Security Engineer - Privileged Access Management & PKI
Pleasanton, CA

Job Description

As a part of our technology organization, you will have the opportunity to build next generation solutions that will transform the way our customers interact with our family of iconic brands. Our team employs a DevOps model, allowing our product teams to have full ownership of design, build and operate with immense scale. From distributed computing, to artificial intelligence, mobile, big data and cloud computing, you will have the opportunity to build a career that allows you to make an impact all while learning new technical and leadership skills. We are inspired by new challenges and push ourselves to create what's next in this dynamic industry. Come join this diverse team and grow with us.

GapTech InfoSec is looking to hire a Security Engineer (PAM/PKI) to expand its Secrets & Certificate Management Program. The PAM/PKI Engineer will be joining the Identity and Access Management group and will design, develop, implement, support and build user adoption for the Secrets/Certificate Management program. This position provides a great opportunity for a mid-level engineer to be part of a team of experienced engineers in a fast paced, dynamic environment and hone their skills in one of the hottest areas within Information Security.

* The PAM/PKI Engineer is expected to design software solutions independently and as part of a team. Typical solutions consist of customizable COTS products, custom developed modules and integrations with existing systems.


* The PAM/PKI Engineer should be able to design solutions that would meet the functional, performance, security and operational requirements of the solution.


* The PAM/PKI Engineer is expected to work with product vendors, architects and/or Security SMEs to apply best practices and organizational security requirements in to the design of the solution.


* The PAM/PKI Engineer will proactively identify areas of improvement or enhancements of the solution.


* The PAM/PKI Engineer is expected to be hands-on and build technical solutions that would include installing pre-packaged software, configuring COTS solutions or coding custom solutions. Though the position is not a developer position, development experience is helpful.


* The PAM/PKI Engineer is expected to configure/develop integrations with a variety of end points including Windows, Mac, Linux Servers/Workstations, Network devices, mobile devices and Cloud IaaS/PaaS/SaaS systems.


* The PAM/PKI Engineer is expected to manage implementation efforts including change management, coordination with infrastructure teams, orchestration of the implementation plan and implementation related communications.


* The PAM/PKI Engineer is expected to perform impact analysis for new implementations.


* The PAM/PKI Engineer is expected to perform administration of the PAM/PKI solutions and underlying infrastructure components.


* The PAM/PKI Engineer is expected to perform regular maintenance of the solution including product upgrades and patching underlying infrastructure.


* The PAM/PKI Engineer is expected to report Key Performance Indicators (KPIs) of the PAM/PKI solution on a periodic basis.


* The PAM/PKI Engineer is expected to be responsible for monitoring and maintaining slated SLAs of the PAM/PKI systems, with assistance from supporting teams.


* The PAM/PKI Engineer is expected to troubleshoot issues, perform Root Cause Analysis (RCA) and provide guidance to other supporting teams.


* The PAM/PKI Engineer is expected to handle escalations from other supporting teams for end user support and enhancement requests.


* 8 years of experience as a Security Engineer working on Secrets Management/Privileged Access Management Solutions - Thycotic Secret Server, BeyondTrust, CyberArk, Centrify or other PAM solutions


* 2 years of experience working with DevOps secrets management tools like HashiCorp Vault, Conjur, Chef Vault.
* 3 years of experience working with REST APIs.


* 3 years of experience working in Identity & Access Management and familiarity with IAM Tools and Processes.


* 2 years of experience working with Cloud IaaS/Paas, preferably Azure and O


* Hands-on expert level experience in a PAM solution like CyberArk, Thycotic Secret Server, BeyondTrust, Centrify etc


* Extensive knowledge of Active Directory, LDAP and directory services


* Experience with IAM Technology/Tools - IDM, MFA, SSO


* Cloud Experience - Azure and OCI


* Development experience - Java, .Net or Server Side JS


* CLI/Scripting - Windows/UNIX commands and Powershell/Bash or Python


* Experience with SIEM tools - Splunk preferred. Ability to detect anomalies and threats.


* Encryption Keys/ SSH Keys/ Key Rotation


* Ability to deliver results with minimal guidance


* Ability to communicate ideas effectively to team members


* Ability to multi task, change focus based on prioritization, work in a high-pressure, fast-moving environment


* Good written and verbal communication skills.


* Ability to influence the strategy in the PAM/PKI space by consistently comparing current processes with regulatory requirements and current industry best practices


* Bachelor degree in Computer Science/engineering or equivalent
* Security certifications: CISSP, CISM, CISA, CEH, etc. preferred