PAM Senior Engineer

The Role

You will advance and scale Moderna’s Privileged Access Management (PAM) program with a strong emphasis on Cyber Ark’s SaaS solutions. Your main responsibilities will center on Cyber Ark Endpoint Privilege Manager (EPM) for Windows, Linux (various flavors), and macOS environments. You will design and implement policies that enforce least privilege, manage privilege elevation, enable application control, and protect against credential theft.

In addition, you will oversee and enhance the operation of Privilege Cloud and its SaaS capabilities, including Discovery, Secure Infrastructure Access, Workforce Password Management, and Secrets Hub. While the intended focus of this role is on EPM, you will also be expected to work on Moderna’s other Cyber Ark products as needed. Not all Cyber Ark offerings will have the same emphasis, but the core expected skillset will be with EPM and PAM (pCloud or SIA).

You will drive automation wherever feasible, integrate PAM processes with AWS & Azure services, and establish clear, outcome‑based metrics to measure success. While experience with on‑premises PAM solutions is a plus, hands‑on expertise with Cyber Ark’s SaaS offerings is especially important for this role. Success in this position means delivering precise technical solutions, achieving measurable risk reduction, and maintaining thorough documentation and clear communication with both engineering and business stakeholders.

• Develop, tune, and oversee EPM policies—including least privilege access, elevation rules, application control, and credential theft protection—for Windows and macOS endpoints. Collaborate with various IT and Security teams to ensure effective management of EPM strategies.
• Plan and drive EPM agent rollout, versioning, and health monitoring; define KPIs (e.g., % endpoints least‑privileged, elevation blocks, help‑desk friction).
• Collaborate with different business and application teams to identify EPM policies that can be implemented within an established timeframe. This process may include input from business, laboratory/manufacturing, IT stakeholders, and subject matter experts.
• Operate & enhance Privilege Cloud: manage connectors and high availability, platform configuration, upgrades, and access workflows with minimal downtime.
• Implement Cyber Ark’s discovery service to expand account/secret coverage; schedule scans, deduplicate results, and manage onboarding of accounts (including interviews and data collection) using a logical design framework.
• Deploy, operate, and support Workforce Password Management (WPM) to provide secure storage and sharing of workforce and business credentials, and enable integration with privileged cloud systems and other relevant tools as needed.
• Adopt Secure Infrastructure Access (SIA) for privileged sessions; determine PSM vs. SIA usage; manage connectors and access policies.
• Evaluate solutions for CI/CD, containers, and machine identities; perform application integration assessments and provide practical guidance (e.g., Git Hub Actions/Azure Dev Ops); build automation and reporting (preferred, not required) using REST/JSON APIs, Power Shell/Python, or IaC tools (e.g., Terraform) to reduce manual work.
• Collaborate with business units and engineering teams (Endpoint, Cloud/Platform, App, Sec Ops, Governance) to articulate requirements and translate them into designs, runbooks, and clear documentation/training; ensure PAM standards and policies are followed.
• Develop and maintain architecture/standards, implementation designs, end‑user documentation, and training materials.
• Maintain audit‑ready evidence; plan and participate in disaster recovery, capacity planning, performance monitoring, and maintenance to ensure high availability; support incident response for privilege‑related events.
• Analyze the PAM environment and drive continuous improvement with clear outcomes (e.g., reduce local admin rights from X%→Y%, raise Discovery coverage to N%, route Z% of privileged sessions via SIA, keep break‑glass MTTR < X minutes).
• Create, regularly review, and enhance PAM policies, standards, and procedures to meet security and compliance requirements.
• S…