Senior Security Engineer - IAM
Cotiviti · United States · 4 mo ago
RemoteRemoteEngineering$120k–$150k/yrFull-time
Responsibilities
- Administer day-to-day Delinea operations—tenant configuration, discovery, onboarding, policy management, upgrades/patching, backups, and health monitoring—to ensure availability and performance.
- Integrate Delinea with enterprise identity, endpoint, and security tooling (e.g., AD/Azure AD, SSO/MFA, SIEM, ITSM) and automate onboarding/rotation/workflows using APIs and scripting.
- Implement privileged access controls (least privilege, JIT/JEA, session controls, credential rotation) and produce audit-ready evidence aligned to internal standards and frameworks (e.g., SOX, PCI, ISO 27001).
- Support & Troubleshooting: Lead triage and resolution of PAM issues across agents, connectors, network paths, authentication flows, and platform services, performing root-cause analysis and preventive remediation.
- Create and maintain operational runbooks, architecture diagrams, and configuration standards while training administrators and stakeholders to ensure consistent, scalable PAM operations.
Qualifications
- Bachelor’s degree in technology discipline or equivalent professional experience.
- 5+ years of experience in Privileged Access Management or related security roles.
- Relevant Security certifications (e.g., CISSP, CISM, CIAM) preferred.
- Delinea Platform Expertise: Hands-on engineering with Delinea components such as Secret Server (vaulting/rotation/workflows), Privilege Manager (endpoint least-privilege), and related connectors/agents, including upgrades, migrations, and performance tuning.
- Enterprise Infrastructure & Platforms: Strong administration and integration experience across Windows Server/Workstations, Linux (e.g., RHEL/Ubuntu), Active Directory/GPO, and virtualization platforms to onboard and manage privileged accounts at scale.
- Security & Authentication Technologies: Deep understanding of authentication/authorization and identity protocols—Kerberos/NTLM, LDAP/LDAPS, SAML/OIDC, RADIUS/TACACS+, PKI/certificates, and MFA—used to secure PAM access paths and admin workflows.
- Scripting & Automation: Ability to automate PAM lifecycle tasks (discovery, onboarding, credential rotation, reporting) using PowerShell/Python and Delinea REST APIs, including error handling, logging, and idempotent execution.
- Networking & Infrastructure: Proficient in troubleshooting and designing network connectivity for PAM components (DNS, TLS, firewalls/ports, proxies, load balancers) to support secure agent communications and distributed services.
- DevOps & Cloud Technologies: Experience integrating PAM into CI/CD and cloud operations using tools like Git, pipelines, IaC (Terraform/ARM/CloudFormation), and cloud IAM services (Azure/AWS/GCP) to manage privileged access in modern delivery environments.
- Strong analytical, problem-solving, and attention-to-detail skills; works independently with minimal supervision.
- Excellent communication and collaboration skills with IT, security teams, and business units.