Logo
ITmPowered

Sr. CyberArk Administrator (BHJOB22048_724)

ITmPowered, Denver, Colorado, United States, 80285


CyberArk Administrator– ITmPowered Consulting

The CyberArk Security Administrator position will support the Medical Device Cybersecurity program mission of risk reduction. Provide CyberArk Engineering expertise for the program buildout and enterprise expansion of CyberArk plugins across the medical device landscape. Drive CyberArk plugin Engineering solutions for numerous medical device types (with multiple versions in each). Gather and document CyberArk requirements for an array of medical device types. Translate those requirements to CyberArk for design and engineering. Test CyberArk plugins on an array of medical device types in QA and integration environments. Engineer CyberArk solutions and document CyberArk runbooks for broad Engineering adoption and support enterprise wide.

Key Responsibilities:

Work with key stakeholders to extend the CyberArk solution to integrate with medical device types.

CyberArk Engineering, installation and configuration of CyberArk plugins aligned to Medical Device scenarios.

Gather CyberArk Plugin requirements for 60 medical device types (with multiple versions in each)

Work with Medical Device Cybersecurity, IAM and Security Engineers, Infrastructure Teams, Network Security Engineers to ensure CyberArk and CyberArk plugins are developed, installed, tested, and configured correctly.

Design, engineer, and upgrade and customize CyberArk CPM and PSM plugins and connectors.

Creating and managing CyberArk Platforms, Policies and Safes

Plugin testing and validation with vendor created plugins.

Integrate Splunk with CyberArk to monitor Vault, PSM, CPM logs.

CyberArk Engineering support for the Medical Device Cybersecurity program across the CyberArk PAS solution, including the Enterprise Password Vault (EPV), Central Policy Manager (CPM), Password Vault Web Access (PVWA), Privileged Session Manager (PSM) and Privileged Session Manager Proxy (PSMP)

May include necessary configuration of the Application Identity Manager (AIM) including the Central Provider (CP) and Application Service Credential Provider (ASCP)

Configure CyberArk Enterprise Password Vault, Password Vault Web Access (PVWA), PrivateArk Client, Endpoint Privilege Manager (EPM), Central Password Manager (CPM), Privileged Session Manager (PSM)

Responsible for Privileged User account engineering for various platforms; Windows, UNIX, LDAP, Databases

Integrating service accounts through the AIM solution & integrating various platforms such as different LDAP providers, Windows servers, UNIX servers, Databases, networking, and medical Devices with CyberArk.

Run Entitlement and Safe-specific filtered Reports from the PVWA and Private Ark Client.

Scripting of CyberArk management through PowerShell via APIs

Engineering Custom API build for CyberArk AIM Client

Create Shell scripts to bulk create safes and automate permissions to user accounts, AD groups, and Safes.

Write PowerShell scripts to perform health check of the Vault.

REQUIRED SKILLS AND EXPERIENCE:

Extensive CyberArk experience includes engineering, installation, configuration, architecture and design of CyberArk (PVWA, PSM, CPM, AIM/AAM, PSMP, PTA, Vault & DR) PAM Solution.

CyberArk Engineering of CPM plugins and PSM Connectors using Plugin Generator Utility, CPM, PSM, CLI.

Experience with requirements, processes, procedures, and deployment of custom CyberArk plugins.

Proficient in CyberArk CPM/PSM plugin’s

Experience in creating custom connections for non-standard devices.

Experience with creating custom PSM or CPM connectors (via AutoIt, CyberArk Plugin Generator Utility, etc.)

Experience working with large teams to understand requirements and translate them into safes &platforms.

Experience with SIEM tool, preferably Splunk

Knowledge of; Active Directory/LDAP management, JDBC, PKI, MFA, PAM, Identity Governance, SSO

In-depth knowledge of the various CyberArk architecture components (Vault, DR Vault, PVWA, PSM, CPM) Experience with CyberArk Rest API for ad-hoc operational tasks and/or developing tools/integrations Experience with troubleshooting issues with Vault, PVWA, CPM, and PSM component servers (including gathering various CyberArk logs, diagnosing firewall or network-related issues, etc.).

Knowledge of scripting languages including PowerShell, Bash, Python, JavaScript, Perl

CyberArk Certifications; CyberArk Certified Delivery Engineer (CDE) Defender, Sentry, or Guardian.

Knowledge or experience with Active Directory, LDAP, DB, network devices

Working knowledge of CyberArk Privileged Access Security, Windows Server, Cloud Environment, Active Directory, PowerShell

Windows and Linux system administration

Experience with Agile / SCRUM methodologies – backlog grooming, stories, storypoint estimation, Standups, burndowns, velocity and related tools – JIRA, Confluence, etc.

Effective verbal and written communication skills that include the ability to describe highly technical concepts in non-technical terms.

The Perks:

Comprehensive medical, dental and vision plans for you and your dependents

401(k) Retirement Plan with Employer Match

Competitive Compensation

Collaborative and cool culture

Work-life balance

Logistics:

Local Denver resources only. No relocation provided.

Will be remote primarily but must be able to come into DTC office periodically after COVID Abates.

No sub vendors. No sponsorship available.

#J-18808-Ljbffr