Application Security Engineer (IAM-PAM)
- Full-time
Company Description
Avery Dennison Corporation (NYSE: AVY) is a global materials science and digital identification solutions company that provides a wide range of branding and information solutions that optimize labor and supply chain efficiency, reduce waste, advance sustainability, circularity and transparency, and better connect brands and consumers. Our products and solutions include labeling and functional materials, radio frequency identification (RFID) inlays and tags, software applications that connect the physical and digital, and a variety of products and solutions that enhance branded packaging and carry or display information that improves the customer experience. Serving an array of industries worldwide — including home and personal care, apparel, general retail, e-commerce, logistics, food and grocery, pharmaceuticals and automotive — we employ approximately 34,000 employees in more than 50 countries. Our reported sales in 2023 were $8.4 billion. Learn more at www.averydennison.com.
At Avery Dennison, some of the great benefits we provide are:
- Health & Wellness benefits starting on day 1 of employment
- Paid parental leave
- 401K eligibility
- Tuition reimbursement
- Employee Assistance Program eligibility / Health Advocate
- Paid vacation and Paid holidays
Job Description
We are actively looking for an Application IAM-PAM Security Engineer to join our Avery Dennison IT team. In this position the IAM-PAM Engineer is responsible for the security and management of privileged accounts within the organization. This role ensures that privileged access is controlled, monitored, and audited to prevent unauthorized use and potential security breaches. The ideal candidate will be responsible for the design, implementation, maintenance, and support of the CyberArk Privileged Access Management solutions, as well as provide support for Role Management for several applications, which includes PeopleSoft, Oracle EBS, Oracle Fusion, Oracle HCM and others. This role involves collaborating with cross-functional teams to ensure the security and compliance of privileged accounts and access entitlement across our enterprise infrastructure aligning with industry best practices and regulatory requirements.
Job Description - CyberArk support
Integrating various platforms with CyberArk, such as different LDAP providers, OKTA SSO, Windows Servers, UNIX Servers, Databases networking Devices and different applications. Both On-Prem or Cloud;
Interpretation and analysis of corporate security standards and baselines;
Central Policy Manager (CPM) policies management or redistribution;
Perform health check monitoring on all CyberArk severs to ensure consistent availability of system to end user;
Test and certify new product versions, bug fix and provide detailed reports;
Responsible for Privileged User account administration of various Applications, Windows and UNIX accounts using CyberArk components;
Creating and Managing Safes, Platforms and Owners;
Maintain Security tool FAQ and Support Documentation;
Knowledge on CPM and PSM connector customization
Design, deploy, and manage CyberArk solutions to secure privileged accounts and credentials.
Configure and integrate CyberArk with various systems, applications, and platforms.
Monitor, troubleshoot, and resolve issues related to CyberArk infrastructure and services.
Conduct regular assessments and audits of privileged access activities to ensure compliance with security policies and standards.
Develop and maintain documentation, including standard operating procedures and technical guides for CyberArk administration.
Provide training and support to end-users and stakeholders on CyberArk functionalities and best practices.
Job Description - Identity and Access Management - Role Management
Strong understanding of Roles, Entitlement and Access Permission.
Analyze and troubleshoot user’s roles/access entitlements to resolve excessive permission or lack thereof.
Conduct regular assessments and audits of User Access Roles/Entitlements to ensure compliance with security policies and standards
Qualifications
Bachelor's degree or alternate combination of education/experience that results in equivalent job knowledge is required.
6 or more years of experience in any of the following areas: Privileged Access Management, Identity and Access Management, Cyber Security, IT Systems Architecture, IT Systems Administration, Database Administration.
Strong understanding of Privileged Access Management tools (CyberArk). Should be able to work with target system users to create interfaces between CyberArk and target applications, operating systems and servers.
Strong analytical skills to troubleshoot CyberArk related issues collaborating with team members from different support areas.
Experience with Windows/ UNIX platforms in large heterogeneous environment;
Understanding typical Enterprise Change Management processes;
CyberArk Platform certification preferred
Basic understanding of high-availability (HA) and failover implementations for network infrastructure and server systems;
Strong knowledge of PSM connector customization
Extensive experience with digital password vaulting solutions;
Experience with human versus non-human (service) accounts;
Ability to document installation procedures, Standard Operating Procedures (SOP), etc;
Experience of LDAP (server and client), NIS, NIS+, PAM;.
Strong understand of OKTA SSO/SAML
Strong knowledge of relational databases and database table structures.
Ability to read/write SQL (Oracle, MS SQL Server, DB2, etc.)
Strong knowledge of Windows and UNIX systems
Detailed knowledge of application role management and user access. Requires working closely with the Account Management and application process owner and support/development teams.
Detailed knowledge of Peoplesoft, Oracle eBS and Oracle Fusion both functionally and technically.
Strong communication skills
Strong ability to create documentation and provide training as needed
Familiarity with system integration processes
Ability to multitask
Preferred Qualifications
A successful academic or work background demonstrating the ability to absorb information, apply conceptual skills in practical applications, and achieve desired results in a highly technical, operating environment.
Strong analytical and problem-solving background; good project management skills with ability to multitask and manage multiple activities in a cross-functional environment.
Must effectively deal with the rapid technological and business change while maintaining enthusiasm and displaying sound judgment and common sense.
Certifications preferred may include:
CyberArk Platform certification preferred
ISC2 Certified Information Systems Security Professional (CISSP)
Certified Information Security Manager (CISM)
Certified Information Systems Auditor (CISA)
The salary range for this position is $100,000 -$130,000 / year.
The hiring base salary range above represents what Avery Dennison reasonably expects to pay for this position as of the date of this posting. Actual salaries will vary within the range, and in some circumstances may be above or below the range, based on various factors including but not limited to a candidate’s relevant skills, experience, education and training, and location, as well as the job scope and complexity, responsibilities, and regular and/or necessary travel required for the position, which may change depending on the candidate pool. Avery Dennison reserves the right to modify this information at any time, subject to applicable law.
Additional Information
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability, protected veteran status, or other protected status. EEOE/M/F/Vet/Disabled. All your information will be kept confidential according to EEO guidelines.
Reasonable Accommodations Notice
If you require accommodations to view or apply for a job, alternative methods are available to submit an application. Please contact (440) 534-6000 or [email protected] to discuss reasonable accommodations.