Sr. Security Operations Engineer (PAM-AD)

The Company: GIA is the world's foremost authority in gemology. GIA is a global organization with headquarters located in Carlsbad, CA. GIA in Carlsbad boasts a 17-acre ocean view campus that accommodates approximately 800 of its 3,000 total employees worldwide. It offers many competitive health and commuter benefits that promote the well-being of its employees as well as that of the environment.
The Location: We offer a flexible work-from-home schedule, with a few days in the office per week for local candidates, Carlsbad or New York Headquarters.
What to expect:

• Work Hours: Monday through Friday regular business hours
• We offer competitive medical, dental, vision and matching 401-K plans
• Paid vacation, sick and holidays, tuition assistance, commuter benefits

Job Overview: The successful applicant will participate in the delivery of the ongoing operational support and improvement implementation efforts for the Identity and Access Management controls to help secure our infrastructure. This role will contribute to the development and maintenance of security and access control processes and solutions throughout the enterprise according to security policies. The candidate will be responsible for supporting and evolving privileged management processes and solutions and act as the technical expert supporting upcoming implementations and strategies around Privileged Access Management (PAM), namely CyberArk. The candidate will also need to be well versed and experienced in Active Directory security controls and enforcement. The candidate will have extensive knowledge on design, build, implementation, administration and troubleshooting Microsoft Active Directory, PAM concepts and technology including CyberArk modules: Central Policy Manager (CPM), Privileged Session Manager (PSM), Privileged Session Management Proxy (PSMP), Application Access Manager (AAM), Privileged Threat Analytics (PTA), among other supporting products.
ESSENTIAL DUTIES AND RESPONSIBILITIES

• Maintain Access Controls to secure the existing enterprise Active Directory and Azure Active Directory environment.
• Proactively secure and harden Active Directory (AD) Services to ensure compliance with best practices and CIS security controls, using Group Policies and other tools.
• Develop, test, document, and deploy security controls for the Active Directory environment.
• Provide hardening templates to facilitate new server and Domain Controller provisioning.
• Provide follow-up reports for root cause analysis on incidents, enhancements, and process improvement initiatives.
• Support operations across multiple geographic locations.

• Design, configure, troubleshoot, and support CyberArk initiatives and solutions.
• Implement PAM platform customizations, enhancements, and modifications.
• Gather requirements from internal clients and provide security/PAM technical expertise.
• Ensure that proposed and existing PAM system architectures are aligned with organizational standards, goals, and objectives.
• Serve as a subject matter expert (SME) on PAM authentication platform configurations.
• Drive initiatives to transform PAM provisioning and lifecycle management leveraging self-service and automation capabilities to enable a superior user experience.

• Provide exceptional service and that SLAs are met or exceeded.
• Assume additional responsibilities as assigned.
• Be able to work in a team geographically diverse team environment.
• Supports in the development of security policies, standards and plans to ensure the protection of corporate data against unauthorized use, access, modification, and destruction.
• Ensures proper security logs are generated and sent to the organization's Security Information and Event Management (SIEM) system.
• Persistently evaluates adherence with defined policies and standards.
• Other duties as assigned.

TECHNICAL COMPETENCIES (Knowledge, Skills & Abilities)
The candidate must have extensive knowledge and experience with the following Tools and Services as part of their primary functional responsibilities:

• Active Directory security and access controls
• AD - Forest & DS
• AD Windows objects
• AD Group Policy
• AD Site & Services
• AD Domains & Trusts
• AD Application Partitions
• AD Management Tools
• GPO Admin
• CyberArk PAM
• Enterprise Password Vault - EPV
• Enterprise Disaster Recovery Password Vault - DR Vault
• Password Vault Web Access - PVWA
• Privileged Session Manager - PSM
• Central Policy Manager - CPM
• Windows Server administration
• Networking concepts
• Creating and/or modifying PowerShell scripts
• Demonstrated knowledge in information security principles such as threat and vulnerability management, incident response, and identity & access management.
• Familiarity with information security standards (e.g., NIST).
• Excellent verbal and written communication skills.
• Ability to maintain and foster sensitivity and respect for a culturally diverse work environment.
• Ability to display supportive behavior and communicate positively regarding department goals and objectives.
• Ability to deal effectively with a variety of personalities to establish and maintain effective working relationships.

EDUCATION AND EXPERIENCE

• Bachelor's degree in I.T, Engineering, or related Science and Math discipline with an Information system emphasis and/or equivalent experience.
• Minimum 6 years of Information Technology (IT) experience.
• Relevant certifications (Microsoft, Security, CyberArk) are a plus.

PHYSICAL REQUIREMENTS / WORK ENVIRONMENT (if applicable)

• Work is performed in a designated professional office workstation and environment.
• Extensive use of office equipment to include computer, calculator, copier, fax, and other business related machines and software.

Pay Range: $118-169K.
Disclaimer: This job description indicates in general terms, the type and level of work performed as well as the typical responsibilities of employees in this classification and it may be changed by management at any time. Other duties may also apply. Nothing in this job description changes the at-will employment relationship existing between the Company and its employees.