Privileged Access Management (PAM) Architect (Remote)
As a global leader in cybersecurity, CrowdStrike protects the people, processes and technologies that drive modern organizations. Since 2011, our mission hasn’t changed — we’re here to stop breaches, and we’ve redefined modern security with the world’s most advanced AI-native platform. Our customers span all industries, and they count on CrowdStrike to keep their businesses running, their communities safe and their lives moving forward. We’re also a mission-driven company. We cultivate a culture that gives every CrowdStriker both the flexibility and autonomy to own their careers. We’re always looking to add talented CrowdStrikers to the team who have limitless passion, a relentless focus on innovation and a fanatical commitment to our customers, our community and each other. Ready to join a mission that matters? The future of cybersecurity starts with you.
About the Role:
The Lead PAM Architect will be the technical leader responsible for designing, implementing, and maintaining the comprehensive PAM architecture strategy and systems across the CrowdStrike enterprise and the Falcon platform. This role demands extensive experience in securing privileged access, managing secrets, reducing risk, and ensuring compliance with industry regulations. The ideal candidate will guide implementation teams, mentor junior staff, and collaborate with cross-functional partners to mitigate risks and enhance the organization's security posture.
They will be empowered to make decisions, apply their deep expertise, and have their voice heard. They will be trusted to get the job done and chase our mission without someone looking over their shoulder.
What You’ll Do:
Strategy and Design: Develop and document a comprehensive PAM architecture strategy and roadmap that aligns with organizational objectives, enables users to get work done, and reduces security risk. .
Solution Implementation: Lead the design, development, and deployment of robust PAM solutions, including workload access controls, secrets management, and endpoint privilege management.
Technical Leadership: Act as a subject matter expert (SME) and technical leader for the PAM team, providing guidance, validation, and quality control for implementation and integration efforts.
Platform Management: Leverage expertise in PAM tools such as BeyondTrust Delinea, HashiCorp Vault, as well as custom on premises tools to enhance security measures and streamline access management processes.
Policy and Compliance: Design, implement, and enforce access control policies, standards, and procedures for privileged accounts, ensuring consistent and secure management and compliance with regulatory requirements (e.g., NIST, ISO 27001, PCI DSS, HIPAA, FedRAMP, DoD IL).
Collaboration and Integration: Partner with product engineering, IT operations, security, and compliance teams to ensure seamless integration of PAM solutions with existing systems (e.g., Active Directory, SIEM tools, cloud platforms, microservices).
Risk Management: Conduct regular assessments of PAM controls, analyze complex access control scenarios, and collaborate with business partners to identify and mitigate risks associated with privileged access.
Mentorship and Training: Mentor and coach team members, fostering a culture of continuous learning and professional growth within the organization. Participate in interviewing and hiring technical talent.
Troubleshooting: Lead the testing, troubleshooting, and resolution of complex technical issues across multiple layers to ensure successful deployment and ongoing operation of PAM systems
What You’ll Need:
Experience: 10+ years of experience in the IT industry, with a minimum of 5 years specifically in Privileged Access Management architecture and design.
Technical Expertise: Deep technical understanding of PAM capabilities, controls, and security technologies, including privileged account discovery, session management, JIT and DevOps secret management.
PAM Tools: Hands-on, expert-level experience with enterprise PAM platforms (e.g., CyberArk, Delinea, BeyondTrust).
Identity & Access Management: Expert experience in core IAM technologies (federation, directory services, MFA) and authentication protocols (SAML, OIDC, Kerberos, LDAP).
Cloud Knowledge: Experience with cloud IAM solutions and native architectures (Azure, AWS, OCI, or GCP).
Leadership & Communication: Strong leadership, influencing, and communication skills, with the ability to present complex information to senior leadership and cross-functional teams.
Problem-Solving: Strong analytical and critical thinking skills to analyze complex scenarios and develop appropriate solutions.
Education: A Bachelor's degree in Information Systems, Computer Science, or a related field is typically required; a Master's degree is a plus.
Certifications (Preferred): Relevant certifications such as CISSP, CISM, and PAM-specific certifications can enhance a candidate's profile
Bonus Points:
API security and key management best practices
Certificate lifecycle management and PKI
Infrastructure as Code (Terraform, CloudFormation, ARM templates)
CI/CD pipeline security and secrets injection
Scripting/automation (Python, PowerShell, Bash)
Experience with Cloud-scale, business-critical Linux and/or other Unix-like variant environments
#LI-Remote
#LI-AM1
Benefits of Working at CrowdStrike:
Market leader in compensation and equity awards
Comprehensive physical and mental wellness programs
Competitive vacation and holidays for recharge
Paid parental and adoption leaves
Professional development opportunities for all employees regardless of level or role
Employee Networks, geographic neighborhood groups, and volunteer opportunities to build connections
Vibrant office culture with world class amenities
Great Place to Work Certified™ across the globe
CrowdStrike is proud to be an equal opportunity employer. We are committed to fostering a culture of belonging where everyone is valued for who they are and empowered to succeed. We support veterans and individuals with disabilities through our affirmative action program.
CrowdStrike is committed to providing equal employment opportunity for all employees and applicants for employment. The Company does not discriminate in employment opportunities or practices on the basis of race, color, creed, ethnicity, religion, sex (including pregnancy or pregnancy-related medical conditions), sexual orientation, gender identity, marital or family status, veteran status, age, national origin, ancestry, physical disability (including HIV and AIDS), mental disability, medical condition, genetic information, membership or activity in a local human rights commission, status with regard to public assistance, or any other characteristic protected by law. We base all employment decisions--including recruitment, selection, training, compensation, benefits, discipline, promotions, transfers, lay-offs, return from lay-off, terminations and social/recreational programs--on valid job requirements.
If you need assistance accessing or reviewing the information on this website or need help submitting an application for employment or requesting an accommodation, please contact us at recruiting@crowdstrike.com for further assistance.
Find out more about your rights as an applicant.
CrowdStrike participates in the E-Verify program.
Notice of E-Verify Participation
CrowdStrike, Inc. is committed to fair and equitable compensation practices. Placement within the pay range is dependent on a variety of factors including, but not limited to, relevant work experience, skills, certifications, job level, supervisory status, and location. The base salary range for this position for all U.S. candidates is $145,000 - $220,000 per year, with eligibility for bonuses, equity grants and a comprehensive benefits package that includes health insurance, 401k and paid time off.For detailed information about the U.S. benefits package, please click here.