Role: PAM Specialist REF100359. Contract Length: until 30/09/2026, possible extension. Location: Culham, 2-3 days/week on site. IR35: Inside. Pay Rate to Intermediary: £80 per hour. Security Clearance: BPSS, eligible for SC clearance. Spinwell is recruiting for a PAM Specialist for an excellent opportunity within the public sector.
Responsibilities of the PAM Specialist
* Implement and configure BeyondTrust Password Safe for credential vaulting and management
* Deploy and manage BeyondTrust Privileged Remote Access for secure vendor and admin access
* Configure automated password rotation policies for privileged and service accounts
* Implement privileged session recording, monitoring, and keystroke logging
* Configure Just-in-Time (JIT) access workflows and approval processes
* Onboard Windows, Linux/Unix servers, network devices, and applications to the PAM platform
* Discover and vault service accounts, application accounts, and shared credentials
* Configure Smart Rules for automated account discovery and management
* Implement session proxy configurations for RDP, SSH, and application access
* Develop break-glass procedures and emergency access workflows
* Integrate BeyondTrust with SIEM for security monitoring and alerting
* Configure BeyondTrust connectors for Active Directory, Entra ID, and target systems
* Manage platform upgrades, patching, and health monitoring
* Troubleshoot connector issues, session failures, and platform errors
* Maintain documentation of PAM configurations, policies, and operational runbooks
* Support audit and compliance activities with reporting and evidence gathering
Essential Skills and Experience
* Hands‑on experience implementing and managing PAM toolkits
* Experience with Privileged Remote Access configuration and management
* Strong understanding of credential vaulting, password rotation, and check‑in/check‑out workflows
* Experience configuring privileged session recording and monitoring
* Knowledge of service account discovery and lifecycle management
* Experience onboarding Windows Server, Linux/Unix, and network devices to PAM platforms
* Understanding of Active Directory privileged account management
* Experience with SIEM integration for PAM event logging and alerting
* Working knowledge of security frameworks: ISO 27001, NIST CSF
* Strong troubleshooting skills for connector and session issues
* Good documentation skills for technical configurations and runbooks
* Ability to obtain SC-level national security clearance
Desirable Skills and Experience
* Degree in Information Security, Computer Science, or related STEM field
* BeyondTrust certifications (Password Safe Administrator, Privileged Remote Access)
* Experience with BeyondTrust Endpoint Privilege Management
* Experience with other PAM platforms (CyberArk, Delinea)
* Scripting skills (PowerShell, Python) for automation
* Experience with database privileged access (SQL Server, Oracle)
* Familiarity with ITSM workflows and change control procedures
* Experience in public sector or critical national infrastructure environments
* Knowledge of OT/ICS environments and industrial systems access requirements
We welcome all applications regardless of background, in line with our commitment to diversity, equality and inclusion.
#J-18808-Ljbffr