The Privileged Access Management (PAM) developer is accountable for the development and technical support of modern PAM platform and capabilities. This role requires working on development of PAM systems, solutions, continuous improvements, software maintenance, release planning and change management activities. This role requires deep fluency with PAM platforms such as CyberArk Core PAS and extensive knowledge on PAM capabilities for secure vaulting, privileged session management and password management for infrastructure and application accounts. The developer will ensure PAM technical solutions are developed using modern programming and scripting languages such as Python, PowerShell etc. Security principles of "least privilege", "need to know" and "segregation of duties" must be followed by the developer to reduce security risks for WestJet.
Key deliverables/Responsibilities:
Work on design and development activities for privileged access management function by using programming and scripting languages such as python, PowerShell, TCL, AutoIT, CyberArk PACLI etc.
Hands on experience in developing custom connectors and plugins for CyberArk PSM and CPM.
Provide technical support for PAM solutions e.g., CyberArk Privileged Access Security (PAS).
Configure CyberArk safes, policies (master policy, CPM platform policy) access controls and workflows.
Implementation and maintenance of high availability cluster setup for CyberArk Core PAS.
Implementation and maintenance of disaster recovery environment for CyberArk Core PAS.
Deploy various use cases e.g., dual account control, HTML5 gateway etc.
Provide solution and Implement Application Access Manager (AAM) CP, CCP, ASCP and Conjur.
Develop tools to automate operational activities using PowerShell and RESTAPI.
Implement enhancements and enable new functionality for continuous improvement.
Provide operational support for the privileged access management program, acting as the technical escalation point as required.
Technical Support for PAM governance during periodic audit and compliance exercises for CSOX, PCI, GDPR, PIPEDA, etc.
Develop and maintain run documentation for all processes with a focus on self-service.
Identify privileged access management gaps through proactive discovery and partner with application development teams for remediation.
Works with senior professionals/leadership to identify opportunities to develop new PAM processes, tools, and services.
Perform CyberArk infrastructure upgrades for various components like Vaults, PSM, CPM, PVWA etc.
Experience and qualifications:
Typically requires a bachelor's degree and 5+ years of Information Security experience, or and equivalent combination of training and experience.
Privileged access management and Information Security certification (e.g., CyberArk Defender, CyberArk Sentry, CyberArk Guardian, CISSP, ISO 27001) is desired.
Subject matter expertise in PAM design and development using programming and scripting languages such as python, PowerShell, TCL, AutoIT, CyberArk PACLI etc.
Hands on experience in developing custom connectors and plugins for PSM and CPM.
Hands on experience in performing CyberArk version upgrades.
Experienced with development, designing, implementing, and optimizing solutions using the following technologies and concepts:
o Java, JSON, RESTful APIs,
o Python, PowerShell
o TCL, AutoIT, CyberArk PACLI
o SAML/OAuth Authentication
o Active Directory/LDAP
o Kerberos, SAML 2.0, ADFS, OAuth 2.0, OpenID Connect, etc.
o Public and Private Cloud hosted PAM solutions
o Role Based Access Control (RBAC)
Experience integrating large enterprise solutions with a Privileged Access Management solution e.g., CyberArk integration with SailPoint, Splunk etc.
Experience with zero-trust as related to IAM and PAM.
Familiarity with information security processes, procedures, and controls, understanding of industry standards and frameworks e.g., NIST Cyber Security Framework (CSF)
Knowledge of CyberArk Conjur, EPM is desirable.
Knowledge of Secure DevOps pipeline, Agile Scrum is desirable.