We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search
#alert
Back to search results / More jobs like this
Back to search results
New
Zelis Healthcare, LLC jobs

Senior Privileged Access Management Engineer

Zelis Healthcare, LLC
paid time off, 401(k)
United States, New Jersey, Morristown
Mar 24, 2026

At Zelis, we Get Stuff Done. So, let's get to it!

A Little About Us

Zelis is modernizing the healthcare financial experience across payers, providers, and healthcare consumers. We serve more than 750 payers, including the top five national health plans, regional health plans, TPAs and millions of healthcare providers and consumers across our platform of solutions. Zelis sees across the system to identify, optimize, and solve problems holistically with technology built by healthcare experts - driving real, measurable results for clients.

A Little About You

You bring a unique blend of personality and professional expertise to your work, inspiring others with your passion and dedication. Your career is a testament to your diverse experiences, community involvement, and the valuable lessons you've learned along the way. You are more than just your resume; you are a reflection of your achievements, the knowledge you've gained, and the personal interests that shape who you are.

Position Overview

Leads privileged access management and TLS certificate lifecycle activities for Zelis IT systems

Senior Privileged Access Management (PAM) Engineer - Team Lead
Overview

We are seeking a highly skilled and motivated Senior PAM Engineer - Team Lead to join the Identity and Access Management (IAM) team. This is a hands-on technical leadership role, ideal for someone who thrives in dynamic environments and is passionate about Security, PAM, Automation, and Machine Identity Management.

***This is a hybrid role with the expectation to go into the office 1 day/week in the Morristown, NJ office***

This role will focus on CyberArk Privilege Cloud and Venafi TLS certificate management, supporting a hybrid enterprise environment spanning Active Directory, Azure, and AWS.

Key Responsibilities

  • Manage and enhance privileged access lifecycle capabilities using CyberArk Privilege Cloud, including credential vaulting, session management, privileged session monitoring, and Just-in-Time (JIT) access.

  • Design and implement PAM solutions aligned with organizational security standards, including least privilege enforcement, credential rotation, session isolation, and privileged access workflows across enterprise systems.

  • Lead engineering initiatives to integrate PAM controls across infrastructure and applications, including Active Directory, Azure AD, AWS IAM, and cloud-native services.

  • Develop and maintain machine identity management solutions using Venafi, including TLS certificate lifecycle management, automation of certificate issuance/renewal, and integration with enterprise platforms and DevOps pipelines.

  • Architect and implement automation frameworks and accelerators to streamline PAM and certificate management processes, improving scalability, auditability, and operational efficiency.

  • Analyze and troubleshoot PAM and certificate management system issues, conducting root cause analysis and implementing durable solutions to improve system reliability and security posture.

  • Collaborate with infrastructure, security, DevOps, and application teams to onboard systems into CyberArk and Venafi, ensuring consistent enforcement of privileged access and certificate policies.

  • Monitor PAM and machine identity platforms to ensure performance, availability, and compliance with organizational policies and SOPs. Lead response efforts for critical incidents involving privileged accounts or certificate outages.

  • Provide technical leadership and mentorship to junior engineers, promoting best practices in PAM, automation, and secure design.

  • Drive continuous improvement by researching emerging PAM and machine identity trends, including secrets management, workload identity, and cloud-native privilege models.

  • Develop and maintain documentation including architecture diagrams, onboarding guides, SOPs, and knowledge base articles for PAM and certificate management operations.

Qualifications

  • Proven experience implementing and managing CyberArk Privilege Cloud in an enterprise environment, including vaulting, CPM, PSM, and session management.

  • Hands-on experience with Venafi (or similar certificate lifecycle management platforms) for managing TLS/SSL certificates at scale.

  • Strong understanding of PAM principles, including least privilege, credential management, session monitoring, JIT access, and privileged threat mitigation.

  • Experience working in hybrid environments with Active Directory, Azure AD, and AWS IAM.

  • Proficiency in scripting and automation (e.g., PowerShell, Python) and experience with automation platforms (e.g., Azure Automation, AWS Lambda, CI/CD pipelines).

  • Familiarity with authentication and authorization mechanisms, including Kerberos, LDAP, SAML, OAuth, OpenID Connect, and secrets/token-based authentication.

  • Experience integrating PAM solutions with enterprise systems using REST APIs, secure authentication methods, and service accounts.

  • Strong understanding of TLS/SSL, PKI concepts, certificate authorities, and cryptographic standards.

  • Excellent communication and collaboration skills, with the ability to work across technical and business teams.

  • Ability to lead technical initiatives and deliver results without direct managerial authority.

Preferred Qualifications

  • CyberArk certifications (e.g., CyberArk Defender, Sentry, or Guardian).

  • Experience with DevOps and secrets management tools (e.g., HashiCorp Vault, Kubernetes secrets, Azure Key Vault, AWS Secrets Manager).

  • Familiarity with compliance and regulatory frameworks (e.g., SOX, HIPAA, PCI-DSS, NIST).

  • Experience with cloud-native PAM capabilities (e.g., Azure Privileged Identity Management (PIM), AWS IAM Access Analyzer).

  • Knowledge of containerized and microservices environments and their impact on privileged access and certificate management.

Please note at this time we are unable to proceed with candidates who require visa sponsorship now or in the future.

Location and Workplace Flexibility

We have offices in Atlanta GA, Boston MA, Morristown NJ, Plano TX, St. Louis MO, St. Petersburg FL, and Hyderabad, India. We foster a hybrid and remote friendly culture, and all our employee's work locations are based on the needs of the position and determined by the Leadership team. In-office work and activities, if applicable, vary based on the work and team objectives in accordance with Company policies.

Base Salary Range

$127,000.00 - $160,550.00

At Zelis we are committed to providing fair and equitable compensation packages. The base salary range allows us to make an offer that considers multiple individualized factors, including experience, education, qualifications, as well as job-related and industry-related knowledge and skills, etc. Base pay is just one part of our Total Rewards package, which may also include discretionary bonus plans, commissions, or other incentives depending on the role.

Zelis' full-time associates are eligible for a highly competitive benefits package as well, which demonstrates our commitment to our employees' health, well-being, and financial protection. The US-based benefits include a 401k plan with employer match, flexible paid time off, holidays, parental leaves, life and disability insurance, and health benefits including medical, dental, vision, and prescription drug coverage.

Equal Employment Opportunity
Zelis is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

We welcome applicants from all backgrounds and encourage you to apply even if you don't meet 100% of the qualifications for the role. We believe in the value of diverse perspectives and experiences and are committed to building an inclusive workplace for all.

Accessibility Support
We are dedicated to ensuring our application process is accessible to all candidates. If you are a qualified individual with a disability or a disabled veteran and require a reasonable accommodation with any part of the application and/or interview process, please email TalentAcquisition@zelis.com.

Disclaimer

The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified. All personnel may be required to perform duties outside of their normal responsibilities, duties, and skills from time to time.

Applied = 0
MORE JOBS LIKE THIS

(web-bd9584865-kzk4k)