Cyberark & Pki Engineer

Job Description

We are seeking a Public Key Infrastructure (PKI) and CyberArk Engineer to support our enterprise PKI/CyberArk services. You will be responsible for engineering and supporting the enterprise solutions that enable the management and monitoring of these services. Your understanding of distributed systems, cloud computing, and secure development will enable you to analyze, design, develop, and operate the PKI/CyberArk infrastructure at peak efficiency across UMG's diverse global environment. You will be a team player working to expand and mature the integration of our PKI/CyberArk solutions with enterprise applications, dev-ops, implementation, day-to-day administration, and operations teams.

How you'll CREATE:
• Implement/support PKI infrastructure within the organization, including Keyfactor Command platform
• Consult with other members of project team and end users to identify PKI requirements and develop requirements documentation
• Contribute to the technical direction on all areas of PKI architecture, including policies, standards strategies, automation, and governance. Complete documentation as required in support of this.
• Provide guidance to key stakeholders on PKI lifecycle, processes, and procedures.
• Monitoring systems and processes, performing system health checks, maintaining system logs, and troubleshooting of system problems including hardware, application, and operating system related issues
• System/network certificate management
• Management of all certificates and keys, including providing private key recovery and certificate revocation functionality
• Implement certificate-based authentication for both logical and physical access
• Successfully adhere to implementation schedules for system deployments and improvements following defined change control processes
• Ability to brief senior leadership on all PKI related projects and events
• Using your expertise in CyberArk and background in identity and privilege access management, evaluate/update and make recommendation for UMG's CyberArk installation.
• Train others on the features and best practices of CyberArk, creating a secure, sustainable, and highly automated environment that meets UMG's requirements across all on-prem and cloud-based footprints.
• Apply expertise in the configuration of the CyberArk platform, including conducting routine solution maintenance, monitoring the health of the platform, and conducting daily proactive monitoring of the CyberArk production environment.
• Automate processes across the CyberArk products
• Monitor CyberArk and support any break/fix, upgrades, patches, and performance or integration related issues.
• Create automated periodic reports as required, and address any discrepancies found.
• Support critical CyberArk functions, including maintenance, patch identification and publication, and upgrades of CyberArk and related modules.
• Maintain responsibility for privilege user incident management support, user acceptance testing of privilege accounts, load testing, performance testing, and validation testing of the CyberArk solution.
• Maintain & support CyberArk on a daily basis, troubleshooting Vault, CPM, PTA, PSM/PSMP, PVWA, LCD/EPM issues as required.
• Resolution of trouble tickets including password rotations, password malfunctions, account creations, account changes, scheduling.
• Collaborate to define access control, user entitlements, and user access policy management
• Collaborate to develop, execute and be accountable for overall project plan and timelines for key CyberArk program deliverables.
• Work with development teams on integration with UMG's PAM solutions

Bring your VIBE:
• Subject matter expertise for certificates and implementation & operation of PKI, with 5+ years of hands-on use in a global enterprise
• Subject matter expertise for Key Management and Certificate enrollment/revocation processes.
• Fluency in security & encryption terminology
• Problem solving and troubleshooting of complex issues.
• Experience with implementation/administration of Microsoft AD Certificate Services (ADCS)
• Experience managing PKI for end-user devices via MDM (Microsoft Intune, Jamf, etc.)
• Experience implementing certificate management solutions such as Keyfactor Command, Venafi Trust Protection Platform
• Experience with administration of public SSL/TLS certificates (DigiCert, Entrust, etc.)
• Experience preparing detailed architecture, design documents, authoring Certificate Polices and Certification Practice Statements (CP/CPS)
• Holistic view of IAM (Authentication and Authorization Data, Endpoint Security, Network Security, Policy Engine)
• Experience with alphabet soup, including OCSP, Microsoft PKI, EJBCA, SAML, Oauth, SSO, Federation, TLS/SSL, AD, ADFS, LDAP, PKI/PKE VPN encryption frameworks
• 5 - 7 years of professional work experience in a related field such as Public Key Infrastructure, Infrastructure IT (Systems Administration, Network Administration Windows/Linux OS, Network Administration, Active Directory and/or Virtualization).
• CyberArk Expertise (administration, configuration, implementations, designs, and troubleshooting)
• Minimum of 5-7 years directly related experience in CyberArk toolset, including Vault, CPM, PVWA, PSM, and PTA
• Experience in Privileged Account Management with CyberArk PIM Administration
• Extensive experience in implementation and integration of CyberArk's Privileged Identity Management (PIM) Suite
• Advanced experience with script development (PowerShell/Python preferred)
• Experience with PAM tasks – Defining Access Control, User Entitlements, Manage Applications Credentials, User Access Policy Management.
• Able to work with confidential and sensitive information, maintaining confidentiality.
• A high level of technical ability for diagnosis, troubleshooting and problem analysis with the ability to clearly communicate the results of problem analysis to business stakeholders, IT support teams, and network providers to quickly and effectively resolve issues.
• Self-starter/self-directed, able to multitask work and with minimum supervision. 
• Team player with Passion, drive, energy, a sense of humor, and a can-do approach!
• Bachelor's Degree in Computer Science, Engineering, Network Security or related field
• Demonstrated excellent technical writing skills and project/program management experience
• IT Certifications including CyberArk Defender/Sentry, Microsoft Certification specialization in Identity Management, CISSP, AWS, GCP, and ITIL v3 Foundations certifications
• International experience beneficial; multiple language skills a plus

Perks Playlist:
• Be part of an entrepreneurial, global organization that values authenticity, drive, creativity, relationships, and a competitive spirit
• Comprehensive medical, dental, vision, and FSA options, as well as:
• 100% coverage for out-patient mental health services
• Wellbeing reimbursements for fitness classes, spa treatments, meal services, travel, and so much more (up to $720/year)
• A lifetime fertility support allowance of $30,000 to plan participants
• Student Loan Repayment Assistance and Tuition Reimbursement
• 100% immediately vested 401(k) match on the first 5% of your contribution on eligible compensation
• Variety of ways to prioritize much-needed time away from work including:
• Flexible Paid Time Off (PTO) for exempt employees
• 3-weeks PTO for non-exempt employees


[more...]

Jobcode: Reference SBJ-gpq6v0-3-145-74-54-42 in your application.