Privileged Access Management (PAM) Engineer, AVP

Who we are looking for

As an Privilege Access Management Engineer, AVP you will be a member of our highly technical production support team, who supports security for the unstructured data environment. You will be focused on the daily goal of meeting established business Service Level Agreements (SLAs) and/or Service Level Objectives (SLOs) for the bank's internal/external customers, through the utilization of the Enterprise monitoring and triage tools provided. Emphasis on problem resolution, root cause investigation, third level problem detection, vendor engagement, maintenance of event/outage logs and assistance with hardware and software patch/product updates.

What you will be responsible for

As Privilege Access Management Engineer, AVP you will

• Design and implement Privileged Access Management solutions, including privileged account management, session monitoring, and credential vaulting.
• Collaborate with cross-functional teams to ensure PAM controls align with business requirements and industry best practices.
• Develop and enforce policies and procedures for managing privileged accounts across the organization.
• Implement mechanisms for secure provisioning, deprovisioning, and rotation of privileged account credentials.
• Implement controls to enforce the principle of least privilege and minimize the risk of unauthorized access. Define and enforce access policies, roles, and permissions for privileged accounts to ensure appropriate access levels.
• Implement secure credential storage and management solutions to protect privileged account credentials. Ensure encryption, access controls, and auditing mechanisms are in place to safeguard stored credentials.
• Conduct periodic reviews and audits of privileged access rights and activities. Identify and remediate any access anomalies or policy violations within the PAM framework.
• Integrate PAM solutions with other security technologies and systems, such as identity and access management (IAM) platforms and security information and event management (SIEM) systems. Automate PAM processes and workflows to enhance efficiency and reduce manual errors.
• Participate in security incident response activities related to privileged access. Investigate security incidents involving privileged accounts, coordinate response efforts, and implement necessary remediation measures.
• Develop and maintain PAM policies, standards, and procedures. Stay up to date with evolving PAM technologies, industry trends, and regulatory requirements related to privileged access.

What we value

These skills will help you succeed in this role.

• 10+ Years of IT experience with minimum 6+ years’ experience with CA PAM Privileged Access Management (PAM) Architecture, Design and Server onboarding.
• Excellent PAM design, implementation, and support experience
• Project Management
• Ability to work within Production Management
• Flexibility Work with IDAM team to implement policies and definition.
• Training the team

Education & Preferred Qualifications

• Bachelor’s degree in computer science, Information Security, or a related field.
• Relevant certifications such as Certified Information Systems Security Professional (CISSP) or Certified Privileged Access Management Professional (CPAMP) are highly desirable.

Additional requirements

• Willing to work in 24x7 work environment.
• Being flexible
• Prefers working in a Production support team
• Strong knowledge of Privileged Access Management principles, practices, and technologies, including privileged account management, session monitoring, and credential vaulting.
• Familiarity with industry-leading PAM solutions such as CyberArk, Beyond Trust, or Thycotic.
• Experience with access control mechanisms, least privilege principles, and role-based access control (RBAC).
• Knowledge of security compliance standards and regulations, such as GDPR, HIPAA, and PCI DSS, related to privileged access.
• Proficiency in integrating PAM solutions with IAM platforms and SIEM systems.
• Strong problem-solving and analytical skills, with the ability to identify and mitigate risks associated with privileged access.
• Up-to-date knowledge of emerging PAM technologies, security threats, vulnerabilities, and industry trends. Strong knowledge on key access management concepts such as directory services, authentication, authorization, single sign-on, federation, multi-factor authentication (MFA), adaptive MFA, IdP, privilege access, etc. Strong understanding of how to implement concepts such as password less authentication, zero trust model, SASE, etc.
• Strong technical skills and experience in architecting and implementing at least one or more solutions such as SailPoint IIQ, SailPoint IdentityNow, One Identity, IBM IGI, Saviynt, ForgeRock, Okta, Microsoft Entra ID, Ping Identity, etc.
• Strong technical skills and experience in architecting and implementing at least one or more PAM solutions such as Beyond Trust PasswordSafe, Beyond Trust Privileged Remote Access, CyberArk, CyberArk Secrets Manager, Delinea, etc.

Salary Range:

$90,000 - $142,500 Annual

The range quoted above applies to the role in the location specified. If the candidate would ultimately work outside of the location above, the applicable range could differ.

Job Application Disclosure:

It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.

State Street's Speak Up Line