1-2 days onsite each week
MUST be in NJ, NY, PA Area
Need valid LinkedIn
Possible CTH role
CyberArk SME (full blown security SME) – this is NOT a project manager type position
Job Description
EXPERIENCE IN PAM is a MUST
The CyberArk Solutions Senior Consultant/Engineer will be responsible for leading and planning the design, implementation, engineering, consulting, and training IT resources to manage the Privileged Access Management (PAM) suite within the OIT organization. The individual will act as the CyberArk subject matter expert, reporting to the OIT Identity management (IdM) team and working with the Security Operation Center (SOC), leading teams, providing strategic guidance, and architectural leadership to ensure the security and integrity of critical systems and data.
Scope Of Work Responsibilities
- Technically plan, lead, develop and deploy CyberArk PAM solutions in accordance with industry best practices and organizational requirements.
- Build and design a CyberArk PAM training plan for the identity and access management and SoC teams to help in day-to-day operations.
- Drives planning and execution of the PAM use cases, roadmaps and technology enhancements.
- Prioritize PAM capabilities based on the Client security and business requirements.
- Lead enterprise-wide CyberArk deployments, integrating the PAM suite with multiple platforms and technologies.
- Implement just-in-time and just-enough privilege.
- Work on CyberArk discovery and audit scanner which automatically discovers and analyses any privileged and non-privileged accounts in the Active Directory environment and other platforms (Unix/Linux, Data Base, Azure, Network devices, ServiceNow, DevOps, etc...).
- Develop, engineer and maintain the security architecture for privileged access management across the IT organization and for the Enterprise.
- Create strategies for the management of secrets, password rotation and vaulting, privileged accounts, and session monitoring.
- Collaborate with Client IT, security teams, and business units to understand their needs and incorporate them into the privileged access strategy.
- Configure and maintain CyberArk components including Enterprise Password Vault, Central Policy Manager, Privileged Session Manager, Privilege Elevation and Delegation Management and Application Identity Manager.
- Design, develop and deploy custom solutions to meet specific security requirements using CyberArk APIs and extensibility.
- Partner with IAM (PAM, IGA and AM) core team stakeholders in implementation of processes per the evolving needs of the team and the solutions..
- Develop and document standard operating procedures, system architectures, and configuration guidelines.
- Develop password policies based on the Client’s password policies and best practices.
Required Skills
- Bachelor's degree in Computer Science, Information systems or equivalent work experience in the IT field.
- Work independently, but collaboratively, to meet project objectives.
- Strong experience in administration, configuration and troubleshooting on CyberArk modules: Enterprise Password Vault (EPV), Password Vault Web Access (PVWA), Central Policy Manager (CPM), Privileged Session Manager (PSM), Privileged Session Management Proxy (PSMP), Privileged Threat Analytics (PTA)
- 5 years of experience in PAM solutions with 3+ Years CyberArk experience
- Experience with (Windows desktops, and Servers, RHEL, Solaris)
- Minimum 10 years' experience working it the IT field
- Strong Identity and access management skills (SSO,MFA, SAML,IGA, LDAP, AD, etc.).
- Strong Communication skills.
Preferred Skills
- Experience in Higher Education.
- CyberArk Certification.
- Strong DevOps skills.
%
Focus Area/Tasks
Work with the OIT internal resources
25%
- Document architectural/implementation plan
- Document Scope Use cases for 2024
- Document Scope Use cases beyond 2024
- Documenting Procedures and operational cookbooks
- IdM Business Analyst
- IdM Architect
- SOC lead
50%
Run Discovery ToolOn-boarding OIT RAD enabled services (Servers, workstation, DA, RAD-adm) accounts.Priority of account types
- Human
- Shared accounts used by Human
- Service Accounts (this can be dealt with beyond 2024, but need the guidance written up.
On-boarding for Pilot platforms. This is not a production task, but rather building connectors beyond RAD to gain hands on experience.
- Unix/Linx
- Data Base
- DevOps ( just a guide)
- OIT support staff
- Delegated OUs
- RAD team
- IT Communication
25%
- Create a Training Plan.
- Training IdM/SOC support team to carry day/day operational work
- IdM ( Access Mgmg and RAD)
- SOC
- ISO (?)