Job Requirements
Remote
Secret Polygraph not specified
Senior Level Career (10+ yrs experience)
$100,000 - $120,000
Job Description
Want to work with incredibly dynamic teammates that come together to form an exceptionally top-notch team and work remotely? Come join GTOi today!
Secret Clearance required.
We are looking for a CyberArk / ICAM Application Onboarding Engineer to support the US Army Corps of Engineers (USACE) under the Revolutionary Information Technology Services (RITS)/CASTLENET contract.
NOTE: This is a 100% virtual / work from home / remote position; However, travel may be required (up to 10% as needed). This is a TEMPORARY position.
Why should you join the Government Services USACE team?
USACE has a diverse mission supporting vital services throughout the U.S. and operations worldwide. USACE is mostly known for its support of water ways (locks, levees, dams, canals), but it is also involved in a wide variety of support for the DoD and other civil engineering projects.
USACE offers a large network connecting over 1,500 locations, operates two data centers, and supports approximately 37,000 USACE customers working and building infrastructure throughout the world in support of the USACE mission. RITS provides an opportunity to deliver a revolutionary approach for IT services, move additional IT services to the cloud, and streamline end-user support and services while building and maintaining state-of-the-art solutions.
What will you be doing?
Remotely supporting USACE, the CyberArk / ICAM Application Onboarding Engineer will configure current and new applications for onboarding into CyberArk and related ICAM services. This role will partner with application owners, server/database/cloud teams, and security stakeholders to inventory privileged accounts, define onboarding requirements, configure CyberArk Safes, platforms, and session controls, test credential rotation, document integrations, and support transition to production.
Responsibilities:
• Coordinate with application owners to identify dependencies, credential use cases, account ownership, rotation limitations, service restart impacts, break-glass requirements, and application readiness.
• Configure and maintain CyberArk Safes, groups, permissions, platforms, policies, password/credential rotation, reconciliation, verification, and check-in/check-out workflows.
• Configure CyberArk components and integrations such as PVWA, CPM, PSM/PSMP, CyberArk AAM/CCP, and Conjur/Secrets Manager where applicable.
• Assist application teams through SDLC and change-management activities, including requirements gathering, onboarding design, build/configuration, testing, validation, cutover, and production support.
• Replace, reduce, or protect hard-coded, embedded, shared, and unmanaged privileged credentials using CyberArk-approved patterns and ICAM controls.
• Validate application functionality after onboarding, including password rotation, reconciliation, session brokering, application-to-application credential retrieval, audit logging, and rollback procedures.
• Develop and maintain onboarding checklists, runbooks, integration diagrams, Safe/platform standards, user guides, operational procedures, and evidence for ATO, SSP, audit, and compliance needs.
• Troubleshoot CyberArk onboarding and integration issues across Active Directory/LDAP, Windows/Linux servers, databases, web applications, cloud services, and network/security controls.
• Support privileged access lifecycle management, least privilege, segregation of duties, MFA/federation alignment, access reviews, governance, and recertification processes.
• Work with CyberArk, ICAM, security, application, server, database, and cloud teams to remediate technical gaps and ensure secure enterprise adoption.
• Monitor platform health and support day-to-day CyberArk/ICAM administration, incident response, break-fix, patching, and vendor escalation.
• Must be able to travel up to 10% of the time.
Requirements:
• Must have an active Secret Clearance.
• Bachelor's degree and 10 years of IT, cybersecurity, or IAM experience, or 14 years of experience in lieu of degree.
• Must have a current CASP+ or CISSP.
• Minimum 5 years of hands-on CyberArk PAM, CyberArk Privilege Cloud, or CyberArk Core Privileged Access Security experience, including application onboarding and configuration.
• Minimum 10 years of experience with Microsoft Active Directory and directory services, including privileged groups, service accounts, GPOs, LDAPS, Kerberos, and account lifecycle management.
• Experience configuring CyberArk Safes, platforms, CPM rotation/reconciliation, PVWA access, PSM/PSMP session management, and privileged account discovery.
