SW Eng - Cloud Technologies_PAM Engineer

Short company description

Euro-Testing Software Solutions is involved in software consulting, having experience of approx. 20 years on the market in Romania and abroad, through specific IT solutions and services offered in the following areas:

• Software Testing (manual testing, testing automation, performance testing, outsourcing, training and certification, etc.)

• Cyber ​​Security

• DevOps/DevSecOps

• Implementation and Customization of Atlassian & OpenText products (MicroFocus) and other niche products/solutions

• AI based Decision Intelligence solutions.

Requirements

Essential Skills & Experience (Must Have)
• Hands on experience with CyberArk Secure Cloud Access (SCA).
• Hands on experience with CyberArk Secure Infrastructure Access (SIA).
• Proven experience delivering cloud based privileged access in Azure and/or AWS.
• Strong understanding of: Web based console access (HTTPS), Ephemeral access models, Credential lifecycle and password rotation
• Experience with approval driven access and governance workflows.

Desirable Experience
• Integration of CyberArk with ServiceNow
• API driven automation (PowerShell, Python)
• Experience with managing database technologies and applications
• Experience with Secrets Rotation Service (SRS)
• Experience in regulated or audit driven environments
• Exposure to GCP environments
• Broader CyberArk PAM SaaS experience

Ideal Candidate Profile
• Senior CyberArk engineer with real world SCA and SIA delivery experience
• Comfortable operating across access models and protocols
• Strong design to build capability
• Able to lead PAM access patterns in complex cloud environments

Responsibilities

We are seeking a highly skilled CyberArk PAM Engineer with hands on experience with CyberArk Identity Security Platform Shared Services (ISPSS), Secure Cloud Access (SCA) and Secure Infrastructure Access (SIA) to build and operate a comprehensive privileged access capability for Public Cloud environments.
A working knowledge of Secrets Rotation Service (SRS) & Secure Web Sessions (SWS) would be beneficial.
A successful candidate will work alongside:
• Network Engineers responsible for establishing connectivity
• Cloud, Identity and Security teams responsible for Public Cloud policy
• System Integration and Vendor partners responsible for delivering a design, best practice recommendations and delivering some elements of the delivery roadmap
To deliver PAM Service Offerings that can be consumed by all Application and Infrastructure Teams. Key deliverables include:
• Use CyberArk SCA to manage Console/Portal and Command Line access to Azure & AWS
• Use CyberArk SIA to manage Zero Standing Privilege RDP and SSH access to virtual machines in Azure & AWS. Managing Database access in Azure & AWS would be beneficial.
This role is accountable for CyberArk configuration, integrations, policy and operational behaviour.

Secure Cloud Access (SCA)
• Build and operate CyberArk Secure Cloud Access (SCA)
• Enable secure, audited cloud console and command line access to: Azure – Azure Portal and cloud-native access paths; AWS – AWS Console and CLI
• Configure: Identity based access, Time bound and approval based access, Session recording and audit controls
• Define and document SCA policy patterns aligned to least privilege and JIT access.
• Onboarding must be highly dynamic, automated wherever possible and self-service where not.

Secure Infrastructure Access (SIA) – Ephemeral Access (ZSP)
• Build and operate CyberArk Secure Infrastructure Access (SIA).
• Enable secure, audited cloud virtual machine access via RDP & SSH to: Azure, AWS
• Use Zero Standing Privilege wherever possible and vaulted credentials where not.
• Configure: Connector Servers, Connector Management Agents, Supporting software, Management Pools and Network IDs
• Onboarding must be highly dynamic, automated wherever possible and self-service where not. This will require working closely with the PAM Developers to define the workflows required for Terraform automation.

Access Policy & Credential Management (SIA) - essential skills
• Define and implement SIA policies, platforms and plugins for: RDP, SSH

Access Policy & Credential Management (SIA) - desirable skills
• Define and implement SIA access policies for: MSSQL, Oracle, PostgreSQL
• Where Vaulted Credentials are used, design and deploy password rotation controls via Secrets Rotation Service for: Windows platforms, Linux platforms
• Create scripts to enable efficient handling of operational activities, e.g. bulk password change API scripts

Identity, Approvals & Governance
• Use CyberArk native approval workflows to control access to privileged accounts in the first instance
• Work closely with the PAM Developers to define workflows required for approval to be provided via ServiceNow to provide access in CyberArk (via CyberArk Flows or other suitable tools).
• Integrate privileged access workflows with ServiceNow for: Approval traceability, Audit evidence
• Support compliance, assurance and audit activities.
• Produce and maintain: Design documentation, Onboarding patterns, Configuration standards, Runbooks and SOPs

Other info

CyberArk Capabilities - Essential:
• CyberArk Identity Security Platform Shared Services (ISPSS)
• Secure Cloud Access (SCA)
• Secure Infrastructure Access (SIA)

CyberArk Capabilities - Preferred:
• Secrets Rotation Service (SRS)
• Secure Web Sessions (SWS)

• Hybrid, 1 day per week at the office (Cluj or Bucharest)
• UK working hours, possible in weekend for implementation
• 2 interviews: tech and project people
• Contract for 6 months with possibility of extension