Application Security Engineer (IAM-PAM)

Company Description

Avery Dennison Corporation (NYSE: AVY) is a global materials science and digital identification solutions company that provides a wide range of branding and information solutions that optimize labor and supply chain efficiency, reduce waste, advance sustainability, circularity and transparency, and better connect brands and consumers. Our products and solutions include labeling and functional materials, radio frequency identification (RFID) inlays and tags, software applications that connect the physical and digital, and a variety of products and solutions that enhance branded packaging and carry or display information that improves the customer experience. Serving an array of industries worldwide — including home and personal care, apparel, general retail, e-commerce, logistics, food and grocery, pharmaceuticals and automotive — we employ approximately 34,000 employees in more than 50 countries. Our reported sales in 2023 were $8.4 billion. Learn more at www.averydennison.com.

Job Description

We are actively looking for an Application IAM-PAM  Security Engineer to join our Avery Dennison IT team.  In this position the IAM-PAM Engineer is responsible for the security and management of privileged accounts within the organization. This role ensures that privileged access is controlled, monitored, and audited to prevent unauthorized use and potential security breaches. The ideal candidate will be responsible for the design, implementation, maintenance, and support of the CyberArk Privileged Access Management solutions, as well as provide support for Role Management for several applications, which includes PeopleSoft, Oracle EBS, Oracle Fusion, Oracle HCM and others. This role involves collaborating with cross-functional teams to ensure the security and compliance of privileged accounts and access entitlement across our enterprise infrastructure aligning with industry best practices and regulatory requirements. 

Job Description - CyberArk support

• Integrating various platforms with CyberArk, such as different LDAP providers, OKTA SSO, Windows Servers, UNIX Servers, Databases networking Devices and different applications. Both On-Prem or Cloud;

• Interpretation and analysis of corporate security standards and baselines;

• Central Policy Manager (CPM) policies management or redistribution;

• Perform health check monitoring on all CyberArk severs to ensure consistent availability of system to end user;

• Test and certify new product versions, bug fix and provide detailed reports;

• Responsible for Privileged User account administration of various Applications, Windows and UNIX accounts using CyberArk components;

• Creating and Managing Safes, Platforms and Owners;

• Maintain Security tool FAQ and Support Documentation;

• Knowledge on CPM and PSM connector customization

• Design, deploy, and manage CyberArk solutions to secure privileged accounts and credentials.

• Configure and integrate CyberArk with various systems, applications, and platforms.

• Monitor, troubleshoot, and resolve issues related to CyberArk infrastructure and services.

• Conduct regular assessments and audits of privileged access activities to ensure compliance with security policies and standards.

• Develop and maintain documentation, including standard operating procedures and technical guides for CyberArk administration.

• Provide training and support to end-users and stakeholders on CyberArk functionalities and best practices.
   

Job Description - Identity and Access Management - Role Management

• Strong understanding of Roles, Entitlement and Access Permission.

• Analyze and troubleshoot user’s roles/access entitlements to resolve excessive permission or lack thereof. 

• Conduct regular assessments and audits of User Access Roles/Entitlements to ensure compliance with security policies and standards

Qualifications

• Bachelor's degree or alternate combination of education/experience that results in equivalent job knowledge is required.  

• 6 or more years of experience in any of the following areas:  Privileged Access Management, Identity and Access Management, Cyber Security, IT Systems Architecture, IT Systems Administration, Database Administration.

• Strong understanding of Privileged Access Management tools (CyberArk).  Should be able to work with target system users to create interfaces between CyberArk and target applications, operating systems and servers.

• Strong analytical skills to troubleshoot CyberArk related issues collaborating with team members from different support areas.

• Experience with Windows/ UNIX platforms in large heterogeneous environment;

• Understanding typical Enterprise Change Management processes;

• CyberArk Platform certification preferred

• Basic understanding of high-availability (HA) and failover implementations for network infrastructure and server systems;

• Strong knowledge of PSM connector customization

• Extensive experience with digital password vaulting solutions;

• Experience with human versus non-human (service) accounts;

• Ability to document installation procedures, Standard Operating Procedures (SOP), etc;

• Experience of LDAP (server and client), NIS, NIS+, PAM;.

• Strong understand of OKTA SSO/SAML

• Strong knowledge of relational databases and database table structures. 

• Ability to read/write SQL (Oracle, MS SQL Server, DB2, etc.)

• Strong knowledge of Windows and UNIX systems

• Detailed knowledge of application role management and user access. Requires working closely with the Account Management and application process owner and support/development teams.

• Detailed knowledge of Peoplesoft, Oracle e BS and Oracle Fusion both functionally and technically.

• Strong communication skills

• Strong ability to create documentation and provide training as needed

• Familiarity with system integration processes

• Ability to multitask

Preferred Qualifications

• A successful academic or work background demonstrating the ability to absorb information, apply conceptual skills in practical applications, and achieve desired results in a highly technical, operating environment.

• Strong analytical and problem-solving background; good project management skills with ability to multitask and manage multiple activities in a cross-functional environment.

• Must effectively deal with the rapid technological and business change while maintaining enthusiasm and displaying sound judgment and common sense.

 Certifications preferred may include:

• CyberArk Platform certification preferred

• ISC2 Certified Information Systems Security Professional (CISSP)

• Certified Information Security Manager (CISM)

• Certified Information Systems Auditor (CISA)

Additional Information

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability, protected veteran status, or other protected status. EEOE/M/F/Vet/Disabled. All your information will be kept confidential according to EEO guidelines.