Do you have experience with BeyondTrust Endpoint Security?

Do you have Experience designing and implementing EPM policies, rules, and configurations?

Great! Please read on as we have a job for you

Join a global, product‑led tech company as a Contract Security Engineer focused on Privileged Access and Endpoint Privilege Management. You’ll sit within the central Security / Identity & Access Management (IAM) function and take ownership of deploying and configuring a new BeyondTrust EPM solution across the organization. 

You’ll be part of a small, specialist squad (Security + IT) driving a phased rollout, defining and tuning policies, automating where possible, and helping to establish best practices that will be adopted by IT, business teams, and a large engineering organisation. 

This is an initial 6‑month B2B engagement with a potential for extension.

Your Tasks Will Include: 

• Lead the deployment and configuration of BeyondTrust Endpoint Privilege Management (EPM) across the organization  
• Design, implement, and fine‑tune EPM policies, rules, and configurations for different user groups and environments  
• Work with Security / IAM / IT to plan and execute a phased rollout with early adopters, business teams, and then engineering  
• Collaborate with internal stakeholders to gather feedback on the rollout and adjust policies and settings accordingly  
• Create and maintain documentation which includes configuration guides, runbooks, deployment procedures, and best practices  
• Contribute to testing and validation of EPM policies to minimise user disruption while maintaining strong security controls  
• Identify opportunities to automate deployment, configuration, and ongoing management (e.g. via scripting in PowerShell, Bash, Python, etc.)  
• Monitor progress against agreed project timelines and milestones, escalating risks or blockers when needed  
• Work closely with the wider Identity & Access Management team to align EPM configuration with existing IAM standards and processes  
• Provide knowledge sharing and basic enablement to internal teams on how to work effectively with the new EPM solution  

To be a good fit for the Security Engineer role, you will have:

• Minimum of 1 years experience deploying, configuring, and managing policies with BeyondTrust Endpoint Privilege Management (EPM) in a production environment  
• Good understanding of identity and access management concepts, particularly for human identities and endpoint controls
• Proven ability to design, implement, and tune security policies for different user groups (IT, business users, engineers) while balancing usability and security
• Practical experience working with IT, security, or IAM teams in a corporate environment
• Scripting and/or automation skills in at least one language (e.g. PowerShell, Bash, Python or similar), used to support deployment, configuration, or ongoing management
• Ability to create and maintain clear technical documentation (configuration, runbooks, guidelines, best practices)
• Strong English communication skills, both spoken and written
• Proactive, ownership‑driven working style, able to drive tasks independently once goals and direction are set

Nice to have

• Experience with .NET and full‑stack development (back‑end, front‑end, DevOps) and interest in contributing more broadly to engineering work if the contract is extended
• Experience with Azure and automation around cloud or endpoint tooling
• Approximately 1–2+ years working with similar EPM/PAM solution (One Identity or CyberArk)

What’s in it for you:

• Impact from day one where you’ll own a high‑visibility security project, rolling out a new Endpoint Privilege Management platform that directly improves the organisation’s security posture.  
• Hands‑on work with BeyondTrust EPM, with the freedom to influence how it’s implemented, configured, and operated.  
• Work fully remotely from Poland with a B2B contract, with only occasional in‑person meetings if needed.  
• Work in a small, focused squad with direct access to decision‑makers, minimising bureaucracy and helping you move quickly.  

Sounds interesting?  Send us your CV by applying to this page

The provision of personal data by you is fully voluntary and the basis for their processing is your consent. We have prepared some necessary information, you can find in document: "Information regarding the processing of your personal data". There you will find how your Personal Data is being processed and what your rights are in connection to this.

The personal data will be processed by Sowelo Consulting spółka z ograniczoną odpowiedzialnością with its registered seat in Cracow (LLC) registered in National Court Register (KRS) under no. 0000671136, our Employees and Subcontractors (jointly referred to as the Company).

Sowelo Consulting sp. z o.o. (LLC) is entered in the register of employment agencies under the number: 35288

Our candidate selection process relies entirely on human judgment. We explicitly avoid using automated screening algorithms or AI-driven scoring systems for any part of the assessment. Every single profile is reviewed personally by our experienced recruiters, ensuring a thorough and unbiased consideration of your fit.

IT Recruitment Poland | Executive Search | Recruitment Process Outsourcing