Overview Overview:
This position will be responsible for engineering and maintenance of PepsiCo Privileged Access solution by keeping upgrades and patches current, troubleshooting and resolving issues with the associated tools, support, implementation, and design authentication systems. This Infrastructure team member will work closely with many different teams and customers to ensure all aspects of privileged accesses are maintained to existing standards.
Responsibilities Responsibilities:
System engineering and management:
- Maintain DEV, ITE, and PROD environments
- Ensure all environments are on the latest stable patches for all layers (application, OS, and Security)
- Ensure all environments are healthy, accessible, and functional
- Plan, build, test, implement hardware and software refreshes/upgrades coordinating with appropriate teams
- Partner with vendors as appropriate on issues
Design system/application integrations:
- Pilot and evaluate new software/application integrations
- Implement/deliver AOP and Function funded initiatives for myPAM areas
- Identify automation opportunities and gain efficiencies in the myPAM services
- Implement/deliver any assigned PepsiCo special projects (e.g., Workforce reduction)
- Account Management
Drive participation in the myPAM onboarding process to ensure privileged accounts are managed appropriately, and password change requests are completed on time:
- Development of connectivity required to facilitate password rotations
- Includes the transparent logon methodology
- Gather/Analyze and document requirements for myPAM area for onboarding new platforms/applications across the Enterprise
- Enhance myPAM onboarding and maintenance processes as appropriate
- Develop/Manage processes to keep myPAM onboarding process/lists evergreen for all sensitive and privileged access for platforms/applications in scope
Provide account management and remediation services for methodologies such as but not limited to the following:
- Superuser Account Password Management (SAPM)
- Application Access Management (AAM)
- DAP (Dynamic Application Provider formerly Conjur)
- Endpoint Protection Manager (EPM)
- SSH Key Management
- Privileged Threat Analytics (PTA)
- Provide support for PepsiCo s RPA (UiPath) Initiative
Audit Controls:
- Update/Maintain myPAM audit controls to align with PepsiCo standards
- Create, manage, maintain quarterly control processes for myPAM area
- Implement and deliver periodic (e.g. Quarterly) controls / processes for myPAM area
- Work with application owners, Controls team, as needed, and ensure myPAM processes are kept up to date
Qualifications Preferred Qualifications:
7+ years in Privileged Access Management using CyberArk as an Architect/SME
9 + years in Identity Access Management
Relevant academic education in Engineering, Computer Science, Information Security
or significant equivalent experience with excellent communication skills and stakeholder management.
Experience with developing, planning, and implementing a large scale enterprise-level CyberArk infrastructure, including but not limited to the following components:
o Enterprise Password Vault (EPV)
o Privileged Session Manager (PSM)
o Password Vault Web Access (PVWA)
o Central Password Manager (CPM)
o Application Access Management (AAM CP, CCP, and ASCP)
o Dynamic Application Provider (DAP)
o SSH Key Management
o Endpoint Protection Manager (EPM)
o Privileged Threat Analytics (PTA)
Also, should have good experience in managing the privileged accounts in the cloud. Should have knowledge of CIEM.
Knowledge of the following core concepts:
o Principle of least privileged access
o Principle of revocation of rights
o Principle of Just In Time access
Experience with PIM governance and compliance, including the following:
o Performing Privileged Access Reviews
o Compliance Reporting
o Access Control Processes
Experience working with Windows, macOS, and Unix / Linux platforms
Experience working with large-scale, enterprise-level LDAP / Active Directory environments
Experience working with large-scale, enterprise-level SIEM solutions, including but not limited to the following:
o Splunk
Knowledge of programming/scripting disciplines like the following:
o PowerShell
o Java
o .Net
- Ability to demonstrate analytical and critical thinking, attention to detail, solution orientation in a fast-paced environment
- Good written and oral communication skills in English (other foreign languages well seen)
- A team-focused mentality with the proven ability to work effectively with diverse stakeholders
,qualifications:
Preferred Qualifications:
7+ years in Privileged Access Management using CyberArk as an Architect/SME
9 + years in Identity Access Management
Relevant academic education in Engineering, Computer Science, Information Security
or significant equivalent experience with excellent communication skills and stakeholder management.
Experience with developing, planning, and implementing a large scale enterprise-level CyberArk infrastructure, including but not limited to the following components:
o Enterprise Password Vault (EPV)
o Privileged Session Manager (PSM)
o Password Vault Web Access (PVWA)
o Central Password Manager (CPM)
o Application Access Management (AAM CP, CCP, and ASCP)
o Dynamic Application Provider (DAP)
o SSH Key Management
o Endpoint Protection Manager (EPM)
o Privileged Threat Analytics (PTA)
Also, should have good experience in managing the privileged accounts in the cloud. Should have knowledge of CIEM.
Knowledge of the following core concepts:
o Principle of least privileged access
o Principle of revocation of rights
o Principle of Just In Time access
Experience with PIM governance and compliance, including the following:
o Performing Privileged Access Reviews
o Compliance Reporting
o Access Control Processes
Experience working with Windows, macOS, and Unix / Linux platforms
Experience working with large-scale, enterprise-level LDAP / Active Directory environments
Experience working with large-scale, enterprise-level SIEM solutions, including but not limited to the following:
o Splunk
Knowledge of programming/scripting disciplines like the following:
o PowerShell
o Java
o .Net
