Senior CyberArk & RSA Engineer

MatchPoint Solutions
Maryland Heights, United States of America
10 days ago

Role details

Contract type
Temporary to permanent
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior
Compensation
$ 156K

Job location

Remote
Maryland Heights, United States of America

Tech stack

Microsoft Active Directory
Backup Devices
CompTIA Security+
Computer Security
Databases
DevOps
Disaster Recovery
Multi-Factor Authentication
Infrastructure as a Service (IaaS)
Identity and Access Management
Issue Tracking Systems
Networking Hardware
Key Management
Lightweight Directory Access Protocols (LDAP)
Public Key Infrastructure
Powershell
RSA (Cryptosystem)
Security Information and Event Management
Scripting (Bash/Python/Go/Ruby)
Enterprise Software Applications
Cyberark
Sentry
RSA SecurID
REST

Job description

Location: Remote, PST Hours Position Overview We are seeking a Senior CyberArk & RSA Engineer responsible for the implementation, configuration, and ongoing support of our Privileged Access Management (PAM) and Public Key Infrastructure (PKI) environments. This role will focus on securing privileged access, administering PKI services, enforcing identity assurance, and ensuring compliance with security policies in a complex enterprise environment. The ideal candidate will bring deep expertise in CyberArk administration, PKI administration, and RSA authentication solutions - and will play a key role in maturing and expanding these platforms beyond their current capabilities to meet growing enterprise demand. Key Responsibilities CyberArk Responsibilities

  • Serve as CyberArk platform administrator, owning day-to-day operations, architecture decisions, and platform roadmap.
  • Deploy, configure, and maintain CyberArk PAM components (PVWA, CPM, PSM, PSMP, Vault, PTA, AAM/Conjur where applicable).
  • Design and lead expansion initiatives to grow CyberArk's footprint - onboarding new platforms, applications, and use cases beyond current scope (e.g., cloud/IaaS privileged accounts, DevOps secrets management, additional OS/database/network device types).
  • Integrate CyberArk with enterprise systems, applications, and directories (e.g., Active Directory, LDAP, SIEM, ticketing systems).
  • Onboard privileged accounts and manage credentials securely across platforms; develop onboarding standards to accelerate future scaling.
  • Conduct periodic audits, access reviews, and health checks of the CyberArk environment.
  • Monitor privileged access activity, investigate anomalies, and respond to security incidents.
  • Lead upgrades, patches, and platform enhancements, including capacity planning to support environment growth.
  • Create and maintain documentation for configurations, policies, procedures, and architecture diagrams.

PKI Responsibilities

  • Serve as PKI administrator, responsible for the full certificate lifecycle: issuance, renewal, revocation, and key management.
  • Administer and maintain Certificate Authority (CA) and Registration Authority (RA) infrastructure, including root/subordinate CA hierarchies.
  • Perform PKI application operations, including patching, upgrades, and health monitoring of CA servers and related components.
  • Manage certificate templates, enrollment policies, and auto-enrollment configurations (e.g., via AD CS, Group Policy, or equivalent).
  • Support integration of PKI services with enterprise applications, network devices, and endpoints requiring certificate-based authentication.
  • Monitor certificate expiration and revocation status (CRL/OCSP) to prevent service disruptions.
  • Troubleshoot certificate-related issues across platforms and provide root cause analysis.
  • Maintain PKI documentation, including CP/CPS references, key ceremonies, and audit evidence.
  • Support disaster recovery planning and key escrow/backup procedures for PKI infrastructure.

RSA Responsibilities

  • Implement and manage RSA SecurID or RSA Identity Governance and Lifecycle (IGL) for multi-factor authentication and access control.
  • Drive expansion of RSA authentication coverage to additional applications, user populations, and access channels beyond current deployment.
  • Integrate RSA with enterprise systems to enhance secure login and identity assurance.
  • Monitor RSA token deployments, troubleshoot authentication issues, and manage token lifecycle.
  • Collaborate with IAM and security teams to define and enforce authentication policies.
  • Maintain RSA system health, perform updates, and generate reports on authentication metrics and usage.

General Security Responsibilities

  • Collaborate with IT Security, Infrastructure, and Compliance teams to enforce privileged access, PKI, and authentication standards.
  • Assist with internal and external audits related to identity, access, and certificate-based controls.
  • Contribute to the development of IAM and PKI security architecture and roadmaps, including multi-year platform growth plans.
  • Ensure adherence to NERC CIP, SOX, or other relevant regulatory frameworks (especially for EMS environments). Qualifications

Requirements

  • 4+ years of hands-on experience with CyberArk PAM administration, including platform expansion or migration projects.
  • 2+ years of hands-on experience with PKI administration, including CA/RA management and certificate lifecycle operations.
  • 3+ years of experience managing RSA SecurID or RSA IGL solutions.
  • Strong knowledge of privileged access management, PKI, MFA, and identity governance best practices.
  • Experience integrating PAM, PKI, and MFA tools with enterprise applications and systems.
  • Familiarity with EMS or similar environments in the energy/utilities sector is a strong plus.
  • Solid troubleshooting, scripting, and automation skills (e.g., PowerShell, REST APIs).
  • Excellent communication skills and the ability to work effectively across teams. Desired Skills & Certifications (not required, but advantageous)
  • CyberArk Defender / Sentry / Guardian
  • RSA SecurID Certified Administrator / RSA IGL
  • PKI-related certifications (e.g., GIAC GPKI, CompTIA Security+ with PKI focus)
  • CISSP, CISM, or other security-related certifications
  • Experience with HEAT application operations and patching
  • Experience with IP360 operations and patching

Benefits & conditions

  • $115,000-184,000 per year Our Purpose Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we're helping build a sustainable economy wh…

  • 2 days ago

About the company

MatchPoint Solutions is a fast-growing, young, energetic global IT-Engineering services company with clients across the US. We provide technology solutions to various clients like Uber, Robinhood, Netflix, Airbnb, Google, Sephora, and more! More recently, we have expanded to working internationally in Canada, China, Ireland, UK, Brazil, and India. Through our culture of innovation, we inspire, build, and deliver business results, from idea to outcome. We keep our clients on the cutting edge of the latest technologies and provide solutions by using industry-specific best practices and expertise. We are excited to be continuously expanding our team. If you are interested in this position, please send over your updated resume. We look forward to hearing from you!

Apply for this position