PAM Specialist – Central Government

Role: PAM Specialist REF100359. Contract Length: until 30/09/2026, possible extension. Location: Culham, 2-3 days/week on site. IR35: Inside. Pay Rate to Intermediary: £80 per hour. Security Clearance: BPSS, eligible for SC clearance. Spinwell is recruiting for a PAM Specialist for an excellent opportunity within the public sector.

Responsibilities of the PAM Specialist

• Implement and configure BeyondTrust Password Safe for credential vaulting and management
• Deploy and manage BeyondTrust Privileged Remote Access for secure vendor and admin access
• Configure automated password rotation policies for privileged and service accounts
• Implement privileged session recording, monitoring, and keystroke logging
• Configure Just-in-Time (JIT) access workflows and approval processes
• Onboard Windows, Linux/Unix servers, network devices, and applications to the PAM platform
• Discover and vault service accounts, application accounts, and shared credentials
• Configure Smart Rules for automated account discovery and management
• Implement session proxy configurations for RDP, SSH, and application access
• Develop break-glass procedures and emergency access workflows
• Integrate BeyondTrust with SIEM for security monitoring and alerting
• Configure BeyondTrust connectors for Active Directory, Entra ID, and target systems
• Manage platform upgrades, patching, and health monitoring
• Troubleshoot connector issues, session failures, and platform errors
• Maintain documentation of PAM configurations, policies, and operational runbooks
• Support audit and compliance activities with reporting and evidence gathering

Essential Skills and Experience

• Hands‑on experience implementing and managing PAM toolkits
• Experience with Privileged Remote Access configuration and management
• Strong understanding of credential vaulting, password rotation, and check‑in/check‑out workflows
• Experience configuring privileged session recording and monitoring
• Knowledge of service account discovery and lifecycle management
• Experience onboarding Windows Server, Linux/Unix, and network devices to PAM platforms
• Understanding of Active Directory privileged account management
• Experience with SIEM integration for PAM event logging and alerting
• Working knowledge of security frameworks: ISO 27001, NIST CSF
• Strong troubleshooting skills for connector and session issues
• Good documentation skills for technical configurations and runbooks
• Ability to obtain SC-level national security clearance

Desirable Skills and Experience

• Degree in Information Security, Computer Science, or related STEM field
• BeyondTrust certifications (Password Safe Administrator, Privileged Remote Access)
• Experience with BeyondTrust Endpoint Privilege Management
• Experience with other PAM platforms (CyberArk, Delinea)
• Scripting skills (PowerShell, Python) for automation
• Experience with database privileged access (SQL Server, Oracle)
• Familiarity with ITSM workflows and change control procedures
• Experience in public sector or critical national infrastructure environments
• Knowledge of OT/ICS environments and industrial systems access requirements

We welcome all applications regardless of background, in line with our commitment to diversity, equality and inclusion.

#J-18808-Ljbffr…