Expert IT Product Specialist - Privileged Access Management

Requisition ID # 147250 

Job Category: Information Technology 

Job Level: Individual Contributor

Business Unit: Information Technology

Work Type: Hybrid

Job Location: Auburn

Department Overview

The Cybersecurity Services department serves as the centralized cybersecurity technology infrastructure operating arm of Cybersecurity and undertakes a variety of activities focused on securing PG&E’s network, systems, and data. The Cybersecurity Services is primarily tasked with operating and maintaining PG&E’s privileged access and security technology infrastructure to ensure the safe and reliable operation of PG&E’s cyber security tools and systems within an enterprise-wide setting while ensuring that the deployment of tools as well as their scope is appropriately managed. The Cybersecurity Services department supports projects during the project/software life cycle for PG&E’s standard security solutions to ensure that operation requirements are met. PG&E's Cybersecurity Services, Identity and Access Management Team supports technologies that provide identity life cycle, authentication, and role-based access to our systems.

Position Summary

We are seeking an Expert IT Security Product Specialist in PG&E’s Identity and Access Management team. The role of this position is to provide support for our privileged access and password management tool, and related privileged access management technologies. The successful candidate will provide project consultation, solution deliverables, product documentation, and support on technology product lines, and/or technology service offerings managed by Cybersecurity. The successful candidate will maintain vendor relationships to ensure technical performance requirements, for both new and legacy systems, are met and will be responsible for the product’s existing maintenance contracts and/or license compliance, partnering with projects on requests for new product contracts and licenses.

This position is hybrid, working from your remote office and your assigned work location based on business need. The assigned work location will be within the PG&E Service Territory.

PG&E is providing the salary range that the company in good faith believes it might pay for this position at the time of the job posting. This compensation range is specific to the locality of the job. The actual salary paid to an individual will be based on multiple factors, including, but not limited to, specific skills, education, licenses or certifications, experience, market value, geographic location, and internal equity.

A reasonable salary range is:

Bay Area Minimum: $126,000

Bay Area Maximum: $200,000

&/OR

California Minimum: $120,000

California Maximum: $190,000

Job Responsibilities

• Product Management & Operations: Administration and support of Beyond Trust Password Safe in either a primary or secondary capacity depending on the product and the experience level of the successful candidate.
• IT Product Analysis: Collaborate and confer with the accountable planning organization to develop the technical and business strategic vision and how it applies to the targeted products or services. Understand the product positioning, key benefits, and target users. Gather and analyze changing business and user requirements. In partnership with the planning organization, research new market technologies and make recommendations based on the Company’s future business needs and processes.
• Product Lifecycle: Manage the continuous product lifecycle from research, planning and implementation to retirement, including cost management. Introduce new innovative solutions, create support structure, and integrate product with company standards. Involved in the implementation, including installation, testing, communicating, and documenting of the product. Advocates and communicates key messages and strategies, promotes the product, educates, and trains support staff.
• Solution Design: Interface with internal IT stakeholders to understand and analyze a project’s business and technical requirements. Have the ability to translate requirements into a detailed solution design leveraging the targeted IT products or services for teams to be able to properly deploy and implement. Be familiar with IT planning methodologies. Be able to provide accurate project timelines, labor cost estimates and equipment cost estimates to the project. Have the ability to manage multiple assigned projects.
• Capacity Planning: Manage the enterprise-wide technical capacity for the targeted IT products or services. Work with projects to determine the best use of existing capacity for resource allocation. Partner with key stakeholders to determine and understand future capacity requirements. Analyze areas of opportunities to optimize costs of IT products or services. Engage with the product’s vendor to manage the process to request additional units including working with projects needing new product contracts and licenses. Perform contract management and be responsible for understanding and complying with the product’s existing maintenance contracts and/or licenses.
• Provide operational support and work Incidents, Work Orders and Change Control (BMC Remedy)
• Participate in an On-Call rotation (24x7)
• Support: Work closely with IT professionals to troubleshoot and resolve issues. Drive conventions and standards (such as usage or configuration) across products to maximize user experience. In the absence of a third-tier support specialist, perform the role of third-tier support to other IT professionals.
• Vendor Technical Liaison: Participate in business, technical, and contract negotiations with vendors. Act as a conduit for vendor relationship, licensing, and incident management. Be an advocate for business unit and IT operational clients to ensure business requirements are cost effective and needs are met. Provide budget support to IT professionals and stakeholders.
• Documentation: Develops a variety of documentation such as strategies, plans, designs, usage or configuration standards, policies, guidelines, user requirements, roadmaps, reports, metrics, process manuals, configuration manuals, and other documentation specific and necessary for the targeted product or service.

Qualifications

Minimum:

• Bachelor’s degree in computer science, Engineering, or equivalent work experience
• 8 Years experience in Cyber Security or Information Technology
• 3 years focus in Privileged Access Management

Desired:

• Master’s degree in computer science, or Information Security or similar field; or equivalent experience
• Demonstrated experience with Identity and Access Management technologies
• Demonstrated experience with managing, maintaining, and supporting a Privileged Access Management tool at an enterprise level
• Experience with Provisioning and password safe tools such as Beyond Trust Password safe, Powerbroker for Windows.
• Experience with Privileged Access Management Processes including on-boarding, account management, password rotation, password safe policies, and account brokering for Windows policies.
• Strong knowledge of Windows servers and workstations
• Strong knowledge of Windows workstations
• Familiarity with SSH key management
• Strong knowledge of Active Directory and other LDAP directories
• Experience with Multi-factor authentication such as RSA SecurID
• Understanding of Public Key Infrastructure (PKI)
• Understanding of role-based access controls (RBAC)
• Ability to reverse engineer technology & configuration for troubleshooting.

Knowledge, Skills, and Abilities:

• Strong written and good oral communication, ability to document diagrams and business cases, and collaboration skills.
• Demonstrated ability to work both as an individual contributor and in a team environment
• Proven customer facing skills and the ability to effectively communicate at both a high-level and a technical level
• Security minded and ability to handle evidence containing sensitive information
• Strong understanding of information security fundamentals, concepts, and strategy
• Understanding of modern role-based access and delegation security models 
• Understanding of risk assessment and analysis
• Understanding of SOX and/or other compliance framework requirements and evidence gathering
• Excellent written and verbal communications skills
• Demonstrated technical knowledge of and direct experience working with the following technologies:
  • Password Vaulting
  • Windows Servers
  • Windows Workstations
  • Active Directory
  • Group Policy Management
  • Heterogenous Authentication