IDAM Privileged Access Management (PAM) Engineer

POSITION SUMMARY
Zoetis, Inc. is the world's largest producer of medicine and vaccinations for pets and livestock. The Zoetis Tech & Digital (ZTD) Global Technology Risk Management Organization is a key building block of ZTD.

Join us at Zoetis India Capability Center (ZICC) in Hyderabad, where innovation meets excellence. As part of the world's leading animal healthcare company, ZICC is at the forefront of driving transformative advancements and applying technology to solve the most complex problems. Our mission is to ensure sustainable growth and maintain a competitive edge for Zoetis globally by leveraging the exceptional talent in India.

At ZICC, you'll be part of a dynamic team that partners with colleagues worldwide, embodying the true spirit of One Zoetis. Together, we ensure seamless integration and collaboration, fostering an environment where your contributions can make a real impact. Be a part of our journey to pioneer innovation and drive the future of animal healthcare.

The global Identity, Directory & Access Management (IDAM) team defines and enforces policies, executes processes, and enables systems to ensure appropriate access management across Zoetis' digital ecosystem. Key IDAM functions at Zoetis include Identity Governance & Administration (IGA), Directory & Authentication Services, Multi-Factor Authentication (MFA), Public Key Infrastructure (PKI), Customer Identity & Access Management (CIAM), and Privileged Access Management (PAM), among others.

The IDAM PAM Engineer is responsible for managing Privileged Access Management (PAM) services from both a technology and operational perspective within the Zoetis India Capability Center (ZICC). This Engineer is responsible for designing, implementing, maintaining, and securing systems that control privileged access within the Zoetis digital ecosystem. The goal is to protect sensitive systems and data from internal and external threats by managing how high-level permissions are granted, used, and audited with a focus on maximum uptime and operational efficiency. The engineer must possess deep technical proficiency in key areas while maintaining a broad understanding of related technologies, as well as collaborating with stakeholders across a multitude of technology teams.

POSITION RESPONSIBILITIES
    Percent of Time
•    Maintain, configure, and operate the Privileged Access Management (PAM) platforms and related integrations with a focus on hands-on implementation and technical engineering.
•    Develop, test, and deploy advanced functionalities and integrations to expand PAM coverage to additional and new use cases as opportunities arise.
•    Build, code, and customize functionality to ensure ease-of-use for privileged users.
•    Monitor and optimize system performance, ensuring maximum uptime, scalability, and security of IDAM services.
•    Provide Level 2 (L2) and Level 3 (L3) support for PAM-related issues, troubleshooting complex problems and delivering timely, high-quality user experiences.
•    Participate in shift rotations to deliver 16x5 operations for IDAM services and provide off-hours escalation support for high-priority incidents (P1, P2).
•    Plan, execute, and supervise installations, maintenance, and changes across in-scope IDAM systems and services, utilizing coding and engineering expertise for efficient implementation.
•    Identify opportunities to optimize IDAM solutions, introduce new features, and build compelling business cases to support strategic initiatives.
•    Act as a hands-on technical subject matter expert, offering detailed coding, configuration, and engineering guidance for relevant IDAM programs and initiatives.
•    Ensure compliance with global IDAM policies and processes, as well as relevant regulatory requirements, delivering secure and efficient access to Zoetis information systems for all users.
•    Collaborate closely with technology, infrastructure, platform, and application teams and other stakeholders to maintain data quality and integrity while aligning IDAM services with business objectives.
    100%

ORGANIZATIONAL RELATIONSHIPS

•    Reports directly to ZICC IDAM IGA & PAM Technology Lead, with dotted line to US-based Head of IDAM and IDAM Operations Lead
•    Be part of the global Technology Risk Management organization, which reports to the Chief Information Security Officer (CISO).
•    Collaborate regularly with ZTD application, business partner, and infrastructure teams
•    Interact with external vendors or partners providing software, services, or APIs that require integration with IDAM systems, including establishing requirements, negotiating contracts, and facilitating technical integration.
•    Collaborate with implementation partners responsible for deploying, configuring, or maintaining integrated solutions within Zoetis’ IT landscape.

EDUCATION AND EXPERIENCE 
Education:
•    University Degree in Computer Science or Information Systems is required 
•    MS or advanced security/identity courses or other applicable certifications is desirable, including
o    Certified Information Systems Security Professional (CISSP) 
Experience:
• Minimum 6+ years of experience in Information Systems
• 4+ years of detailed, hands-on experience with PAM
• 2+ years of experience in the pharmaceutical or other regulated industry, especially Animal Health.
• Experience working with global teams across multiple time zones.
• Proven experience in managing medium to large-scale, global IT projects.
• Demonstrated ability to work within diverse technical teams.
• Proven experience in leading technical teams and managing end-to-end solution delivery.
• Strong experience collaborating with Managed Service Providers (MSPs), with a focus on ensuring quality and alignment.

TECHNICAL SKILLS REQUIREMENTS
This is a detailed, hands-on technical and functional role. The ideal candidate will demonstrate proficiency in these areas and provide leadership with respect to specific technologies:

•    Privileged Access Management:
o    Detailed expertise with Delinea Secret Server (or similar password vaulting platforms), including password vaulting, rotation, and managing systems across different subnets or domains using Distributed Engines (DE).
o    Deep expertise with Netwrix SecureONE (or similar platforms) for Just-in-Time Access (JITA), Zero Standing Privilege (ZSP), and privileged access discovery to minimize risks and prevent lateral movement.
o    Experience integrating PAM solutions with Windows, Linux, Databases, Network Devices, etc.
o    Proven experience in architecting PAM solutions to ensure high availability, eliminating single points of failure, and guaranteeing that the solutions will be accessible when needed.
o    Experience securing privileged access to social media and other unmanageable (non-SSO compatible) platforms using tools such as Cerby.
o    Knowledge of and experience with additional PAM platforms is a plus, especially CyberArk and Netwrix Access Manager.
•    Enterprise & Cloud Directories:
o    Proficiency with Microsoft Active Directory (AD), including account and group management and administration.
o    Functional understanding of Microsoft Entra ID (formerly Azure AD), including Conditional Access Policies, Modern Authentication, Single Sign-On (SSO), etc…
o    Proficiency in PowerShell scripting for automation of account provisioning/deprovisioning, troubleshooting, and directory-related tasks.
•    End-User and Technology Team Support:
o    Experience providing or supervising Level 2 (L2) and Level 3 (L3) support for identity and authentication issues for end users and technology teams.
o    Knowledge of troubleshooting authentication failures and collaborating with application teams to resolve availability issues.
o    Familiarity with incident response and root cause analysis for authentication service outages, identity synchronization issues, and cybersecurity events.
o    Experience working with Service Desk, Site Services, and Security Operations teams to enhance IAM support processes.
•    Desirable Skills:
o    Experience with Microsoft Power Apps is a plus, including building or customizing forms and applications to enhance identity-related workflows or integrations.
o    Experience with data analytics and automation tools, such as Alteryx, for streamlining workflows and troubleshooting data-related issues is a plus.
o    Familiarity with data warehousing concepts and the ability to collaborate effectively with teams managing data warehouses to support identity-related processes is a plus.
•    Must be fluent in both written and spoken English, with the ability to communicate effectively across technical and non-technical audiences.

PHYSICAL POSITION REQUIREMENTS 

Availability to work between 1 PM IST to 10 PM IST, ensuring a minimum of 3 hours of daily overlap with the US Eastern Time zone. Flexibility to provide off-hours escalation support for high-priority incidents (P1, P2) as needed.