Associate Principal, Security Engineering - PAM

Who We Are
About Us
The Options Clearing Corporation (OCC) is the world's largest equity derivatives clearing organization. Founded in 1973, OCC is dedicated to promoting stability and market integrity by delivering clearing and settlement services for options, futures and securities lending transactions. As a Systemically Important Financial Market Utility (SIFMU), OCC operates under the jurisdiction of the U.S. Securities and Exchange Commission (SEC), the U.S. Commodity Futures Trading Commission (CFTC), and the Board of Governors of the Federal Reserve System. OCC has more than 100 clearing members and provides central counterparty (CCP) clearing and settlement services to 19 exchanges and trading platforms. More information about OCC is available at www.theocc.com.
What We Offer
A highly collaborative and supportive environment developed to encourage work-life balance and employee wellness. Some of these components include:
A hybrid work environment, up to 2 days per week of remote work
Tuition Reimbursement to support your continued education
Student Loan Repayment Assistance
Technology Stipend allowing you to use the device of your choice to connect to our network while working remotely
Generous PTO and Parental leave
Competitive health benefits including medical, dental and vision
Summary
As a member of the Secrets and Privileged Access Management team you are responsible for applying skills and knowledge to perform functions for Privileged Access and Secrets Management solutions, Hardware security modules (HSMs), and encryption practices. You must ensure to take a security first approach when deploying or integrating Secrets Management, PKI, Sessions Management, or authentication integrations under the team's purview using agile methodology.
Primary Duties and Responsibilities:
To perform this job successfully, an individual must be able to perform each primary duty satisfactorily.

• Design, document, deploy, and support PAM solutions supporting vaulting, session management, hardcoded credential removal, and support integrations with PAM solution for secure secrets management supporting app-to-app communication.
• Design, document, develop, and support PAM integrations to support automated password rotations and establishing secure sessions through jump host solution.
• Design, document, implement, and maintain our Certificate Authority PKI infrastructure.
• Ensure certificates are correctly issued, renewed, and revoked as necessary.
• Implement and manage certificate templates and revocation configurations.
• Implement, configure, and maintain HSMs to support PKI operations.
• Work with vendors to ensure systems are patched and up to date.
• Address and troubleshoot issues related to PAM, PKI, and HSM solutions.
• Implement and manage encryption tools and software.
• Ensure team solutions are monitored following best practice.
• Proficient in using scripting and automation skills to convert manual maintenance and audit functions into orchestrated automation.
• Track and execute work following agile best practices with self-motivation to bring a task from ideation to implementation.
• Ability to operate in a highly regulated complex operational environment and collaborate with internal SMEs required to maintain and mature the PAM program.
• Document, review, and update run books supporting Secrets and Privileged Access Management solutions.
• Develop and maintain encryption standards, practices, and solutions.
• Develop and maintain documentation related to PAM policies, procedures, and configurations.

Supervisory Responsibilities:

• NA

Qualifications:
The requirements listed are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the primary functions.

• Experience with enterprise PAM tools and technologies such as various CyberArk and HashiVault components and underlying infrastructure supporting those technologies.
• Experience with various integration techniques for Secrets Management and Privileged Management to target systems such as databases, directories, and applications.
• Experience with Microsoft certificate authority PKI infrastructure.
• Experience with hardware security modules (HSMs).
• Experience with Python, Ansible, Terraform, and YAML packages.
• Requires in-depth knowledge of PAM and Secrets Management best practices.
• Requires in-depth knowledge of encryption algorithms, protocols, and best practices.
• Working knowledge of system monitoring techniques and tooling.
• Working knowledge of the cloud ecosystem and CI/CD deployments with Terraform, Ansible, and Jenkins pipelines.
• 7+ years of experience with PAM tools and technologies.
• 3+ years of experience in PKI infrastructure including Microsoft Certificate Authority.
• Bachelor's degree in computer science, Information Technology, or related field.

Technical Skills:

• Hands on deployment, management, and troubleshooting experience with HSMs, MS PKI, HashiCorp Vault, and all CyberArk components (AIM, PSM/P, PVWA, CPM, VAULT).
• Hands on experience leveraging APIs.
• Knowledge of cryptographic operations, secure key storage, and key lifecycle management with HSM and encryption tools.
• Knowledge of end-to-end encryption, data at rest, and data in transit protection methodologies.
• Ability to interpret logs and events related to PKI, HSMs, encryption, and PAM activities.

Education and/or Experience:

• 7+ years of experience with security engineering activities and testing.
• 7+ years of experience with privileged access management platforms.
• 3+ years of experience with HSM, PKI, Microsoft Certificate Authority.
• 2+ years of experience with DevOps/DevSecOps (e.g., GitOps, Version Control, RESTful APIs)
• 2+ years of experience with cloud architecture and deployments.

Certificates or Licenses:

• CyberArk Defender, Sentry, or Guardian
• HashiCorp Certified: Terraform Associate
• HashiCorp Certified: Vault Associate
• Certification Information Systems Security Professional (CISSP)
• AWS Certified Security Specialty
• CompTIA Security+
• Microsoft Certified: Security Engineer Associate

Step 1
When you find a position you're interested in, click the 'Apply' button. Please complete the application and attach your resume.
Step 2
You will receive an email notification to confirm that we've received your application.
Step 3
If you are called in for an interview, a representative from OCC will contact you to set up a date, time, and location.
For more information about OCC , please click here .
OCC is an Equal Opportunity Employer