Vanguard

Application Engineering Technical Lead – II

Vanguard

full-time

Posted on:

Location Type: Hybrid

Location: MalvernNorth CarolinaPennsylvaniaUnited States

Visit company website

Explore more

AI Apply
Apply

Job Level

Senior

Tech Stack

AWSDNSEC2LinuxPythonVault

About the role

  • Serve as the technical owner for the CyberArk PAM platform (e.g., PVWA, PSM, CPM, CCP, REST APIs), setting technical direction, prioritizing work, and guiding a small squad of PAM engineers
  • Translate risk, compliance, and audit requirements into secure, reliable designs, standards, and runbooks; review and approve platform changes
  • Design, implement, and optimize platform policies, platforms, safes, rotations, and reconciliation; automate repeatable tasks using PowerShell (preferred) and Python (nice to have)
  • Build and maintain GitHub‑based CI/CD (Actions/workflows) to version, test, and deploy CyberArk configuration-as‑code and custom utilities; enforce branching and code‑review standards
  • Integrate PAM with AWS (with emphasis on EC2, Windows and Linux hosts): onboard privileged accounts and secrets, and harden session flows (PSM/PSMP)
  • Own incident response and problem management for PAM: lead major incident bridges, perform root cause analysis, and implement corrective/preventive actions
  • Define and track SLAs (e.g., vault availability, checkout/rotation success, PSM session health, onboarding cycle time); build dashboards and actionable alerts
  • Ensure adherence to internal SOPs and user procedures for PAM operation and access hygiene, Partner with Audit, Risk, and Security Engineering to evidence controls, complete assessments, and pass audits without exceptions
  • Collaborate with platform, app, and infrastructure owners to onboard use cases, plan releases, and communicate changes
  • Coach and upskill engineers in PAM concepts, secure automation, and operational excellence.

Requirements

  • 7+ years TL experience, including 3+ years leading technical delivery or a platform engineering squad
  • Expert troubleshooting across Windows and Linux, including credential flows, session brokering, networking, DNS/Kerberos/LDAP, and endpoint agents
  • PowerShell development: modules, robust error handling, logging/telemetry, parallelization, and secure secret handling
  • GitHub: Actions/workflows, environment protection rules, reusable workflows, code reviews, and artifact/version management
  • AWS: Practical experience with EC2 and OS‑level onboarding (Windows & Linux), SSM/Run Command/Session Manager, tagging/auto‑onboarding patterns, VPC/security group fundamentals
  • Strong understanding of CyberArk components (PVWA, CPM, PSM, EPM/Endpoint Privilege Management), policy design, platform plug‑ins, and API usage
  • Proven ability to write clear runbooks/SOPs, influence architecture decisions, and lead incident bridges.
Benefits
  • comprehensive health and wellness care
  • work-life balance
  • investment in your future
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
PowerShellPythonGitHub ActionsAWSCyberArkWindowsLinuxAPI usageincident responsetroubleshooting
Soft Skills
technical leadershipcoachingcommunicationcollaborationproblem managementinfluencedesign reviewrisk assessmentoperational excellenceroot cause analysis