• CyberArk / PAM Engineer [Remote]

    BAE Systems (Falls Church, VA)


    Job Description

    BAE Systems, Inc. is seeking a CyberArk Privileged Access Management (PAM) Engineer to join our Identity Services organization, supporting the Directory Services, Certificate Management, and Privileged Access Management (DCP) team. This role focuses on hands-on engineering and operational support of our CyberArk PAM platform and CyberArk Endpoint Privilege Manager (EPM) for Linux, working alongside other engineers.

     

    The ideal candidate has practical experience supporting CyberArk in production, is comfortable troubleshooting complex issues, and understands how PAM operates within regulated and compliance-driven environments.

    Responsibilities:

    + Support and administer CyberArk PAM components including EPV, CPM, and PSM/PSM-SSH

    + Onboard and maintain privileged accounts for Windows, Linux, service accounts, and applications

    + Support CyberArk vault operations, including clustered vault configurations, health monitoring, and troubleshooting

    + Assist with platform upgrades, patching, and operational testing activities

    + Provide Tier-2 / Tier-3 support for PAM-related incidents and requests

    + Support CyberArk EPM for Linux

    + Support audits and compliance activities by producing required evidence and documentation

    Required Education, Experience, & Skills

    + **Bachelor's Degree and 4 years work experience or equivalent experience**

    + **4 years of experience with IT, including identity access management, privileged access management, and/or security-related behavior monitoring.**

    + 2 years of hands-on experience supporting on-premises CyberArk PAM

    + Working knowledge of Linux operating systems and SSH-based access

    + In-depth knowledge of the various CyberArk architecture components (Vault/EPV, DR Vault, PVWA, PSM, CPM).

    + Experience with CyberArk Rest API and credential provider (CCP/CP) components.

    + Experience with troubleshooting issues with Vault, PVWA, CPM, and PSM component servers (including gathering various CyberArk logs, diagnosing firewall or network-related issues, etc.).

    + Experience working with large teams to understand requirements and translate them into CyberArk safes, platforms, etc.

    + Knowledge of the following areas: Active Directory/LDAP management, PKI, MFA, Identity Governance, SSO.

    + Strong analytical and problem-solving skills, ability to learn new concepts quickly.

    + Self-motivated with excellent interpersonal skills, strong work ethic, highly effective communicator, excellent organizational skills

    Preferred Education, Experience, & Skills

    + 2 years of experience with COTS Identity Access Management tools (e.g. Micro Focus Identity Applications, SailPoint)

    + Experience with CyberArk Endpoint Privilege Manager (EPM) for Linux and/or Windows

    + Experience using ServiceNow for incident/change/request workflows

    + Experience with SIEM tool, preferably Splunk.

    + Experience with technical writing to create process documents, training, and formal documentation for compliance/audits.

    + Experience with Visio to create workflows, architecture drawings, etc.

    + Knowledge of scripting and/or programming languages including PowerShell, JavaScript, and/or Python.

    + Experience developing or customizing PSM and CPM plugins

    + AutoIT experience for PSM plugin development

    + Knowledge of compliance regulations including, but not limited to, CMMC and FedRAMP

    + CyberArk Defender, Sentry, and/or CISSP certification

     

    Pay Information

     

    Full-Time Salary Range: $95106 - $161680

     

    Please note: This range is based on our market pay structures. However, individual salaries are determined by a variety of factors including, but not limited to: business considerations, local market conditions, and internal equity, as well as candidate qualifications, such as skills, education, and experience.

     

    Employee Benefits: At BAE Systems, we support our employees in all aspects of their life, including their health and financial well-being. Regular employees scheduled to work 20 hours per week are offered: health, dental, and vision insurance; health savings accounts; a 401(k) savings plan; disability coverage; and life and accident insurance. We also have an employee assistance program, a legal plan, and other perks including discounts on things like home, auto, and pet insurance. Our leave programs include paid time off, paid holidays, as well as other types of leave, including paid parental, military, bereavement, and any applicable federal and state sick leave. Employees may participate in the company recognition program to receive monetary or non-monetary recognition awards. Other incentives may be available based on position level and/or job specifics.

     

    CyberArk / PAM Engineer [REMOTE]

    119581BR

    EEO Career Site Equal Opportunity Employer. Minorities . females . veterans . individuals with disabilities . sexual orientation . gender identity . gender expression