Cyber SDC - Privileged Access Management - Senior

Cyber SDC - Privileged Access Management - Senior

Location:

Anywhere in Country.

In an ever‑evolving IT landscape, EY stands as a beacon of trust for clients across diverse industries seeking reliable solutions to address their intricate risks and vulnerabilities. As a key member of the Identity and Access Management (IAM) team, you will help clients comprehend and navigate complex Enterprise Identity environments, evaluating, enhancing, and devising innovative solutions, processes, and policies to meet unique IAM requirements.

This role blends technical expertise and business acumen to drive EY’s mission and make a significant impact on global cybersecurity.

• Support the development of privilege and secret access management controls (Cyber Ark, Beyond Trust, Hashi Corp, and Delinea solutions).
• Assist in the design and implementation of privileged access and secret management solutions.
• Participate in requirement gathering and definition of use cases at the enterprise level for privilege and secret management.
• Configure and optimize discovery tools for privilege accounts, services, SSH keys, and tasks (Cyber Ark, Hashi Corp, Delinea, Beyond Trust), including auto‑detection and auto‑onboarding.
• Support onboarding of target systems such as Windows, Linux, and Unix accounts, databases (Oracle, MS SQL, Redis cache), and integration of Dev Ops solutions (Ansible, Puppet, Jenkins, Kubernetes, Open Shift, Git Hub, Git Lab, Docker).
• Demonstrate knowledge of modern cloud vaults such as AWS Secret Manager and Azure Key Vault.
• Assist in defining and implementing vaulting, rotation, and heartbeat policies for human and non‑human identities; enable SSH key and password rotation, check‑out/check‑in, dual control, and break‑glass.
• Participate in the self‑service design and implementation of privilege or secrets life‑cycle management using enterprise identity governance solutions (creation, management, certification, deletion).
• Contribute to the development and establishment of governance processes for non‑human identity management.
• Support the development of policies for endpoint management solutions including Windows workstations, Mac OS, Linux, and Unix servers.

• Proven experience in integrating, deploying, and configuring PAM and Secret Management technologies, with a strong focus on Cyber Ark (vault, privilege cloud, secure, infrastructure, Endpoint Access Management, and Conjur) and familiarity with other IAM solutions like Saviynt, SailPoint, Entra.
• In‑depth knowledge of privilege access management frameworks and the ability to offer guidance on their integration into existing applications.
• Practical expertise in developing Cyber Ark technology tech stack, Hashi Corp Vault, Beyond Trust, and Delinea experience.
• Proficiency in implementing, managing, and maintaining enterprise‑level privilege access management and secret management tools.
• Solid understanding of enterprise directory services such as Active Directory, Azure AD, and LDAP, as well as experience in implementing MFA and SSO solutions.
• Strong problem‑solving and analytical skills, with the ability to translate business requirements into technical specifications and execute technical deliveries effectively.
• A track record of delivering high‑quality client services and work products within expected time frames.
• Excellent documentation skills, including the creation of procedures, process documentation, and user documentation related to IAM applications.

• A bachelor's degree in a related field and approximately 4–6 years of related work experience; or a graduate degree and approximately 2–4 years of related work experience.
• Experience with PAM architecture and development within Cyber Ark, Hashi Corp, or other PAM solutions.
• Hands‑on experience with Cyber Ark Conjur and Hashi Corp Vault usage and functionality.
• A valid driver’s license in the US and/or a valid passport; willingness and ability to travel.

• Professional certifications in Identity & Access Management, such as CISSP, CISM, or specific vendor certifications like Cyber Ark CDE, Hashi Vault Certified…