Security Engineering - PAM - Secrets

SALARY: $150K - $160K plus 15% bonus

LOCATION: CHICAGO

Secrets and privileged access management hardware security modules HSMs integrating secrets management PKI sessions management python ansible terraform and YAML HSMS MS PKI Hashicorp vault CyberArk AIM PSMP PVWA CPM vault leveraging APIs cryptographic operations

As a member of the Secrets and Privileged Access Management team you are responsible for applying skills and knowledge to perform functions for Privileged Access and Secrets Management solutions, Hardware security modules (HSMs), and encryption practices. You must ensure to take a security first approach when deploying or integrating Secrets Management, PKI, Sessions Management, or authentication integrations under the team's purview using agile methodology.

Primary Duties and Responsibilities:

To perform this job successfully, an individual must be able to perform each primary duty satisfactorily.

• Design, document, deploy, and support PAM solutions supporting vaulting, session management, hardcoded credential removal, and support integrations with PAM solution for secure secrets management supporting app-to-app communication.
• Design, document, develop, and support PAM integrations to support automated password rotations and establishing secure sessions through jump host solution.
• Design, document, implement, and maintain our Certificate Authority PKI infrastructure.
• Ensure certificates are correctly issued, renewed, and revoked as necessary.
• Implement and manage certificate templates and revocation configurations.
• Implement, configure, and maintain HSMs to support PKI operations.
• Work with vendors to ensure systems are patched and up to date.
• Address and troubleshoot issues related to PAM, PKI, and HSM solutions.
• Implement and manage encryption tools and software.
• Ensure team solutions are monitored following best practice.
• Proficient in using Scripting and automation skills to convert manual maintenance and audit functions into orchestrated automation.
• Track and execute work following agile best practices with self-motivation to bring a task from ideation to implementation.
• Ability to operate in a highly regulated complex operational environment and collaborate with internal SMEs required to maintain and mature the PAM program.
• Document, review, and update run books supporting Secrets and Privileged Access Management solutions.
• Develop and maintain encryption standards, practices, and solutions.
• Develop and maintain documentation related to PAM policies, procedures, and configurations.

Qualifications:

• Experience with enterprise PAM tools and technologies such as various CyberArk and HashiVault components and underlying infrastructure supporting those technologies.
• Experience with various integration techniques for Secrets Management and Privileged Management to target systems such as databases, directories, and applications.
• Experience with Microsoft certificate authority PKI infrastructure.
• Experience with hardware security modules (HSMs).
• Experience with Python, Ansible, Terraform, and YAML packages.
• Requires in-depth knowledge of PAM and Secrets Management best practices.
• Requires in-depth knowledge of encryption algorithms, protocols, and best practices.
• Working knowledge of system monitoring techniques and tooling.
• Working knowledge of the cloud ecosystem and CI/CD deployments with Terraform, Ansible, and Jenkins pipelines.
• 5+ years of experience with PAM tools and technologies.
• 3+ years of experience in PKI infrastructure including Microsoft Certificate Authority.
• Bachelor's degree in computer science, Information Technology, or related field.

Technical Skills:

• Hands on deployment, management, and troubleshooting experience with HSMs, MS PKI, HashiCorp Vault, and all CyberArk components (AIM, PSM/P, PVWA, CPM, VAULT).
• Hands on experience leveraging APIs.
• Knowledge of cryptographic operations, secure key storage, and key life cycle management with HSM and encryption tools.
• Knowledge of end-to-end encryption, data at rest, and data in transit protection methodologies.
• Ability to interpret logs and events related to PKI, HSMs, encryption, and PAM activities.

Education and/or Experience:

• 5+ years of experience with security engineering activities and testing.
• 5+ years of experience with privileged access management platforms.
• 3+ years of experience with HSM, PKI, Microsoft Certificate Authority.
• 2+ years of experience with DevOps/DevSecOps (eg, GitOps, Version Control, RESTful APIs)
• 2+ years of experience with cloud architecture and deployments.

Certificates or Licenses:

• CyberArk Defender, Sentry, or Guardian
• HashiCorp Certified: Terraform Associate
• HashiCorp Certified: Vault Associate
• Certification Information Systems Security Professional (CISSP)
• AWS Certified Security Specialty
• CompTIA Security+
• Microsoft Certified: Security Engineer Associate