• Experience integrating applications with CyberArk AAM/CCP, Credential Provider, REST APIs, Conjur/Secrets Manager, or equivalent secret-management patterns.
• Identity Management and Authentication/Authorization integration experience to include identity attribute management, credential management, access management, MFA, SAML, OAuth 2.0, OIDC, federation, and governance.
• Extensive experience in a secure government environment supporting business-critical, secure, and highly available systems.
• Some experience with Public Key Infrastructure (PKI), Certification Authorities, CRL, and OCSP is preferred.
• Experience with government security processes and documentation requirements such as FedRAMP, System Security Plans (SSPs), Authority to Operate (ATO), audit evidence, and DoD compliance is preferred.
• Ability to create, explain, and maintain technical documentation, configuration records, onboarding decisions, operational procedures, risks, issues, and remediation plans.
• Strong analytical, troubleshooting, follow-through, written, and verbal communication skills, with the ability to present technical ideas in a business-friendly and user-friendly language.
• Ability to coordinate with multiple IT, application, security, and vendor teams, work independently on defined tasks, and work well as part of a distributed team.
Desired Skills/Knowledge:
• CyberArk Defender, Sentry, CDE, CPC, or equivalent CyberArk certification.
• PowerShell, Python, REST API, or scripting experience for account discovery, onboarding automation, reporting, and operational support.
• Experience with ServiceNow, Jira, change control, CMDB/application inventory, and ticket-driven onboarding workflows.
• Experience with Windows/Linux administration, database/service account management, cloud IAM, and privileged session recording/monitoring.
• Experience producing onboarding intake forms, test scripts, implementation plans, SOPs, knowledge articles, user guides, and training materials.
• Familiarity with SailPoint, Okta, Ping, ADFS, MIM, SecureAuth, or other ICAM tools as they interact with privileged access workflows.
Grimmer Technology and Operations, Inc. (GTOi) is a Small Business Administration 8(a), service-disabled veteran, and woman-owned small business committed to integrating new technologies and transforming initiatives into real-world capabilities for the Department of Defense while providing quality careers for Veterans and all GTOi associates.
Secret Clearance required.
We are looking for a CyberArk / ICAM Application Onboarding Engineer to support the US Army Corps of Engineers (USACE) under the Revolutionary Information Technology Services (RITS)/CASTLENET contract.
NOTE: This is a 100% virtual / work from home / remote position; However, travel may be required (up to 10% as needed). This is a TEMPORARY position.
Why should you join the Government Services USACE team?
USACE has a diverse mission supporting vital services throughout the U.S. and operations worldwide. USACE is mostly known for its support of water ways (locks, levees, dams, canals), but it is also involved in a wide variety of support for the DoD and other civil engineering projects.
USACE offers a large network connecting over 1,500 locations, operates two data centers, and supports approximately 37,000 USACE customers working and building infrastructure throughout the world in support of the USACE mission. RITS provides an opportunity to deliver a revolutionary approach for IT services, move additional IT services to the cloud, and streamline end-user support and services while building and maintaining state-of-the-art solutions.
What will you be doing?
Remotely supporting USACE, the CyberArk / ICAM Application Onboarding Engineer will configure current and new applications for onboarding into CyberArk and related ICAM services. This role will partner with application owners, server/database/cloud teams, and security stakeholders to inventory privileged accounts, define onboarding requirements, configure CyberArk Safes, platforms, and session controls, test credential rotation, document integrations, and support transition to production.
Responsibilities:
• Coordinate with application owners to identify dependencies, credential use cases, account ownership, rotation limitations, service restart impacts, break-glass requirements, and application readiness.
• Configure and maintain CyberArk Safes, groups, permissions, platforms, policies, password/credential rotation, reconciliation, verification, and check-in/check-out workflows.
• Configure CyberArk components and integrations such as PVWA, CPM, PSM/PSMP, CyberArk AAM/CCP, and Conjur/Secrets Manager where applicable.
