PAM Operations - CyberArk Operations L3

Job Description & Summary The Opportunity PwC is looking for an experienced CyberArk operations L3 support engineer, within our Privileged Enterprise Identity and Access Management (PAM) team. This team is part of our IT Services Company, an internal function, that provides support to all PwC firms that comprise the global network of PwC firms. In this role, you will provide hands on Level 3 design, deployment, upgrade and configuration support for CyberArk’s Privileged Access Manager solution. PwC maintains one of the largest deployments of CyberArk’s PAM solution across the globe, in terms of the number of instances deployed including both on-premises and cloud-based deployments. Our PAM team is at the forefront of designing, developing, testing and implementing identity solutions that control and minimize PwC’s attack surface, protect our client’s data and secure our intellectual property. What you will be doing Design, test, deploy, upgrade, configure and operate multiple instances of CyberArk’s Privileged Access Manager solution, hosted on-premises and in the cloud Ability to work in a fast-paced environment with changing and shifting priorities Ability to work non-standard hours including weekends and/or after business hours as required Participates in a shared on-call shift rotation Participate in Program Increment (PI) workshops as part of the Enterprise Identity Agile Release Train (ART) Adheres to operational and service level agreements for the team’s support/assignment queue in ServiceNow Identify and decommission underutilized infrastructure, cloud resources, configurations, policies, etc. Likewise identify where capacity/growth is required to support the service Support the building, migration and replacement of CyberArk component servers (inclusive of Vaults) Configure Vault integration with HSM partitions Joins troubleshooting and major incident calls as required Review system and application logs to identify errors and issues Identify and communicate non-standard or non-compliant configurations Opens and manages support cases on the CyberArk customer portal and bring to resolution Define and configure policies, platforms, safes and onboarded objects/accounts Contribute to and refine high level and detailed design documentation Quality review CyberArk infrastructure components deployments prior to entering service Define and configure monitoring scripts across infrastructure including configuration of alerts in Splunk Conduct and contribute to audits of system configurations and identify gaps for remediation Adheres to ITSM processes (Change, Incident, Problem, etc ) Drafts and edits weekly end-user or service wide impact communications Migrates objects between different instances of CyberArk using established procedures and scripts Configure updated roll-based security models within CyberArk to meet regional compliance requirements Support adoption of an agile “DevOps” approach to CyberArk component and infrastructure deployment Follow appropriate release management practices from Development to Production environments Complete trainings required to operate in PwC operational tools, cloud and DevOps platforms Draft, publish and maintain comprehensive documentation required to design, deploy, configure and operate CyberArk’s PAM solution Draft detailed implementation and backout plans, identify dependencies and coordinate across multiple teams to implement complex changes Meticulously plan changes that minimize or eliminate impact to the CyberArk service Review and understand release notes for CyberArk’s PAM solution Support the remediation of monthly vulnerabilities across CyberArk infrastructure Implement security bulletins provided by CyberArk Supports the patching of physical vault server firmware/drivers and OS Request and replace certificates on CyberArk infrastructure prior to expiration Lead by example and inspire those around you Possess superior organization skills Demonstrate the ability to “manage self” and be independent Be collaborative and a team player Demonstrate strong analysis, critical thinking and problem-solving skills Compare and assess data across different sources and make observations from it Clearly communicate during meetings Articulate your point of view and ideas to improve processes Responsive to emails, chats and requests Escalate issues early before they become problems/blockers Possess clear and concise writing skills Ownership of your “space” (projects, tasks) Demonstrate a natural curiosity to understand PwC technologies and processes and resolve issues Makes a best effort to search for and use all available resources (i.e. knowledge bases, wikis, other staff) at your disposal Inspects and delivers quality work Has a willingness to share lessons learned and share knowledge across the team Builds upon expertise towards advancing the team’s goals and mission Differentiates themself within the team by establishing a “brand” and is seen as dependable and trustworthy Delivers sustained impacted and value Onboards and mentors new team members Provides and requests feedback in real time What we need from you Experience in deploying, upgrading, configuring, operating, administering and maintaining CyberArk’s Privileged Access Manager solution (full suite) University bachelor's degree 4+ years combined experience in designing, deploying, upgrading, configuring, operating, administering and maintaining CyberArk’s Privileged Access Manager solution Experience in configuring logon sequences, CPM plug-ins and PSM connection components Possesses a superior attention to details Possesses interpersonal skills (has an ability to interact and work with customers directly) Experience in using the CyberArk API, PACLI, Export Vault Data utility, Reports, community developed PASReporter tool and psPAS (PowerShell Module for the API) Understands authentication and authorization concepts including LDAP, MFA, Active Directory, SAML and RADIUS Understands Microsoft Active Directory, groups, group policy objects and service accounts Understands identity and access management (IdAM) concepts (i.e. identity system of truth, user provisioning, accounts, entitlements, roles, access certifications, segregation of duties) Knowledgeable of the Network OSI Layers Knowledge of DNS Knowledge of Firewall policies Understanding of Load Balancing and/or Traffic management Understanding of Certificates Experience with Microsoft Windows Server OS and using diagnostic tools (process monitor, event viewer, debug) to troubleshoot Experience with Microsoft IIS Knowledgeable of SMTP Knowledgeable of NTP Knowledgeable of Syslog Familiar with ITIL concepts (i.e. incident, request, change, problem, configuration items) We appreciate the interest shown by all candidates. However, we wish to advise that only suitable candidates will be contacted.