Privileged Access Management (PAM) Consultant - Shropshire - 3 days a week onsite - Contract role
Were looking for a seasoned Privileged Access Management (PAM) Consultant to lead strategic assessments and design robust PAM solutions across a complex, multi-platform hosting environment. This is a high-impact role focused on reducing risk, enhancing operational security, and aligning access control with modern best practices.
Youll work closely with infrastructure, security, and operations teams to evaluate current access models, identify over-privileged accounts, and architect scalable PAM strategies tailored to diverse on-premises systems.
?? Key Responsibilities
* Perform in-depth assessments of privileged access across enterprise infrastructure
* Identify gaps and risks in access provisioning, especially around elevated permissions (e.g., root, admin)
* Recommend improvements using RBAC, ABAC, and least privilege principles
* Design PAM architectures that support secure delegation across Windows, Linux, Solaris, and AIX platforms
* Evaluate and compare PAM solutions (e.g., CyberArk, BeyondTrust, Delinea) for technical fit and scalability
* Produce detailed documentation including architecture diagrams, risk assessments, and implementation roadmaps
* Collaborate with cross-functional teams to align PAM strategies with business and technical goals
* Support PoC and pilot deployments to validate solution effectiveness
* Provide expert guidance on credential vaulting, session monitoring, access workflows, and policy enforcement
?? Required Skills & Experience
* 10+ years in PAM consulting and implementation, with a focus on infrastructure assessment and solution design
* Deep expertise in RBAC and ABAC models
* Strong understanding of on-premises hosting environments
* Hands-on experience with Windows, Linux, Solaris, and AIX
* Familiarity with Active Directory, LDAP, SSH key management, and service account governance
* Proficiency with PAM tools such as CyberArk, BeyondTrust, Delinea
* Knowledge of identity federation and authentication protocols (Kerberos, SAML, OAuth)
* Exceptional analytical, documentation, and presentation skills
Job Title: Privileged Access Management (PAM) Consultant
Location: West Midlands, UK
Job Type: Contract
Trading as TEKsystems. Allegis Group Limited, Maxis 2, Western Road, Bracknell, RG12 1RT, United Kingdom. No. 2876353. Allegis Group Limited operates as an Employment Business and Employment Agency as set out in the Conduct of Employment Agencies and Employment Businesses Regulations 2003. TEKsystems is a company within the Allegis Group network of companies (collectively referred to as "Allegis Group"). Aerotek, Aston Carter, EASi, Talentis Solutions, TEKsystems, Stamford Consultants and The Stamford Group are Allegis Group brands. If you apply, your personal data will be processed as described in the Allegis Group Online Privacy Notice available at https://www.allegisgroup.com/en-gb/privacy-notices.
To access our Online Privacy Notice, which explains what information we may collect, use, share, and store about you, and describes your rights and choices about this, please go to https://www.allegisgroup.com/en-gb/privacy-notices.
We are part of a global network of companies and as a result, the personal data you provide will be shared within Allegis Group and transferred and processed outside the UK, Switzerland and European Economic Area subject to the protections described in the Allegis Group Online Privacy Notice. We store personal data in the UK, EEA, Switzerland and the USA. If you would like to exercise your privacy rights, please visit the "Contacting Us" section of our Online Privacy Notice at https://www.allegisgroup.com/en-gb/privacy-notices for details on how to contact us. To protect your privacy and security, we may take steps to verify your identity, such as a password and user ID if there is an account associated with your request, or identifying information such as your address or date of birth, before proceeding with your request. If you are resident in the UK, EEA or Switzerland, we will process any access request you make in accordance with our commitments under the UK Data Protection Act, EU-U.S. Privacy Shield or the Swiss-U.S. Privacy Shield.
JBRP1_UKTJ