“We are always looking to meet people who share our purpose and values. This posting aims to build connections with talent interested in future opportunities at Sandoz. While there may not be an immediate opening, we review applications regularly and will reach out when a role aligns with your profile”.
IAM Engineer
Sandoz continues to go through an exciting and transformative period as a global leader and pioneering provider of sustainable Biosimilar and Generic medicines. As we continue down this new and ambitious path, unique opportunities will present themselves, both professionally and personally. Join us, the future is ours to shape!
Job Purpose
As part of the Identity and Access Management global team, you will be onboarded in the Privileged Access Management team as a CyberArk Engineer. This role will focus on technical PAM implementation and processes improvement for IT and OT environments, configurations and architecture of the CyberArk Privileged Cloud, CCP, SIA, as well as other CyberArk components.
Major Accountabilities
- Operating global Privileged Access Management services (PAM) based on CyberArk Privilege Cloud, Alero, CCP, SIA/DPA, among others.
- Scripting development to streamline and automate onboarding processes for interactive and non-interactive accounts.
- Drawing up design and architecture documents for any integration related to CyberArk PAM (e.g.: URS, blueprints).
- Engagement in the elaboration of procedures such as disaster recovery, break-the glass or emergency procedures.
- CyberArk third-party systems integration, as SailPoint IDN, ServiceNow, SIEM…Usage of CyberArk API REST.
- Development of a reporting framework based on Power BI, which consumes consolidated information from both CyberArk and other external sources (Splunk, Sentinel), to report CyberArk usage, compliance, etc.
- Definition and development of privileged accounts Discovery procedure, using outside sources and CyberArk capabilities.
- Suggest industry PAM best practices to be included in design.
- Lead meetings for gathering requirements to onboard new accounts or systems with application owners.
- Non-OOTB accounts management through CPM plugins development and PSM connectors.
- Providing support to Delinea Server Suite team (aka Centrify), to manage Linux systems and accounts.
- Fulfilling requests for connecting new target systems, onboarding accounts, enable user mass enablement
- Engagement in relevant working groups with application owners to identify business needs and announce upcoming changes in alignment with the Privileged Access Management.
- Identifying and implementation PAM improvement measurements.
- Knowledge of CyberArk server patching, limitations or requirements to be considered in this activity.
- Ensuring compliance with relevant guidelines and policies
- Providing user trainings and support 3rd level incidents and requests. Manage troubleshooting that may require knowledge of Windows, Unix, AD, DB or other systems.
- Keeping existing documentation up to date
Ideal Background
Education
- University degree or equivalent experience in computer science, engineering or information technology or another relevant field
- CyberArk trainings and certifications
- Certification or accreditation in Information Security (CISM, CISA, CISSP, MS Azure, Active Directory, etc.) is a plus
Experience And Skills
- At least 5 years of experience in PAM domain; including more than 3 years of experience in CyberArk solution.
- Deep knowledge and expertise with CyberArk solutions, installation, configuration, and management within both IT and OT environments
- Solution design, architecture, and configuration knowledge of PAM and secret management use cases such as credential autorotation, check-out/ check-in, session management, monitoring, API based integrations, service account management, CCP, DPA, etc.
- Delinea Server Suite (aka Centrify) knowledge is a plus
- Excellent troubleshooting and problem-solving skills, with the ability to address complex security incidents and implement effective solutions.
- Demonstrated experience in CyberArk integrations
- Familiarity with regulatory requirements and best practices related to PAM, and experience in conducting security audits and ensuring compliance. Certifications in CISSP Or SSCP would be an advantage.
- Windows, Linux, Active Directory, Entra ID system knowledge to be able to troubleshoot accounts integration in PAM.
- Strong written and verbal communication skills, with the ability to effectively communicate technical concepts to both technical and nontechnical stakeholders.
- An entrepreneurial mindset driven by curiosity, continuous improvement, and interest in technical advancements and IAM / PAM trends
Why Sandoz?
Generic and Biosimilar medicines are the backbone of the global medicines industry. Sandoz, a leader in this sector, provided more than 900 million patient treatments across 100+ countries in 2024 and while we are proud of this achievement, we have an ambition to do more!With investments in new development capabilities, production sites, new acquisitions, and partnerships, we have the opportunity to shape the future of Sandoz and help more patients gain access to low-cost, high-quality medicines, sustainably.Our momentum is powered by an open, collaborative culture driven by our talented and ambitious colleagues, who, in return for applying their skills experience an agile and collegiate environment with impactful, flexible-hybrid careers, where diversity is welcomed and where personal growth is supported!
#Sandoz
