Job Description

Auto req ID: 286278BR

Main purpose:
This position will be responsible to engineering and maintenance of PepsiCo Privileged Access solution by keeping upgrades and patches current; troubleshooting and resolving issues with the associated tools, support, implement, and design and authentication systems. This Infrastructure team member will work closely with many different teams and customers to ensure all aspects of privileged accesses are maintained to existing standards.
Accountabilities:

• System engineering and management

o Maintain DEV, ITE, and PROD environments

• Ensure all environments are on the latest stable patches for all layers (application, OS, and Security)
• Ensure all environments are healthy, accessible, and functional

o Plan, build, test, implement hardware and software refreshes/upgrades coordinating with appropriate teams
o Partner with vendor as appropriate on issues

• Design system/application integrations

o Pilot and evaluate new software/application integrations
o Implement/deliver AOP and Function funded initiatives for myPAM areas
o Identify automation opportunities and gain efficiencies in the myPAM services
o Implement, deliver any assigned PepsiCo special projects (e.g. Workforce reduction)

• Account Management

o Drive participation in the myPAM onboarding process to ensure privileged accounts are managed appropriately and password change requests are completed on time

• Development of connectivity required to facilitate password rotations
• Includes the transparent logon methodology

o Gather/Analyze and document requirements for myPAM area for onboarding new platforms/applications across the Enterprise
o Enhance myPAM onboarding and maintenance processes as appropriate
o Develop/Manage processes to keep myPAM onboarding process/lists evergreen for all sensitive and privileged access for platforms/applications in scope
o Provide account management and remediation services for methodologies such as but not limited to the following:

• Super user Account Password Management (SAPM)
• Application Access Management (AAM)
• DAP (Dynamic Application Provider – formerly Conjur)
• Endpoint Protection Manager (EPM)
• SSH Key Management
• Privileged Threat Analytics (PTA)

o Provide support for PepsiCo’s RPA (UiPath) Initiative

• Audit Controls

o Update/Maintain myPAM audit controls to align with PepsiCo standards
o Create, manage, maintain quarterly control processes for myPAM area
o Implement and deliver periodic (e.g. Quarterly) controls / processes for myPAM area
o Work with application owners, Controls team, as needed and ensure myPAM processes are kept up to date

Qualifications/Requirements

Years of experience:
3+ years in user provisioning and access management
2+ years in CyberArk (Concentration with EPM)
Minimum two years’ experience supporting a CyberArk environment.
Minimum five years’ experience engineering privileged access solutions
2+ year experience with CyberArk or comparable tools.



Mandatory Technical skills:

• Knowledge of the following core concepts:

o Principle of least privileged access
o Principle of revocation of rights
o Principle of Just In Time access

• Experience with developing, planning, and implementing a large scale enterprise-level CyberArk infrastructure including but not limited to the following components:

o Enterprise Password Vault (EPV)
o Privileged Session Manager (PSM)
o Password Vault Web Access (PVWA)
o Central Password Manager (CPM)
o Application Access Management (AAM – CP, CCP, and ASCP)
o Dynamic Application Provider (DAP)
o SSH Key Management
o Endpoint Protection Manager (EPM)
o Privileged Threat Analytics (PTA)

• Experience with PIM governance and compliance including the following:

o Performing Privileged Access Reviews
o Compliance Reporting
o Access Control Processes

• Experience working with Windows, MacOS and Unix / Linux platforms

• Experience working with large-scale, enterprise-level LDAP / Active Directory environments

• Experience working with large-scale, enterprise-level SIEM solutions including but not limited to the following:

o Splunk

• Knowledge of programming / scripting disciplines like the following:

o PowerShell
o Java
o .Net
Mandatory nontechnical skills:
Relevant academic education in Engineering, Computer Science, Information Security, or significant equivalent experience
Differentiating competencies required:

• Ability to demonstrate analytical and critical thinking, attention to detail, solution orientation in a fast-paced environment
• Good written and oral communication skills in English (other foreign languages well seen)
• A team-focused mentality with the proven ability to work effectively with diverse stakeholders

Relocation Eligible: Eligible for Standard Relocation
Job Type: Regular