Senior Security Engineer - PAM CyberArk

Job Description - Senior Security Engineer - PAM CyberArk

• Key contributor to the strategy, design, and management of the enterprise IAM program.
• Establish strategy, architecture, designs and drive the execution of PAM technologies
• Identify the tools and techniques to translate needs and future goals into a plan that will enable secure and effective solutions
• Develop and execute overall project plan and timelines for key deliverables. Define access control, user entitlements, and user access policy management
• Translate high level requirements into detailed technical designs, and lead design sessions
• Build a strong PAM foundation. Design PAM processes to enforce least privilege in a transparent way and identify opportunities for improvements
• Work across functions to improve IAM solutions to enhance compliance requirements and best practices
• Develop documentation to support ongoing PAM solution operations, maintenance and specific problem resolution
• Apply expertise in the installation and configuration of the PAM platform, including conducting routine solution maintenance, monitoring the health of the platform, and conducting daily proactive monitoring
• Proactively identify and resolve challenges and issues that may impair the team's ability to meet strategic, business, and technical goals
• Establish session isolation and controls for privileged identities including Privileged Access Workstations
• Work closely with technology and business stakeholders across organization

• Completion of a High School Degree or equivalent required; Bachelor's Degree preferred or years of equivalent work experience required

• 8+ years' experience designing, implementing and managing Privileged Access Management (PAM) solutions, such as CyberArk, BeyondTrust and Thycotic
• Extensive experience with PAM administration, configuration, implementation and design
• Deep understanding of Disaster Recovery and Business Continuity configurations. Ability to design concepts of technical product components, such as vaults, safes, session managers, key managers, credential providers
• Experience with privileged access controls in Unix, Windows, Linux and Oracle platforms
• Proficient with scripting in JavaScript, Python, PowerShell and / or one or more additional scripting languages
• Experience in performing Privileged Access Reviews, Compliance Reporting, Access Control Processes and other associated tasks with Privileged User Management
• Experience with broader IAM ecosystem of directories, identity management, and access management controls
• A high level of technical ability for diagnosis, troubleshooting and problem analysis with the ability to clearly communicate the results of problem analysis to business stakeholders
• Skilled in Active Directory concepts, including users, computers, groups, policies
• Understanding of Role Based Access Control, SOD and Access Certification
• Experience with Linux and Windows Operating Systems
• Solid understanding of database architecture and concepts
• Knowledge of agile processes and workflows

• Knowledge of SailPoint IdentityIQ (Compliance Manager, Lifecycle Manager, Password Manager, ServiceNow Integration Modules. PAM Integration Module)
• Experience with Access Management Products (Okta/Ping/ForgeRock etc.). Understanding of protocols, services, and traffic flows for authentication
• Experience with Cloud technologies (Google Cloud Platform, Azure or AWS)
• Understanding of cloud computing architecture, technical design and implementations, including Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS) delivery models
• Ability and willingness to develop creative solutions to business problems and work well within a team environment
• Must have good communication and collaboration skills
• Solid diagnostic, testing, and problem-solving skills
• Good organizational and time management skills
• Must be team-oriented and able to collaborate across many participating teams
• Cybersecurity certifications such as CISA, CISSP (optional)