Business Title Application Engineering Technical Lead - II

About The Position

Requirements

• 7+ years TL experience, including 3+ years leading technical delivery or a platform engineering squad.
• Expert troubleshooting across Windows and Linux, including credential flows, session brokering, networking, DNS/Kerberos/LDAP, and endpoint agents.
• PowerShell development : modules, robust error handling, logging/telemetry, parallelization, and secure secret handling.
• GitHub : Actions/workflows, environment protection rules, reusable workflows, code reviews, and artifact/version management.
• AWS : Practical experience with EC2 and OS‑level onboarding (Windows & Linux), SSM/Run Command/Session Manager, tagging/auto‑onboarding patterns, VPC/security group fundamentals.
• Strong understanding of CyberArk components (PVWA, CPM, PSM, EPM/Endpoint Privilege Management), policy design, platform plug‑ins, and API usage.
• Proven ability to write clear runbooks/SOPs , influence architecture decisions, and lead incident bridges.

Nice To Haves

• Python for REST/API integrations, data shaping, and service utilities.
• Experience with secrets management for apps/automation (e.g., Secrets Manager/API‑based retrieval).
• IaC exposure (CloudFormation or Terraform) for PAM‑adjacent infrastructure.
• Familiarity with logging/observability stacks (CloudWatch, Splunk) and SIEM integrations for PAM events.

Responsibilities

• Serve as the technical owner for the CyberArk PAM platform (e.g., PVWA, PSM, CPM, CCP, REST APIs), setting technical direction, prioritizing work, and guiding a small squad of PAM engineers.
• Translate risk, compliance, and audit requirements into secure, reliable designs , standards, and runbooks; review and approve platform changes.
• Design, implement, and optimize platform policies, platforms, safes, rotations, and reconciliation ; automate repeatable tasks using PowerShell (preferred) and Python (nice to have).
• Build and maintain GitHub‑based CI/CD (Actions/workflows) to version, test, and deploy CyberArk configuration-as‑code and custom utilities; enforce branching and code‑review standards.
• Integrate PAM with AWS (with emphasis on EC2 , Windows and Linux hosts): onboard privileged accounts and secrets, and harden session flows (PSM/PSMP).
• Champion JIT privileged access patterns for cloud and on‑prem, minimizing standing privilege while preserving operational velocity.
• Own incident response and problem management for PAM: lead major incident bridges, perform root cause analysis, and implement corrective/preventive actions.
• Define and track SLAs(e.g., vault availability, checkout/rotation success, PSM session health, onboarding cycle time); build dashboards and actionable alerts.
• Ensure adherence to internal SOPs and user procedures for PAM operation and access hygiene, Partner with Audit, Risk, and Security Engineering to evidence controls, complete assessments, and pass audits without exceptions.
• Collaborate with platform, app, and infrastructure owners to onboard use cases, plan releases, and communicate changes.
• Coach and upskill engineers in PAM concepts, secure automation, and operational excellence.

Benefits

• comprehensive health and wellness care
• work-life balance
• an investment in your future