Location: Anywhere in Country

At EY, we’re all in to shape your future with confidence.

We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world.

In an ever-evolving IT landscape, EY stands as a beacon of trust for clients across diverse industries seeking reliable solutions to address their intricate risks and vulnerabilities. As a vital member of our Identity and Access Management (IAM) team, you will play a central role in achieving this objective by empowering clients to comprehend and navigate their complex Enterprise Identity environments. Your expertise will be instrumental in evaluating, enhancing, and devising innovative solutions, processes, and policies to cater to each client's unique IAM requirements. This is an opportunity to leverage both your technical prowess and business acumen to drive our mission and make a significant impact on global cybersecurity.

The Opportunity
We currently offer an exciting career opportunity for a Senior Consultant responsible for supporting the design, engineering, maintenance, and troubleshooting of a diverse range of privilege and secret management solutions across the IAM spectrum. Collaborating with esteemed and innovative professionals in the cybersecurity industry, you will have the opportunity to learn and apply cutting-edge tools and techniques to address some of the most relevant and pressing security challenges in the world.

At our core, our IAM services play a pivotal role in assisting our clients to align security management strategy with business goals. This involves managing access to resources and services, as well as enforcing business, privacy, and security policies. With the support of strategic alliances with third-party vendors, our experienced professionals offer a comprehensive suite of services, including strategy, assessment, testing, and implementation of IAM solutions.

Your Key Responsibilities

• Support the development of privilege and secret access management controls (Cyber Ark, Beyond Trust, Hashi Corp, and Delinea solutions).

• Assist in the design and implementation of privileged access and secret management solutions.

• Participate in requirement gathering and definition of use cases at the enterprise level for privilege and secret management.

• Configure and optimize discovery tools for privilege accounts, services, SSH keys, and tasks (Cyber Ark, Hashi Corp, Delinea, Beyond Trust), including auto-detection and auto-onboarding.

• Support onboarding target systems such as Windows, Linux, and Unix accounts, databases (Oracle, MS SQL, Redis cache), and integration of DevOps solutions (Ansible, Puppet, Jenkins, Kubernetes, OpenShift, GitHub, GitLab, Docker).

• Demonstrate knowledge of modern cloud vaults such as AWS Secret Manager and Azure Key Vault.

• Assist in defining and implementing vaulting, rotation, and heartbeat policies for human and non-human identities; enable SSH key and password rotation, check-out/check-in, dual control, and break-glass.

• Participate in the self-service design and implementation of privilege or secrets life cycle management using enterprise identity governance solutions (creation, management, certification, deletion).

• Contributes to the development and establishment of governance processes for non-human identity management.

• Support the development of policies for endpoint management solutions including Windows workstations, Mac OS, Linux, and Unix servers.

Skills and Attributes for Success

• Proven experience in integrating, deploying, and configuring PAM and Secret Management technologies, with a strong focus on Cyber Ark (vault, privilege cloud, secure, infrastructure, Endpoint Access Management, and Conjur) and familiarity with other IAM solutions like Saviynt, Sail Point, Entra.

• In-depth knowledge of privilege access management frameworks, and the ability to offer guidance on their integration into existing applications.

• Practical expertise in developing Cyber Ark technology tech stack, Hashi Corp Vault, Beyond Trust, and Delinea experience.

• Proficiency in implementing, managing, and maintaining enterprise-level privilege access management and secret management tools.

• Solid understanding of enterprise directory services such as Active Directory, Azure AD, and LDAP, as well as experience in implementing MFA and SSO solutions.

• Strong problem-solving and analytical skills, with the ability to translate business requirements into technical specifications and execute technical deliveries effectively.

• A track record of delivering high-quality client services and work products within expected timeframes.

• Excellent documentation skills, including the creation of procedures, process documentation, and user documentation related to IAM applications.

To Qualify for the Role, You Must Have

• A bachelor's degree in a related field and approximately 4–6 years of related work experience; or a graduate degree and approximately 2–4 years of related work experience.

• Experience with PAM architecture and development within Cyber Ark, Hashi Corp, or other PAM solutions.

• Hands-on experience with Cyber Ark Conjur and Hashi Corp Vault usage and functionality.

• A valid driver's license in the US and/or a valid passport; willingness and ability to travel.

Ideally, You’d Also Have

• Professional certifications in Identity & Access Management, such as CISSP, CISM, or specific vendor certifications like Cyber Ark CDE, Hashi Vault Certified Implementation Engineer.

• Familiarity with additional IAM technologies and tools, including Sail Point, Forge Rock, Ping Identity, RSA, etc.

• Knowledge of cloud-based IAM solutions and experience working with cloud platforms like AWS, Azure, or Google Cloud.

• Understanding of regulatory compliance frameworks and industry standards related to IAM, such as GDPR, HIPAA, NIST, or ISO 27001.

• Prior experience in providing PAM services to clients from various industries, demonstrating versatility and adaptability in addressing diverse IAM challenges.

• Strong interpersonal and communication skills, with the ability to collaborate effectively with clients and cross-functional teams to present solution designs, options, and innovations.

What We Look For
We’re interested in intellectually curious people with a genuine passion for cybersecurity. With your broad exposure across IAM, we’ll turn to you to speak up with innovative new ideas that could make a lasting difference not only to us – but also to the industry at large. If you have the confidence in both your presentation and technical abilities to grow into a leading expert here, this is the role for you.

What we offer you
At EY, we’ll develop you with future-focused skills and equip you with world-class experiences. We’ll empower you in a flexible environment, and fuel you and your extraordinary talents in a diverse and inclusive culture of globally connected teams. Learn more.

• We offer a comprehensive compensation and benefits package where you’ll be rewarded based on your performance and recognized for the value you bring to the business. The base salary range for this job in all geographic locations in the US is $106,800 to $194,800. The base salary range for New York City Metro Area, Washington State and California (excluding Sacramento) is $128,000 to $221,500. Individual salaries within those ranges are determined through a wide variety of factors including but not limited to education, experience, knowledge, skills and geography. In addition, our Total Rewards package includes medical and dental coverage, pension and 401(k) plans, and a wide range of paid time off options.

• Join us in our team-led and leader-enabled hybrid model. Our expectation is for most people in external, client serving roles to work together in person 40-60% of the time over the course of an engagement, project or year.

• Under our flexible vacation policy, you’ll decide how much vacation time you need based on your own personal circumstances. You’ll also be granted time off for designated EY Paid Holidays, Winter/Summer breaks, Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.

Are you ready to shape your future with confidence? Apply today.
EY accepts applications for this position on an on-going basis.

For those living in California, please click here for additional information.

EY focuses on high-ethical standards and integrity among its employees and expects all candidates to demonstrate these qualities.

EY | Building a better working world

EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets.

Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow.

EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.

EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, pregnancy, genetic information, national origin, protected veteran status, disability status, or any other legally protected basis, including arrest and conviction records, in accordance with applicable law.

EY is committed to providing reasonable accommodation to qualified individuals with disabilities including veterans with disabilities. If you have a disability and either need assistance applying online or need to request an accommodation during any part of the application process, please call 1-800-EY-HELP3, select Option 2 for candidate related inquiries, then select Option 1 for candidate queries and finally select Option 2 for candidates with an inquiry which will route you to EY’s Talent Shared Services Team (TSS) or email the TSS at ssc.customersupport@ey.com.