Apply on Employer Site

Moderna · 2 days ago

PAM Senior Engineer

Cambridge, MA

Full-time

Onsite

Senior Level

$146K/yr - $234K/yr

6+ years exp

Moderna is a leading company in mRNA technology, focused on innovative medicine solutions. The PAM Senior Engineer will advance and scale the Privileged Access Management program, primarily working with CyberArk’s SaaS solutions, and will be responsible for designing and implementing policies to enforce least privilege and manage privilege elevation.

BiotechnologyGeneticsHealth CareMedicalPharmaceuticalTherapeutics

Comp. & Benefits

No H1B

U.S. Citizen Only

Responsibilities

Develop, tune, and oversee EPM policies—including least privilege access, elevation rules, application control, and credential theft protection—for Windows and macOS endpoints. Collaborate with various IT and Security teams to ensure effective management of EPM strategies

Plan and drive EPM agent rollout, versioning, and health monitoring; define KPIs (e.g., % endpoints least-privileged, elevation blocks, help-desk friction)

Collaborate with different business and application teams to identify EPM policies that can be implemented within an established timeframe. This process may include input from business, laboratory/manufacturing, IT stakeholders, and subject matter experts

Operate & enhance Privilege Cloud: manage connectors and high availability, platform configuration, upgrades, and access workflows with minimal downtime

Implement CyberArk’s discovery service to expand account/secret coverage; schedule scans, deduplicate results, and manage onboarding of accounts (including interviews and data collection) using a logical design framework

Deploy, operate, and support Workforce Password Management (WPM) to provide secure storage and sharing of workforce and business credentials, and enable integration with privileged cloud systems and other relevant tools as needed

Adopt Secure Infrastructure Access (SIA) for privileged sessions; determine PSM vs. SIA usage; manage connectors and access policies

Evaluate solutions for CI/CD, containers, and machine identities; perform application integration assessments and provide practical guidance (e.g., GitHub Actions/Azure DevOps); build automation and reporting (preferred, not required) using REST/JSON APIs, PowerShell/Python, or IaC tools (e.g., Terraform) to reduce manual work

Collaborate with business units and engineering teams (Endpoint, Cloud/Platform, App, SecOps, Governance) to articulate requirements and translate them into designs, runbooks, and clear documentation/training; ensure PAM standards and policies are followed

Develop and maintain architecture/standards, implementation designs, end-user documentation, and training materials

Maintain audit-ready evidence; plan and participate in disaster recovery, capacity planning, performance monitoring, and maintenance to ensure high availability; support incident response for privilege-related events

Analyze the PAM environment and drive continuous improvement with clear outcomes (e.g., reduce local admin rights from X%→Y%, raise Discovery coverage to N%, route Z% of privileged sessions via SIA, keep break-glass MTTR - Create, regularly review, and enhance PAM policies, standards, and procedures to meet security and compliance requirements

Stay current with industry trends and emerging technologies to keep the IAM strategy effective and up to date

Provide 24×7 support as needed for emergency situations and planned maintenance activities

Qualification

CyberArkEndpoint Privilege ManagerPrivileged Access ManagementAWSAzureDevOpsSaaSPowerShellPythonTerraformLinuxMacOSWindowsCISSPCISMCISA

Required

Bachelor's degree in a technical discipline or commensurate practical experience

6+ years in technology with 3+ years in the general field of identity & access management (PAM experience qualifies); 2+ years operating CyberArk Privilege Cloud in production (connectors, HA/upgrades, change control)

3+ years hands-on, direct experience with Endpoint Privilege Manager (EPM): least-privilege policy design, elevation rules, application control, credential-theft protections for Windows/macOS

Hands-on experience with DevOps and Agile methodologies, including implementation and administration of CyberArk's secret management technologies such as Credential Provider, Secrets Hub and Conjur (Cloud or Enterprise)

Practical use of SaaS Discovery for accounts/secrets and streamlined onboarding flows

Solid fundamentals across Windows, Linux, and MacOS administration and cloud (AWS/Azure) integrations relevant to PAM

Preferred

Clear, concise written and verbal communication for designs, runbooks, and stakeholder updates

Demonstrated expertise in Privileged Access Management principles, best practices, and technologies, including JIT access, least-privilege, and dynamic privilege models; comprehensive familiarity with an expanded suite of CyberArk tools such as Discovery, SIA (with an understanding of when to use PSM versus SIA), WPM, and Secrets Hub

Possession of relevant industry certifications (e.g., CISSP, CISM, CISA)

CyberArk certifications (Defender, Sentry, Guardian)

Advanced knowledge of DevOps pipelines and CI/CD solutions, with proven experience in API integration (REST/JSON), web service connectivity, scripting (PowerShell, Python), and Infrastructure as Code (Terraform) for onboarding, rotation, policy management, and reporting

Thorough understanding of Windows, Unix, and macOS operating systems; system administration experience is a plus

Proactive self-starter with exceptional analytical and problem-solving capabilities, adept at working independently and collaboratively within teams, managing multiple simultaneous projects, and consistently meeting established deadlines

Superior communication and interpersonal abilities, including clear technical documentation and effective presentation skills

Extensive understanding of information security and security architecture frameworks, with a strong grasp of security risks and mitigation strategies. Capable of effectively communicating risk and remediation approaches to both technical and non-technical audiences, producing audit-ready evidence, supporting HA/DR initiatives, and expertise in identifying security risks, implementing mitigating controls, and articulating risk across all business levels—from leadership to operations and development teams

Solid background in virtualization and cloud computing, particularly AWS infrastructure and architecture; familiarity with additional cloud platforms such as Azure or GCP is advantageous

Experience working within GxP regulated environments and adhering to applicable compliance requirements

Commitment to fostering continuous improvement and delivering service excellence

A desire to make an impact as part of a high-growth, transformational company that is Bold, Relentless, Curious, and Collaborative