Citigroup Inc.
Privileged Access Management (PAM) Infrastructure Automation Engineer
Citigroup Inc., Irving, Texas, United States, 75084
About Citi
Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments, and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management.
As a bank with a brain and a soul, Citi creates economic value that is systemically responsible and, in our clients’ best interests. As a financial institution that touches every region of the world and every sector that shapes your daily life, our Enterprise Operations & Technology teams are charged with a mission that rivals any large tech company. Our technology solutions are the foundations of everything we do from keeping the bank safe, managing global resources, and providing the technical tools our workers need to be successful to designing our digital architecture and ensuring our platforms provide a first-class customer experience. We reimagine client and partner experiences to deliver excellence through secure, reliable, and efficient services.
Our commitment to diversity includes a workforce that represents the clients we serve from all walks of life, backgrounds, and origins. We foster an environment where the best people want to work. We value and demand respect for others, promote individuals based on merit, and ensure opportunities for personal development are widely available to all. Ideal candidates are innovators with well‑rounded backgrounds who bring their authentic selves to work and complement our culture of delivering results with pride. If you are a problem solver who seeks passion in your work, come join us. We’ll enable growth and progress together.
About the Team The
Chief Information Security Office (CISO)
is home to deeply talented colleagues that work to ensure the safety of Citi’s clients, revenue, employees and proprietary data. We manage information security as one end‑to‑end program – one with a clear mandate and accountability. Our mission is a program that is fully anchored to modern control and architectural frameworks, is fully aligned with the enterprise architecture of the firm and is deeply integrated into the sectors and functions.
Role As a
Privileged Access Management (PAM) Infrastructure Automation Engineer , you will be joining Citi’s Information Security Office, where our Secrets Engineering team holds global responsibilities for designing, architecting, and implementing robust Privileged Access Management (PAM), Identity & Access Management (IAM), and Privileged Identity Management (PIM) solutions. You will be a key contributor to the security posture of the firm, focusing on architectural design, development, and operational excellence. This is a critical and continuously evolving domain within cybersecurity, addressing the core challenges of controlling access and managing the lifecycle of highly privileged accounts and sensitive secrets across the enterprise. As the volume of accounts under management steadily grows, our team is dedicated to meeting these challenges head‑on, ensuring a crucial balance between stringent security requirements and the operational needs of the firm. We are looking for a highly skilled and motivated individual with a deep understanding of secrets and privileged access management. The ideal candidate will possess a strong technical background, excellent communication skills, and a proactive approach to problem‑solving.
Qualifications
6+ years of relevant work experience in
Infrastructure Automation ,
Software Engineering , with a strong focus on
Cybersecurity
or
Secrets Management .
Proficient in
Configuration management
tool
Ansible
is a must; good experience with Chef and Terraform is a big plus.
Hands‑on experience with
RPM
or other
Software Packaging Mechanisms
is required as part of the product rollouts, installation and upgrades.
Demonstrated SME in
Privileged Access Management (PAM)
and
Credential Vaulting
technologies.
Exceptional collaboration skills with a proven ability to influence and work alongside cross‑functional teams on secure design patterns and best practices.
Strong command of
PowerShell ,
T‑SQL ,
SQL ,
PL/SQL ,
Unix Shell Scripting , and
Perl .
Hands‑on experience with
Unix/Linux distributions
and
Windows Operating Systems .
Proficient with the architecture of major database systems such as
Oracle ,
MongoDB , and
Microsoft SQL Server .
Solid understanding of
Encryption Algorithms ,
Public Key Infrastructure (PKI) , and
Active Directory Domain Services .
Solid foundation in
Software Testing principles
and implementing
Test Automation .
Proven experience with DevOps practices, Continuous Integration/Continuous Delivery (CI/CD) pipelines, and Agile methodologies.
Demonstrated experience in optimizing complex workflows and contributing to reporting streams meeting audit and compliance requirements.
Competencies
Highly motivated self‑starter with a proactive and innovative approach to problem‑solving and troubleshooting.
Excellent interpersonal, oral, and written communication skills, with the ability to articulate complex technical concepts clearly.
Well‑versed in Product and Software Development/Engineering Life Cycle (SDLC) processes.
Has the ability to operate with a limited level of direct supervision.
Acts as SME to senior stakeholders and/or other team members.
Aptitude for staying current with, understanding, and adopting beneficial industry trends.
Receptive to collaborating effectively in a global work environment.
Preferred Qualifications
Direct experience with
CyberArk Suite of products , including
PAS (Privileged Account Security) ,
PSM (Privileged Session Manager) , and
AAM (Application Access Manager)
is a plus.
Familiarity with
Security best practices
and
Identity and Access Management (IAM)
concepts within the Secrets Management space is a plus.
Education Bachelor’s Degree in
Computer Science ,
Information Security , related fields, or
equivalent practical work experience .
Benefits In addition to salary, Citi’s offerings may also include, for eligible employees, discretionary and formulaic incentive and retention awards. Citi offers competitive employee benefits, including medical, dental & vision coverage; 401(k); life, accident, and disability insurance; and wellness programs. Citi also offers paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays.
Location & Salary Primary location: Irving, Texas, United States. Full‑time salary range: $125,760.00 - $188,640.00.
Posting Close Date Jan 05, 2026
EEO Statement Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity, view Citi’s Accessibility at Citi. View Citi’s EEO Policy Statement and the Know Your Rights poster.