• Assist application teams through SDLC and change-management activities, including requirements gathering, onboarding design, build/configuration, testing, validation, cutover, and production support.
• Replace, reduce, or protect hard-coded, embedded, shared, and unmanaged privileged credentials using CyberArk-approved patterns and ICAM controls.
• Validate application functionality after onboarding, including password rotation, reconciliation, session brokering, application-to-application credential retrieval, audit logging, and rollback procedures.
• Develop and maintain onboarding checklists, runbooks, integration diagrams, Safe/platform standards, user guides, operational procedures, and evidence for ATO, SSP, audit, and compliance needs.
• Troubleshoot CyberArk onboarding and integration issues across Active Directory/LDAP, Windows/Linux servers, databases, web applications, cloud services, and network/security controls.
• Support privileged access lifecycle management, least privilege, segregation of duties, MFA/federation alignment, access reviews, governance, and recertification processes.
• Work with CyberArk, ICAM, security, application, server, database, and cloud teams to remediate technical gaps and ensure secure enterprise adoption.
• Monitor platform health and support day-to-day CyberArk/ICAM administration, incident response, break-fix, patching, and vendor escalation.
• Must be able to travel up to 10% of the time.
Requirements:
• Must have an active Secret Clearance.
• Bachelor's degree and 10 years of IT, cybersecurity, or IAM experience, or 14 years of experience in lieu of degree.
• Must have a current CASP+ or CISSP.
• Minimum 5 years of hands-on CyberArk PAM, CyberArk Privilege Cloud, or CyberArk Core Privileged Access Security experience, including application onboarding and configuration.
• Minimum 10 years of experience with Microsoft Active Directory and directory services, including privileged groups, service accounts, GPOs, LDAPS, Kerberos, and account lifecycle management.
• Experience configuring CyberArk Safes, platforms, CPM rotation/reconciliation, PVWA access, PSM/PSMP session management, and privileged account discovery.
• Experience integrating applications with CyberArk AAM/CCP, Credential Provider, REST APIs, Conjur/Secrets Manager, or equivalent secret-management patterns.
• Identity Management and Authentication/Authorization integration experience to include identity attribute management, credential management, access management, MFA, SAML, OAuth 2.0, OIDC, federation, and governance.
• Extensive experience in a secure government environment supporting business-critical, secure, and highly available systems.
• Some experience with Public Key Infrastructure (PKI), Certification Authorities, CRL, and OCSP is preferred.
• Experience with government security processes and documentation requirements such as FedRAMP, System Security Plans (SSPs), Authority to Operate (ATO), audit evidence, and DoD compliance is preferred.
• Ability to create, explain, and maintain technical documentation, configuration records, onboarding decisions, operational procedures, risks, issues, and remediation plans.
• Strong analytical, troubleshooting, follow-through, written, and verbal communication skills, with the ability to present technical ideas in a business-friendly and user-friendly language.
• Ability to coordinate with multiple IT, application, security, and vendor teams, work independently on defined tasks, and work well as part of a distributed team.
Desired Skills/Knowledge:
• CyberArk Defender, Sentry, CDE, CPC, or equivalent CyberArk certification.
• PowerShell, Python, REST API, or scripting experience for account discovery, onboarding automation, reporting, and operational support.
• Experience with ServiceNow, Jira, change control, CMDB/application inventory, and ticket-driven onboarding workflows.
• Experience with Windows/Linux administration, database/service account management, cloud IAM, and privileged session recording/monitoring.
• Experience producing onboarding intake forms, test scripts, implementation plans, SOPs, knowledge articles, user guides, and training materials.
• Familiarity with SailPoint, Okta, Ping, ADFS, MIM, SecureAuth, or other ICAM tools as they interact with privileged access workflows.
Grimmer Technology and Operations, Inc. (GTOi) is a Small Business Administration 8(a), service-disabled veteran, and woman-owned small business committed to integrating new technologies and transforming initiatives into real-world capabilities for the Department of Defense while providing quality careers for Veterans and all GTOi associates.
group id: 91139599