Beschreibung
Analyst - Engineer (CyberArk/Avecto)
Our client, an international IT company, is currently looking for experienced Analyst - Engineer with CyberArk/Avecto experience for a contract role based in Zurich.
An initial pilot is focussing on managing Windows Enterprise & Domain Administrative accounts. In parallel, analysis is ongoing for future capabilities beyond the pilot, including:
- Integrating additional platforms with CyberArk, VMware ESXi, Service Processors, Middleware and Databases
- Integrating Windows member server access with both CyberArk and OPM For Windows (a.k.a. Avecto Privilege Guard)
- Integrating CyberArk with the wider eco-system in CLIENT'S, including identity management, policy management, inventory management, ticketing systems and security logging and monitoring
A CyberArk and/or Avecto analyst/engineer is required to assist in the ongoing design and engineering of the CyberArk solution and onboarding of platforms to that solution.
Their primary requirements and responsibilities will be:
- Understand the strategy for infrastructure privileged access control in CLIENT'S, and the drivers in terms of risk and regulatory control
- Liaise with the system architect to understand the CLIENT'S target architecture for infrastructure privileged access and the high-level requirements for the privileged access management solution
- Understand CLIENT'S processes and tools that are part of the "eco-system" within which the solutions must operate, including entitlements management and review, inventory, problem ticketing, change management, security logging and monitoring, as well as various Legacy privileged session management solutions that are in use
- Have a strong knowledge of the CyberArk privileged session management product and/or Avecto Privilege Guard products
- Work with the architect to determine how the requirements can be met using the solutions, using for example using CyberArk's rules, policies, workflow features and integration points, based on standard and re-usable templates
- Engineer CyberArk and/or Avecto components, and other related components, working initially alongside CyberArk professional services, and then later in a self-contained team
- Help design and implement custom enhancements and components that augment CyberArk functionality. For example, this could include components that take data feeds from various eco-system components (such as platform, inventory, and entitlements management systems) and use the CyberArk API to provision the appropriate configuration into CyberArk in a controlled, automated and repeatable manner. This may involve some development work using a Scripting language (such as PowerShell or Perl).
- Once the pilot goes live, be part of an engineering team who can provide third-level support for the running services. At the same time, continue doing analysis and engineering work for new platforms that will be onboarded to CyberArk.
- Design and implement solutions to address requirements relating to the management of privileged entitlements, authentication of privileged users, break-glass workflows, operational issues, availability and timeliness of the solution, monitoring and logging of privileged activities, platform life cycle events such as the creating or decommissioning target Servers and their impact on privileged accounts, retention of audit data, and regulatory constraints around the locations of privileged users and target systems.
- Help the Business Analyst to perform current state analysis of the infrastructure platforms on which privileged access needs to be managed. Liaise with owners of the platforms (engineering and service delivery) to determine existing processes and tools. Analyse platform diversity, including regional, jurisdictional, business area, team, platform build and tool diversity, and identify gaps in the current state which need to be addressed in order to manage privileged access in conformance with the strategy. Analyse how/whether CyberArk can fill those gaps and whether changes in process are also required.
- Specify changes required by platform teams for their platforms to be onboarded to CyberArk/Avecto. For example, the platform team may need to update staging scripts that build new Servers to ensure that any privileged accounts on those Servers are onboarded to CyberArk.
Required skills include the following:
- Fluent in English
- Strong technical IT background
- Strong understanding of IT security, risk management, identity and access management, and privileged access management
- Knowledge of high availability and business continuity requirements of enterprise systems
- Able and willing to learn the processes, systems and tools used in a large complex and organisation, including a varied and extensive landscape of Legacy systems
- Strong analysis skills from an IT perspective
- Able to articulate complex problems and solutions in an engaging and understandable manner
- Hands-on engineering experience with CyberArk, including Safe design, CPM and PVWA policy design in PIM/PSM version 7.x, and/or the OPM for Windows/Avecto Privilege Guard solution
- Knowledge of CyberArk Disaster Recovery and Backup strategies
- Some experience with programming, especially using Scripting languages eg PowerShell or Perl
Desired skills include the following:
- Experience in the use of CyberArk PACLI to automate tasks related to user and safe management
- Experience using LDAP
- Knowledge of Single Sign On Systems, SIEM systems, ticketing systems such as ServiceNow, enterprise monitoring and alerting using SNMP
- Knowledge of regulatory issues facing large financial organisations
- Understanding of Windows RDP
Apply today to secure your chances for this interesting opportunity!
Please send your English CV, reference letters and certificates to Ms. Tora Adamsson or if you should have any questions, please don't hesitate to call her.
Experis is Europe's leading IT&T recruitment agency with over 100 offices worldwide.