Senior CyberArk & RSA Engineer
Role details
Job location
Tech stack
Job description
Location: Remote, PST Hours Position Overview We are seeking a Senior CyberArk & RSA Engineer responsible for the implementation, configuration, and ongoing support of our Privileged Access Management (PAM) and Public Key Infrastructure (PKI) environments. This role will focus on securing privileged access, administering PKI services, enforcing identity assurance, and ensuring compliance with security policies in a complex enterprise environment. The ideal candidate will bring deep expertise in CyberArk administration, PKI administration, and RSA authentication solutions - and will play a key role in maturing and expanding these platforms beyond their current capabilities to meet growing enterprise demand. Key Responsibilities CyberArk Responsibilities
- Serve as CyberArk platform administrator, owning day-to-day operations, architecture decisions, and platform roadmap.
- Deploy, configure, and maintain CyberArk PAM components (PVWA, CPM, PSM, PSMP, Vault, PTA, AAM/Conjur where applicable).
- Design and lead expansion initiatives to grow CyberArk's footprint - onboarding new platforms, applications, and use cases beyond current scope (e.g., cloud/IaaS privileged accounts, DevOps secrets management, additional OS/database/network device types).
- Integrate CyberArk with enterprise systems, applications, and directories (e.g., Active Directory, LDAP, SIEM, ticketing systems).
- Onboard privileged accounts and manage credentials securely across platforms; develop onboarding standards to accelerate future scaling.
- Conduct periodic audits, access reviews, and health checks of the CyberArk environment.
- Monitor privileged access activity, investigate anomalies, and respond to security incidents.
- Lead upgrades, patches, and platform enhancements, including capacity planning to support environment growth.
- Create and maintain documentation for configurations, policies, procedures, and architecture diagrams.
PKI Responsibilities
- Serve as PKI administrator, responsible for the full certificate lifecycle: issuance, renewal, revocation, and key management.
- Administer and maintain Certificate Authority (CA) and Registration Authority (RA) infrastructure, including root/subordinate CA hierarchies.
- Perform PKI application operations, including patching, upgrades, and health monitoring of CA servers and related components.
- Manage certificate templates, enrollment policies, and auto-enrollment configurations (e.g., via AD CS, Group Policy, or equivalent).
- Support integration of PKI services with enterprise applications, network devices, and endpoints requiring certificate-based authentication.
- Monitor certificate expiration and revocation status (CRL/OCSP) to prevent service disruptions.
- Troubleshoot certificate-related issues across platforms and provide root cause analysis.
- Maintain PKI documentation, including CP/CPS references, key ceremonies, and audit evidence.
- Support disaster recovery planning and key escrow/backup procedures for PKI infrastructure.
RSA Responsibilities
- Implement and manage RSA SecurID or RSA Identity Governance and Lifecycle (IGL) for multi-factor authentication and access control.
- Drive expansion of RSA authentication coverage to additional applications, user populations, and access channels beyond current deployment.
- Integrate RSA with enterprise systems to enhance secure login and identity assurance.
- Monitor RSA token deployments, troubleshoot authentication issues, and manage token lifecycle.
- Collaborate with IAM and security teams to define and enforce authentication policies.
- Maintain RSA system health, perform updates, and generate reports on authentication metrics and usage.
General Security Responsibilities
- Collaborate with IT Security, Infrastructure, and Compliance teams to enforce privileged access, PKI, and authentication standards.
- Assist with internal and external audits related to identity, access, and certificate-based controls.
- Contribute to the development of IAM and PKI security architecture and roadmaps, including multi-year platform growth plans.
- Ensure adherence to NERC CIP, SOX, or other relevant regulatory frameworks (especially for EMS environments). Qualifications
Requirements
- 4+ years of hands-on experience with CyberArk PAM administration, including platform expansion or migration projects.
- 2+ years of hands-on experience with PKI administration, including CA/RA management and certificate lifecycle operations.
- 3+ years of experience managing RSA SecurID or RSA IGL solutions.
- Strong knowledge of privileged access management, PKI, MFA, and identity governance best practices.
- Experience integrating PAM, PKI, and MFA tools with enterprise applications and systems.
- Familiarity with EMS or similar environments in the energy/utilities sector is a strong plus.
- Solid troubleshooting, scripting, and automation skills (e.g., PowerShell, REST APIs).
- Excellent communication skills and the ability to work effectively across teams. Desired Skills & Certifications (not required, but advantageous)
- CyberArk Defender / Sentry / Guardian
- RSA SecurID Certified Administrator / RSA IGL
- PKI-related certifications (e.g., GIAC GPKI, CompTIA Security+ with PKI focus)
- CISSP, CISM, or other security-related certifications
- Experience with HEAT application operations and patching
- Experience with IP360 operations and patching
Benefits & conditions
-
$115,000-184,000 per year Our Purpose Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we're helping build a sustainable economy wh…
-
2 days ago