System engineering and management
- Maintain DEV, ITE, and PROD environments
- Ensure all environments are on the latest stable patches for all layers (application, OS, and Security)
- Ensure all environments are healthy, accessible, and functional
- Plan, build, test, implement hardware and software refreshes/upgrades coordinating with appropriate teams
- Partner with vendors as appropriate on issues
Design system/application integrations
- Pilot and evaluate new software/application integrations
- Implement/deliver AOP and Function funded initiatives for myPAM areas
- Identify automation opportunities and gain efficiencies in the myPAM services
- Implement/deliver any assigned PepsiCo special projects (e.g., Workforce reduction)
- Account Management
Drive participation in the myPAM onboarding process to ensure privileged accounts are managed appropriately, and password change requests are completed on time
- Development of connectivity required to facilitate password rotations
- Includes the transparent logon methodology
- Gather/Analyze and document requirements for myPAM area for onboarding new platforms/applications across the Enterprise
- Enhance myPAM onboarding and maintenance processes as appropriate
- Develop/Manage processes to keep myPAM onboarding process/lists evergreen for all sensitive and privileged access for platforms/applications in scope
Provide account management and remediation services for methodologies such as but not limited to the following:
- Superuser Account Password Management (SAPM)
- Application Access Management (AAM)
- DAP (Dynamic Application Provider – formerly Conjur)
- Endpoint Protection Manager (EPM)
- SSH Key Management
- Privileged Threat Analytics (PTA)
- Provide support for PepsiCo's RPA (UiPath) Initiative
Audit Controls
- Update/Maintain myPAM audit controls to align with PepsiCo standards
- Create, manage, maintain quarterly control processes for myPAM area
- Implement and deliver periodic (e.g. Quarterly) controls / processes for myPAM area
- Work with application owners, Controls team, as needed, and ensure myPAM processes are kept up to date
Qualifications
- 7+ years in Privileged Access Management using CyberArk as an Architect/SME
- 10 + years in Identity & Access Management
- Relevant academic education in Engineering, Computer Science, Information Security
- or significant equivalent experience with excellent communication skills and stakeholder management.
Experience with developing, planning, and implementing a large scale enterprise-level CyberArk infrastructure, including but not limited to the following components:
- Enterprise Password Vault (EPV)
- Privileged Session Manager (PSM)
- Password Vault Web Access (PVWA)
- Central Password Manager (CPM)
- Application Access Management (AAM – CP, CCP, and ASCP)
- Dynamic Application Provider (DAP)
- SSH Key Management
- Endpoint Protection Manager (EPM)
- Privileged Threat Analytics (PTA)
Also, should have good experience in managing the privileged accounts in the cloud. Should have knowledge of CIEM.
Knowledge Of The Following Core Concepts
- Principle of least privileged access
- Principle of revocation of rights
- Principle of Just In Time access
Experience With PIM Governance And Compliance, Including The Following
- Performing Privileged Access Reviews
- Compliance Reporting
- Access Control Processes
Experience working with Windows, macOS, and Unix / Linux platforms
Experience working with large-scale, enterprise-level LDAP / Active Directory environments
Experience working with large-scale, enterprise-level SIEM solutions, including but not limited to the following:
Knowledge Of Programming/scripting Disciplines Like The Following
Ability to demonstrate analytical and critical thinking, attention to detail, solution orientation in a fast-paced environment
Good written and oral communication skills in English (other foreign languages well seen)
A team-focused mentality with the proven ability to work effectively with diverse stakeholders
