Application Security Engineer (IAM-PAM)

  • Full-time

Company Description

Avery Dennison Corporation (NYSE: AVY) is a global materials science and digital identification solutions company that provides a wide range of branding and information solutions that optimize labor and supply chain efficiency, reduce waste, advance sustainability, circularity and transparency, and better connect brands and consumers. Our products and solutions include labeling and functional materials, radio frequency identification (RFID) inlays and tags, software applications that connect the physical and digital, and a variety of products and solutions that enhance branded packaging and carry or display information that improves the customer experience. Serving an array of industries worldwide — including home and personal care, apparel, general retail, e-commerce, logistics, food and grocery, pharmaceuticals and automotive — we employ approximately 34,000 employees in more than 50 countries. Our reported sales in 2023 were $8.4 billion. Learn more at www.averydennison.com.

At Avery Dennison, some of the great benefits we provide are:

  • Health & Wellness benefits starting on day 1 of employment
  • Paid parental leave
  • 401K eligibility
  • Tuition reimbursement
  • Employee Assistance Program eligibility / Health Advocate
  • Paid vacation and Paid holidays

Job Description

We are actively looking for an Application IAM-PAM  Security Engineer to join our Avery Dennison IT team.  In this position the IAM-PAM Engineer is responsible for the security and management of privileged accounts within the organization. This role ensures that privileged access is controlled, monitored, and audited to prevent unauthorized use and potential security breaches. The ideal candidate will be responsible for the design, implementation, maintenance, and support of the CyberArk Privileged Access Management solutions, as well as provide support for Role Management for several applications, which includes PeopleSoft, Oracle EBS, Oracle Fusion, Oracle HCM and others. This role involves collaborating with cross-functional teams to ensure the security and compliance of privileged accounts and access entitlement across our enterprise infrastructure aligning with industry best practices and regulatory requirements. 

Job Description - CyberArk support

  • Integrating various platforms with CyberArk, such as different LDAP providers, OKTA SSO, Windows Servers, UNIX Servers, Databases networking Devices and different applications. Both On-Prem or Cloud;

  • Interpretation and analysis of corporate security standards and baselines;

  • Central Policy Manager (CPM) policies management or redistribution;

  • Perform health check monitoring on all CyberArk severs to ensure consistent availability of system to end user;

  • Test and certify new product versions, bug fix and provide detailed reports;

  • Responsible for Privileged User account administration of various Applications, Windows and UNIX accounts using CyberArk components;

  • Creating and Managing Safes, Platforms and Owners;

  • Maintain Security tool FAQ and Support Documentation;

  • Knowledge on CPM and PSM connector customization

  • Design, deploy, and manage CyberArk solutions to secure privileged accounts and credentials.

  • Configure and integrate CyberArk with various systems, applications, and platforms.

  • Monitor, troubleshoot, and resolve issues related to CyberArk infrastructure and services.

  • Conduct regular assessments and audits of privileged access activities to ensure compliance with security policies and standards.

  • Develop and maintain documentation, including standard operating procedures and technical guides for CyberArk administration.

  • Provide training and support to end-users and stakeholders on CyberArk functionalities and best practices.
     

Job Description - Identity and Access Management - Role Management

  • Strong understanding of Roles, Entitlement and Access Permission.

  • Analyze and troubleshoot user’s roles/access entitlements to resolve excessive permission or lack thereof. 

  • Conduct regular assessments and audits of User Access Roles/Entitlements to ensure compliance with security policies and standards
     

Qualifications

  • Bachelor's degree or alternate combination of education/experience that results in equivalent job knowledge is required.  

  • 6 or more years of experience in any of the following areas:  Privileged Access Management, Identity and Access Management, Cyber Security, IT Systems Architecture, IT Systems Administration, Database Administration.

  • Strong understanding of Privileged Access Management tools (CyberArk).  Should be able to work with target system users to create interfaces between CyberArk and target applications, operating systems and servers.

  • Strong analytical skills to troubleshoot CyberArk related issues collaborating with team members from different support areas.

  • Experience with Windows/ UNIX platforms in large heterogeneous environment;

  • Understanding typical Enterprise Change Management processes;

  • CyberArk Platform certification preferred

  • Basic understanding of high-availability (HA) and failover implementations for network infrastructure and server systems;

  • Strong knowledge of PSM connector customization

  • Extensive experience with digital password vaulting solutions;

  • Experience with human versus non-human (service) accounts;

  • Ability to document installation procedures, Standard Operating Procedures (SOP), etc;

  • Experience of LDAP (server and client), NIS, NIS+, PAM;.

  • Strong understand of OKTA SSO/SAML

  • Strong knowledge of relational databases and database table structures. 

  • Ability to read/write SQL (Oracle, MS SQL Server, DB2, etc.)

  • Strong knowledge of Windows and UNIX systems

  • Detailed knowledge of application role management and user access. Requires working closely with the Account Management and application process owner and support/development teams.

  • Detailed knowledge of Peoplesoft, Oracle eBS and Oracle Fusion both functionally and technically.

  • Strong communication skills

  • Strong ability to create documentation and provide training as needed

  • Familiarity with system integration processes

  • Ability to multitask

Preferred Qualifications

  • A successful academic or work background demonstrating the ability to absorb information, apply conceptual skills in practical applications, and achieve desired results in a highly technical, operating environment.

  • Strong analytical and problem-solving background; good project management skills with ability to multitask and manage multiple activities in a cross-functional environment.

  • Must effectively deal with the rapid technological and business change while maintaining enthusiasm and displaying sound judgment and common sense.

 Certifications preferred may include:

  • CyberArk Platform certification preferred

  • ISC2 Certified Information Systems Security Professional (CISSP)

  • Certified Information Security Manager (CISM)

  • Certified Information Systems Auditor (CISA)

The salary range for this position is $100,000 -$130,000 / year.
The hiring base salary range above represents what Avery Dennison reasonably expects to pay for this position as of the date of this posting. Actual salaries will vary within the range, and in some circumstances may be above or below the range, based on various factors including but not limited to a candidate’s relevant skills, experience, education and training, and location, as well as the job scope and complexity, responsibilities, and regular and/or necessary travel required for the position, which may change depending on the candidate pool. Avery Dennison reserves the right to modify this information at any time, subject to applicable law.  

Additional Information

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability, protected veteran status, or other protected status. EEOE/M/F/Vet/Disabled. All your information will be kept confidential according to EEO guidelines.

Reasonable Accommodations Notice

If you require accommodations to view or apply for a job, alternative methods are available to submit an application. Please contact (440) 534-6000 or [email protected] to discuss reasonable accommodations.

Privacy Policy