IT Sys Sec Eng Sr

Requisition Number

119581BR

BAE Systems, Inc. is seeking a CyberArk Privileged Access Management (PAM) Engineer to join our Identity Services organization, supporting the Directory Services, Certificate Management, and Privileged Access Management (DCP) team. This role focuses on hands-on engineering and operational support of our CyberArk PAM platform and CyberArk Endpoint Privilege Manager (EPM) for Linux, working alongside other engineers.

The ideal candidate has practical experience supporting CyberArk in production, is comfortable troubleshooting complex issues, and understands how PAM operates within regulated and compliance-driven environments.

Responsibilities:

Support and administer CyberArk PAM components including EPV, CPM, and PSM/PSM-SSH

Onboard and maintain privileged accounts for Windows, Linux, service accounts, and applications

Support CyberArk vault operations, including clustered vault configurations, health monitoring, and troubleshooting

Assist with platform upgrades, patching, and operational testing activities

Provide Tier-2 / Tier-3 support for PAM-related incidents and requests

Support CyberArk EPM for Linux

Support audits and compliance activities by producing required evidence and documentation

Job Posting Title

CyberArk / PAM Engineer [REMOTE]

Job Family

IT Systems Security

Travel Percentage

<10%

Clearance Level – Must be able to obtain for position

None

Shift

1st Shift

Regular or Temporary

Regular

Typical Education and Experience

Typically a Bachelor's Degree and 4 years work experience or equivalent experience

Required Skills and Education

Bachelor's Degree and 4 years work experience or equivalent experience

4+ years of experience with IT, including identity access management, privileged access management, and/or security-related behavior monitoring.

2+ years of hands-on experience supporting on-premises CyberArk PAM

Working knowledge of Linux operating systems and SSH-based access

In-depth knowledge of the various CyberArk architecture components (Vault/EPV, DR Vault, PVWA, PSM, CPM).

Experience with CyberArk Rest API and credential provider (CCP/CP) components.

Experience with troubleshooting issues with Vault, PVWA, CPM, and PSM component servers (including gathering various CyberArk logs, diagnosing firewall or network-related issues, etc.).

Experience working with large teams to understand requirements and translate them into CyberArk safes, platforms, etc.

Knowledge of the following areas: Active Directory/LDAP management, PKI, MFA, Identity Governance, SSO.

Strong analytical and problem-solving skills, ability to learn new concepts quickly.

Self-motivated with excellent interpersonal skills, strong work ethic, highly effective communicator, excellent organizational skills

Preferred Skills and Education

2+ years of experience with COTS Identity Access Management tools (e.g. Micro Focus Identity Applications, SailPoint)

Experience with CyberArk Endpoint Privilege Manager (EPM) for Linux and/or Windows

Experience using ServiceNow for incident/change/request workflows

Experience with SIEM tool, preferably Splunk.

Experience with technical writing to create process documents, training, and formal documentation for compliance/audits.

Experience with Visio to create workflows, architecture drawings, etc.

Knowledge of scripting and/or programming languages including PowerShell, JavaScript, and/or Python.

Experience developing or customizing PSM and CPM plugins

AutoIT experience for PSM plugin development

Knowledge of compliance regulations including, but not limited to, CMMC and FedRAMP

CyberArk Defender, Sentry, and/or CISSP certification

About BAE Systems, Inc.

BAE Systems, Inc. is the U.S. subsidiary of BAE Systems plc, an international defense, aerospace and security company which delivers a full range of products and services for air, land and naval forces, as well as advanced electronics, security, information technology solutions and customer support services. Improving the future and protecting lives is an ambitious mission, but it’s what we do at BAE Systems. Working here means using your passion and ingenuity where it counts – defending national security with breakthrough technology, superior products, and intelligence solutions. As you develop the latest technology and defend national security, you will continually hone your skills on a team—making a big impact on a global scale. At BAE Systems, you’ll find a rewarding career that truly makes a difference.

This position will be posted for at least 5 calendar days. The posting will remain active until the position is filled, or a qualified pool of candidates is identified.

Department

IT_CYBIAM_Cyber IAM

Company

123_BAE Systems Shared Svcs Inc

Posting Requirements

Internal/External

Job Category

Engineering & Technology

U.S. Person Required

Yes

Business Area

ESS IT

Salary Max Point

161680

Salary Min Point

95106

Union Job

None

Recruiter

Kathleen Kirwin

U.S. Citizenship Required

No