Principal PAM Engineer - Onsite or Remote

Whole Foods Market Austin, TX

About the Job

Whole Foods Market is looking for a talented individual to design and drive implementation of Privileged Access Management (PAM) services and infrastructure. This is a technical role on a team with equally dedicated and passionate engineers supporting our PAM services.

The PAM Engineer will be based with the Global Technology Team in Austin, TX. We are open to consider/discuss remote work from home situations. The internal job title in Principal Identity and Access Engineer.


  • Drive the execution of the next generation of Privileged Access Management (PAM) technologies, including owning the overall roadmap, producing regular status updates, and diving deep to resolve issues as they arise
  • Establish session isolation and controls for privileged identities including Privileged Access Workstations (PAW)
  • Work closely with technology and business stakeholders across Whole Foods Market and associated organizations
  • Lead cross-functionally to accelerate the development and deployment of new security features
  • Proactively identify and resolve challenges and issues that may impair the team’s ability to meet strategic, business, and technical goals
  • Establish PAM strategy, architecture, and designs
  • Securely manage the identity lifecycle, including user authentication and authorization for on-premise and cloud solutions
  • Develop solutions using a cloud first approach within Amazon Web Services (AWS)
  • Lead security projects from initial conception through design, testing and implementation
  • Evaluate vendor solutions to ensure they meet technology and cloud standards, as well as all applicable architecture considerations
  • Take part in an after-hours on-call support rotation to implement solutions, patching, and deployment activities after hours as needed
  • Define and lead the design of programs that support and align with cloud-based online service strategies and engineering requirements for evolving security services, mechanisms, and safeguards
  • Develop metrics that demonstrate the current risk state, indicators of progress, and Identity and Access Management (IAM) business alignment
  • Engage with development teams during operational security reviews, providing leadership and security design guidance
  • Monitor technology and security developments to ensure the company’s security framework follows industry best practices
  • Play a key and influential role working with others; in groups, in cross-functional settings, and with diverse stakeholders internally and externally


  • 5-7+ years designing and managing Privileged Access Management (PAM) solutions, such as CyberArk, BeyondTrust, Thycotic or Lieberman
  • 2+ years of experience leading software development projects with aggressive schedules
  • Experience with Amazon Web Services (AWS) is highly preferred
  • Proven analytical thinking, skills in metrics creation and project management, attention to details, and exceptional organizational skills
  • Knowledge of professional software engineering practices and best practices for the full software development life cycle, including coding standards, code reviews, source control management, build processes, testing, and operations
  • Experience leading large security access system upgrades/projects using the Scaled Agile Framework (SAFe)
  • Advanced understanding of standard identity management tools, technologies, and processes
  • B.S. Degree in Computer Science or related IT work experience in a global information technology environment
  • MSCE and CISSP (preferred)

At Whole Foods Market, we provide a fair and equal employment opportunity for all Team Members and candidates regardless of race, color, religion, national origin, gender, pregnancy, sexual orientation, gender identity/expression, age, marital status, disability, or any other legally protected characteristic. Whole Foods Market hires and promotes individuals solely based on qualifications for the position to be filled and business needs.