Logo
Bank of America

Privileged Access Management (PAM) Specialist (Active Directory Architecture exp

Bank of America, Washington

Save Job

Privileged Access Management (PAM) Specialist (Active Directory Architecture experience required)

Bank of America invites you to apply for the Privileged Access Management (PAM) Specialist role.

Job Summary

Join one of the largest financial institutions in the U.S. as a Privileged Access Specialist dedicated to safeguarding the bank’s most critical assets. This role focuses on Active Directory, Microsoft Entra ID, and other Tier 0 infrastructure.

Key Responsibilities

  • Secure Tier 0 assets: Implement and enforce privileged access controls for Active Directory, Entra ID, and other Tier 0 systems.
  • Attack path mitigation: Use tools like Semperis, BloodHound, SentinelOne to identify and remediate attack paths, reducing lateral movement risks.
  • Automation & scripting: Develop and maintain PowerShell scripts to automate security tasks and enforce compliance.
  • Governance & compliance: Ensure adherence to IAM standards, regulatory requirements (NIST, ISO, FFIEC), and internal security policies.
  • Risk assessment: Evaluate privileged access risks during technology and business decisions; recommend mitigation strategies.
  • Collaboration: Partner with IAM, PAM governance, and infrastructure teams to design and implement secure solutions.
  • Continuous improvement: Monitor industry trends and propose enhancements to PAM strategy and tooling.
  • Incident response support: Assist in investigations involving privileged accounts and Tier 0 systems.

Required Qualifications

  • Strong knowledge of AD architecture, including forest domains, trees, and trust/FMSO/sites configuration.
  • Deep understanding of ACLs and permission models in Active Directory.
  • Experience with attack path analysis and tools (BloodHound, SentinelOne, etc.).
  • Proficiency in PowerShell scripting for automation and security hardening.
  • 5+ years in cybersecurity or identity management focused on privileged access or Active Directory security.
  • Expert‑level knowledge of Bloodhound, Active Directory and Microsoft Entra ID administration.
  • Knowledge of Zero Trust principles, least privilege enforcement, and PAM best practices.
  • Experience with authentication protocols (Kerberos, LDAP, SAML, OAuth) and federation technologies.
  • Experience with cloud identity security (Azure AD, Entra ID) and hybrid environments.
  • Strong risk management mindset and ability to influence stakeholders.

Desired Qualifications

  • 3+ years technical experience in attack path analysis.
  • 5+ years experience administering Active Directory and Entra.
  • Security certifications such as CISSP, CISM, CEH, OSCP, CRTP.
  • Experience with PAM vendors and tools (CyberArk, Hashi, BeyondTrust, etc.).
  • Familiarity with compliance frameworks (NIST, ISO/IEC, FFIEC).

Additional Information

Shift: 1st shift (United States). Hours per week: 40. Employment type: Full‑time (Mid‑Senior level). Industry: Banking.

#J-18808-Ljbffr