CyberArk / PAM Engineer [REMOTE]

Job Description

BAE Systems, Inc. is seeking a CyberArk Privileged Access Management (PAM) Engineer to join our Identity Services organization, supporting the Directory Services, Certificate Management, and Privileged Access Management (DCP) team. This role focuses on hands-on engineering and operational support of our CyberArk PAM platform and CyberArk Endpoint Privilege Manager (EPM) for Linux, working alongside other engineers.

The ideal candidate has practical experience supporting CyberArk in production, is comfortable troubleshooting complex issues, and understands how PAM operates within regulated and compliance-driven environments.

Responsibilities

Support and administer CyberArk PAM components including EPV, CPM, and PSM/PSM-SSH
Onboard and maintain privileged accounts for Windows, Linux, service accounts, and applications
Support CyberArk vault operations, including clustered vault configurations, health monitoring, and troubleshooting
Assist with platform upgrades, patching, and operational testing activities
Provide Tier-2 / Tier-3 support for PAM-related incidents and requests
Support CyberArk EPM for Linux
Support audits and compliance activities by producing required evidence and documentation

Required Education, Experience, & Skills

Bachelor's Degree and 4 years work experience or equivalent experience
4+ years of experience with IT, including identity access management, privileged access management, and/or security-related behavior monitoring.
2+ years of hands-on experience supporting on-premises CyberArk PAM
Working knowledge of Linux operating systems and SSH-based access
In-depth knowledge of the various CyberArk architecture components (Vault/EPV, DR Vault, PVWA, PSM, CPM).
Experience with CyberArk Rest API and credential provider (CCP/CP) components.
Experience with troubleshooting issues with Vault, PVWA, CPM, and PSM component servers (including gathering various CyberArk logs, diagnosing firewall or network-related issues, etc.).
Experience working with large teams to understand requirements and translate them into CyberArk safes, platforms, etc.
Knowledge of the following areas: Active Directory/LDAP management, PKI, MFA, Identity Governance, SSO.
Strong analytical and problem-solving skills, ability to learn new concepts quickly.
Self-motivated with excellent interpersonal skills, strong work ethic, highly effective communicator, excellent organizational skills

Preferred Education, Experience, & Skills

2+ years of experience with COTS Identity Access Management tools (e.g. Micro Focus Identity Applications, SailPoint)
Experience with CyberArk Endpoint Privilege Manager (EPM) for Linux and/or Windows
Experience using ServiceNow for incident/change/request workflows
Experience with SIEM tool, preferably Splunk.
Experience with technical writing to create process documents, training, and formal documentation for compliance/audits.
Experience with Visio to create workflows, architecture drawings, etc.
Knowledge of scripting and/or programming languages including PowerShell, JavaScript, and/or Python.
Experience developing or customizing PSM and CPM plugins
AutoIT experience for PSM plugin development
Knowledge of compliance regulations including, but not limited to, CMMC and FedRAMP
CyberArk Defender, Sentry, and/or CISSP certification

Pay Information

Full-Time Salary Range: $95106 - $161680

Please note: This range is based on our market pay structures. However, individual salaries are determined by a variety of factors including, but not limited to: business considerations, local market conditions, and internal equity, as well as candidate qualifications, such as skills, education, and experience.

Employee Benefits: At BAE Systems, we support our employees in all aspects of their life, including their health and financial well-being. Regular employees scheduled to work 20+ hours per week are offered: health, dental, and vision insurance; health savings accounts; a 401(k) savings plan; disability coverage; and life and accident insurance. We also have an employee assistance program, a legal plan, and other perks including discounts on things like home, auto, and pet insurance. Our leave programs include paid time off, paid holidays, as well as other types of leave, including paid parental, military, bereavement, and any applicable federal and state sick leave. Employees may participate in the company recognition program to receive monetary or non-monetary recognition awards. Other incentives may be available based on position level and/or job specifics.

About BAE Systems, Inc.

BAE Systems, Inc. is the U.S. subsidiary of BAE Systems plc, an international defense, aerospace and security company which delivers a full range of products and services for air, land and naval forces, as well as advanced electronics, security, information technology solutions and customer support services. Improving the future and protecting lives is an ambitious mission, but it’s what we do at BAE Systems. Working here means using your passion and ingenuity where it counts – defending national security with breakthrough technology, superior products, and intelligence solutions. As you develop the latest technology and defend national security, you will continually hone your skills on a team—making a big impact on a global scale. At BAE Systems, you’ll find a rewarding career that truly makes a difference.