#J-18808-Ljbffr
As a bank with a brain and a soul, Citi creates economic value that is systemically responsible and, in our clients’ best interests. As a financial institution that touches every region of the world and every sector that shapes your daily life, our Enterprise Operations & Technology teams are charged with a mission that rivals any large tech company. Our technology solutions are the foundations of everything we do from keeping the bank safe, managing global resources, and providing the technical tools our workers need to be successful to designing our digital architecture and ensuring our platforms provide a first-class customer experience. We reimagine client and partner experiences to deliver excellence through secure, reliable, and efficient services.
Our commitment to diversity includes a workforce that represents the clients we serve from all walks of life, backgrounds, and origins. We foster an environment where the best people want to work. We value and demand respect for others, promote individuals based on merit, and ensure opportunities for personal development are widely available to all. Ideal candidates are innovators with well‑rounded backgrounds who bring their authentic selves to work and complement our culture of delivering results with pride. If you are a problem solver who seeks passion in your work, come join us. We’ll enable growth and progress together.
About the Team The
Chief Information Security Office (CISO)
is home to deeply talented colleagues that work to ensure the safety of Citi’s clients, revenue, employees and proprietary data. We manage information security as one end‑to‑end program – one with a clear mandate and accountability. Our mission is a program that is fully anchored to modern control and architectural frameworks, is fully aligned with the enterprise architecture of the firm and is deeply integrated into the sectors and functions.
Role As a
Privileged Access Management (PAM) Infrastructure Automation Engineer , you will be joining Citi’s Information Security Office, where our Secrets Engineering team holds global responsibilities for designing, architecting, and implementing robust Privileged Access Management (PAM), Identity & Access Management (IAM), and Privileged Identity Management (PIM) solutions. You will be a key contributor to the security posture of the firm, focusing on architectural design, development, and operational excellence. This is a critical and continuously evolving domain within cybersecurity, addressing the core challenges of controlling access and managing the lifecycle of highly privileged accounts and sensitive secrets across the enterprise. As the volume of accounts under management steadily grows, our team is dedicated to meeting these challenges head‑on, ensuring a crucial balance between stringent security requirements and the operational needs of the firm. We are looking for a highly skilled and motivated individual with a deep understanding of secrets and privileged access management. The ideal candidate will possess a strong technical background, excellent communication skills, and a proactive approach to problem‑solving.
Qualifications
6+ years of relevant work experience in
Infrastructure Automation ,
Software Engineering , with a strong focus on
Cybersecurity
or
Secrets Management .
Proficient in
Configuration management
tool
Ansible
is a must; good experience with Chef and Terraform is a big plus.
Hands‑on experience with
RPM
or other
Software Packaging Mechanisms
is required as part of the product rollouts, installation and upgrades.
Demonstrated SME in
Privileged Access Management (PAM)
and
Credential Vaulting
technologies.
Exceptional collaboration skills with a proven ability to influence and work alongside cross‑functional teams on secure design patterns and best practices.
Strong command of
PowerShell ,
T‑SQL ,
SQL ,
PL/SQL ,
Unix Shell Scripting , and
Perl .
Hands‑on experience with
Unix/Linux distributions
and
Windows Operating Systems .
Proficient with the architecture of major database systems such as
Oracle ,
MongoDB , and
Microsoft SQL Server .
Solid understanding of
Encryption Algorithms ,
Public Key Infrastructure (PKI) , and
Active Directory Domain Services .
Solid foundation in
Software Testing principles
and implementing
Test Automation .
Proven experience with DevOps practices, Continuous Integration/Continuous Delivery (CI/CD) pipelines, and Agile methodologies.
Demonstrated experience in optimizing complex workflows and contributing to reporting streams meeting audit and compliance requirements.
Competencies
Highly motivated self‑starter with a proactive and innovative approach to problem‑solving and troubleshooting.
Excellent interpersonal, oral, and written communication skills, with the ability to articulate complex technical concepts clearly.
Well‑versed in Product and Software Development/Engineering Life Cycle (SDLC) processes.
Has the ability to operate with a limited level of direct supervision.
Acts as SME to senior stakeholders and/or other team members.
Aptitude for staying current with, understanding, and adopting beneficial industry trends.
Receptive to collaborating effectively in a global work environment.
Preferred Qualifications
Direct experience with
CyberArk Suite of products , including
PAS (Privileged Account Security) ,
PSM (Privileged Session Manager) , and
AAM (Application Access Manager)
is a plus.
Familiarity with
Security best practices
and
Identity and Access Management (IAM)
concepts within the Secrets Management space is a plus.
Education Bachelor’s Degree in
Computer Science ,
Information Security , related fields, or
equivalent practical work experience .
Benefits In addition to salary, Citi’s offerings may also include, for eligible employees, discretionary and formulaic incentive and retention awards. Citi offers competitive employee benefits, including medical, dental & vision coverage; 401(k); life, accident, and disability insurance; and wellness programs. Citi also offers paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays.
Location & Salary Primary location: Irving, Texas, United States. Full‑time salary range: $125,760.00 - $188,640.00.
Posting Close Date Jan 05, 2026
EEO Statement Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity, view Citi’s Accessibility at Citi. View Citi’s EEO Policy Statement and the Know Your Rights poster.
#J-18808-Ljbffr