

Work across time zones and global teams to support enterprise delivery. Lead, mentor, and develop a high-performing PAM engineering team. Provide technical guidance to engineers and support teams across L2/L3/L4 responsibilities. Build engineering capability across CyberArk, HashiCorp Vault, cloud PAM, automation, secrets management, and non-human identity security.

Foster a culture of accountability, engineering discipline, innovation, documentation, and operational excellence. Create and maintain architecture diagrams, engineering standards, SOPs, runbooks, implementation patterns, knowledge articles, and support handover documents.

Ensure documentation is audit-ready, operationally usable, and aligned to enterprise standards. Establish clear ownership models, RACI alignment, support handoffs, escalation paths, and post-implementation validation practices. Your Team You will be part of the Global Cybersecurity Privileged Access Management / Infrastructure Access Management team , responsible for engineering and modernizing enterprise privileged access, secrets management and non-human identity/account capabilities.

The team supports business-critical access platforms that enable secure infrastructure access, privileged credential management, session control, secrets management, and privileged access governance across the enterprise. This role will work closely with PAM Operations, PAM Governance, Cloud Security, Infrastructure, Application Technology, Risk, Audit, and Product teams to deliver secure, scalable, and resilient privileged access services.

Required Experience 16+ years of technology experience, with significant experience in cybersecurity, IAM, PAM, infrastructure security, or platform engineering. Strong hands-on experience with one or more leading PAM platforms such as CyberArk, HashiCorp Vault, BeyondTrust, Delinea, or CA-PAM .

Deep understanding of privileged account management, credential vaulting, session monitoring, password rotation, privileged access workflows, and least privilege principles. Experience leading large-scale PAM engineering or modernization initiatives in complex enterprise environments.

Strong knowledge of CyberArk architecture and components such as Vault, PVWA, CPM, PSM, PSMP, DR, connectors, policies, safes, platforms, and onboarding patterns. Experience with HashiCorp Vault architecture, secrets engines, authentication methods, policies, namespaces, replication, audit logging, and application integration patterns.

Experience integrating PAM solutions with IAM, SIEM, ServiceNow, SailPoint, Active Directory, cloud platforms, and enterprise monitoring tools. Strong understanding of Windows, Linux/Unix, databases, network devices, cloud platforms, service accounts, and application credential management.

Experience with platform upgrades, patching, DR validation, certificate management, vulnerability remediation, and operational readiness. Experience with Agile delivery, Jira, change management, incident management, problem management, and production support governance.

Technical Skills CyberArk: Vault, PVWA, CPM, PSM, PSMP, PTA, EPM, AIM/Conjur or Secrets Manager capabilities. HashiCorp Vault: KV, database secrets, AppRole, LDAP/OIDC, Kubernetes auth, PKI, transit, dynamic secrets, replication, audit logging.

Automation: PowerShell, Python, Shell scripting, REST APIs, Terraform, Ansible, CI/CD pipelines. Cloud: Azure, AWS, hybrid cloud identity and access patterns. Integrations: ServiceNow, SailPoint, Active Directory, LDAP, SIEM, monitoring platforms, application onboarding workflows.

Governance: audit evidence, access reviews, control validation, policy compliance, risk remediation. Leadership Skills Proven ability to lead technical initiatives and drive results across teams without relying solely on direct authority. Strong people leadership, mentoring, stakeholder management, and executive communication skills.

Ability to simplify complex technical topics for senior stakeholders, risk partners, and engineering teams. Strong ownership mindset with focus on stability, security, resilience, and measurable delivery outcomes. Ability to operate effectively across global teams and time zones.

Preferred Qualifications CyberArk Defender / Sentry / CDE certification. HashiCorp Vault Associate or Professional certification. Cloud certifications in Azure or AWS. Experience with non-human identity governance, secrets discovery, credential rotation automation, and elimination of hardcoded credentials.

Experience with PAM modernization programs, CA-PAM to CyberArk/HashiCorp migration, cloud-native PAM, and ephemeral access models. Familiarity with regulatory, audit, and risk expectations in financial services. Experience leading transformation from operational support models into engineering-led platform ownership.

Timely closure of audit findings, control gaps, and vulnerability remediation items. Successful migration from legacy PAM platforms to strategic PAM capabilities. Stronger engineering documentation, SOPs, runbooks, and operational handover readiness.

Measurable improvement in onboarding cycle time, incident reduction, and change success rate. Capability uplift across PAM engineering teams through mentoring, training, and certification. About State Street Across the globe, institutional investors rely on us to help them manage risk, respond to challenges, and drive performance and profitability.

We keep our clients at the heart of everything we do, and smart, engaged employees are essential to our continued success. We are committed to fostering an environment where every employee feels valued and empowered to reach their full potential.

As an essential partner in our shared success, you’ll benefit from inclusive development opportunities, flexible work-life support, paid volunteer days, and vibrant employee networks that keep you connected to what matters most. Join us in shaping the future.

As an Equal Opportunity Employer, we consider all qualified applicants for all positions without regard to race, creed, color, religion, national origin, ancestry, ethnicity, age, disability, genetic information, sex, sexual orientation, gender identity or expression, citizenship, marital status, domestic partnership or civil union status, familial status, military and veteran status, and other characteristics protected by applicable law.

Discover more information on jobs at StateStreet.com/careers Read our CEO Statement

Required skills

CyberArkHashiCorp VaultPIMAKVAWSautomationplatform modernizationAPIscriptingCI/CDTerraformPowerShellREST API
Posted on JobRush — the end-to-end AI job-search platform.