Sr. Engineer, IT Engineering (CyberArk)

The Opportunity:

The Senior CyberArk Engineer will lead the implementation, administration, and optimization of CyberArk Privileged Access Management (PAM) solutions and IAM systems across enterprise environments.  This role is essential for maintaining security, compliance, and operational efficiency in unregulated, government-regulated, and cloud-based environments.  The Engineer will collaborate with cross-functional teams, provide expert guidance on IAM and PAM practices, and ensure secure management of identities, accounts, and privileged access.

The Senior IAM Engineer will provide global 3rd level support and troubleshooting for Saviynt, CyberArk, Active Directory services, EntraID services, related AD management tools and cloud single sign-on integrations.

What we’re looking for  

• Education: Bachelor's degree in Computer Science, Information Systems, or related field (or equivalent experience).

• Experience: 10+ years of IT experience with a focus on IAM and security solutions.

• 5+ years of experience with CyberArk PAM implementations and management.

• Proven expertise in Active Directory, Azure AD, LDAP, PKI, SSO, and 2FA systems.

• Hands-on experience with scripting (PowerShell, Python, Java or other) for automation and system integration.

• Familiarity with ITAR/GOV-controlled environments and compliance frameworks (e.g., NIST, SOX, GDPR).

• Active CyberArk Defender and Sentry certifications required are a plus.

• Additional certifications (e.g., Microsoft, AWS, Azure, CISSP) are a plus.

• Deep understanding of privileged access management principles, including least privilege enforcement and session monitoring.

• Strong knowledge of Active Directory services, group policies, DNS, and certificate services.

• Proficiency in integrating IAM tools with cloud environments (e.g., AWS, Azure).

• Excellent troubleshooting, analytical thinking, and communication skills.

• Ability to define and drive projects from concept to completion, ensuring alignment with deadlines.

How you will thrive and create an impact  

CyberArk Privileged Access Management

• Design, deploy, and maintain CyberArk solutions, including Enterprise Password Vault (EPV), Privileged Session Manager (PSM), and Central Policy Manager (CPM).

• Develop privileged access policies, procedures, and standards aligned with industry best practices and regulatory compliance (e.g., CMMC, PCI-DSS, HIPAA).

• Monitor, audit, and optimize CyberArk configurations and policies to mitigate security risks.

• Integrate CyberArk with identity providers (e.g., Active Directory, Azure AD, LDAP) and other IT infrastructure.

• Automate PAM processes using scripting languages like PowerShell or Python.

• Lead incident response activities for privileged access abuse or unauthorized access attempts.

Identity and Access Management

• Support and enhance IAM tools and services, focusing on secure user privileges, credential management, and access control.

• Configure and optimize identity systems, including Active Directory, Azure AD, LDAP, PKI, and SSO/2FA solutions.

• Lead IAM-related projects, including domain consolidations, decommissioning, and cloud migrations.

• Develop processes for IAM governance, compliance, and reporting.

• Define and implement workflows for user provisioning, deprovisioning, and role management.

• Troubleshoot and resolve IAM and PAM-related issues.

Collaboration and Leadership

• Collaborate with IT, security, and compliance teams to design and implement IAM and PAM strategies.

• Act as a subject matter expert on CyberArk and IAM technologies, providing training and mentorship to team members.

• Ensure alignment of IAM solutions with organizational security and compliance requirements.

• Represent the IAM function during audits, assessments, and stakeholder discussions.

Disclaimer:

The above statements are intended to describe the general nature and level of work being performed by employees assigned to this classification. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of employees assigned to this position. Avantor is proud to be an equal opportunity employer.

Why Avantor?

Dare to go further in your career. Join our global team of 14,000+ associates whose passion for discovery and determination to overcome challenges relentlessly advances life-changing science.
 
The work we do changes people's lives for the better. It brings new patient treatments and therapies to market, giving a cancer survivor the chance to walk his daughter down the aisle. It enables medical devices that help a little boy hear his mom's voice for the first time. Outcomes such as these create unlimited opportunities for you to contribute your talents, learn new skills and grow your career at Avantor.
 
We are committed to helping you on this journey through our diverse, equitable and inclusive culture which includes learning experiences to support your career growth and success. At Avantor, dare to go further and see how the impact of your contributions set science in motion to create a better world. Apply today!

Pay Transparency:

The expected pre-tax pay for this position is

Actual pay may differ depending on relevant factors such as prior experience and geographic location.

EEO Statement:

We are an Equal Employment/Affirmative Action employer and VEVRAA Federal Contractor. We do not discriminate in hiring on the basis of sex, gender identity, sexual orientation, race, color, religious creed, national origin, physical or mental disability, protected Veteran status, or any other characteristic protected by federal, state/province, or local law.

If you need a reasonable accommodation for any part of the employment process, please contact us by email at recruiting@avantorsciences.com and let us know the nature of your request and your contact information. Requests for accommodation will be considered on a case-by-case basis. Please note that only inquiries concerning a request for reasonable accommodation will be responded to from this email address.

For more information about equal employment opportunity protections, please view the Know Your Rights poster.

3rd Party Non-Solicitation Policy:

By submitting candidates without having been formally assigned on and contracted for a specific job requisition by Avantor, or by failing to comply with the Avantor recruitment process, you forfeit any fee on the submitted candidates, regardless of your usual terms and conditions. Avantor works with a preferred supplier list and will take the initiative to engage with recruitment agencies based on its needs and will not be accepting any form of solicitation.

Avantor offers a comprehensive benefits package including medical, dental, and vision coverage, wellness programs, health savings and flexible spending accounts, a 401(k) plan with company match, and an employee stock purchase program. Employees also receive 11 paid holidays, accrue 18 PTO days annually, are eligible for volunteer time off and 6 weeks of 100% paid parental leave (except in states that offer paid family leave). These benefits may not apply to employees covered by a collective bargaining agreement or those subject to other eligibility rules.