PAM Senior Engineer

The Role

You will advance and scale Modernas Privileged Access Management (PAM) program with a strong emphasis on CyberArks SaaS solutions. Your main responsibilities will center on CyberArk Endpoint Privilege Manager (EPM) for Windows Linux (various flavors) and macOS environments. You will design and implement policies that enforce least privilege manage privilege elevation enable application control and protect against credential addition you will oversee and enhance the operation of Privilege Cloud and its SaaS capabilities including Discovery Secure Infrastructure Access Workforce Password Management and Secrets Hub. While the intended focus of this role is on EPM you will also be expected to work on Modernas other CyberArk products as needed. Not all CyberArk offerings will have the same emphasis but the core expected skillset will be with EPM and PAM (pCloud or SIA).

You will drive automation wherever feasible integrate PAM processes with AWS & Azure services and establish clear outcome-based metrics to measure success. While experience with on-premises PAM solutions is a plus hands-on expertise with CyberArks SaaS offerings is especially important for this role. Success in this position means delivering precise technical solutions achieving measurable risk reduction and maintaining thorough documentation and clear communication with both engineering and business stakeholders.

Heres What Youll Do

• Develop tune and oversee EPM policiesincluding least privilege access elevation rules application control and credential theft protectionfor Windows and macOS endpoints. Collaborate with various IT and Security teams to ensure effective management of EPM strategies.

• Plan and drive EPM agent rollout versioning and health monitoring; define KPIs (e.g. % endpoints least-privileged elevation blocks help-desk friction).

• Collaborate with different business and application teams to identify EPM policies that can be implemented within an established timeframe. This process may include input from business laboratory/manufacturing IT stakeholders and subject matter experts.

• Operate & enhance Privilege Cloud: manage connectors and high availability platform configuration upgrades and access workflows with minimal downtime.

• Implement CyberArks discovery service to expand account/secret coverage; schedule scans deduplicate results and manage onboarding of accounts (including interviews and data collection) using a logical design framework.

• Deploy operate and support Workforce Password Management (WPM) to provide secure storage and sharing of workforce and business credentials and enable integration with privileged cloud systems and other relevant tools as needed.

• Adopt Secure Infrastructure Access (SIA) for privileged sessions; determine PSM vs. SIA usage; manage connectors and access policies.

• Evaluate solutions for CI/CD containers and machine identities; perform application integration assessments and provide practical guidance (e.g. GitHub Actions/Azure DevOps); build automation and reporting (preferred not required) using REST/JSON APIs PowerShell/Python or IaC tools (e.g. Terraform) to reduce manual work.

• Collaborate with business units and engineering teams (Endpoint Cloud/Platform App SecOps Governance) to articulate requirements and translate them into designs runbooks and clear documentation/training; ensure PAM standards and policies are followed.

• Develop and maintain architecture/standards implementation designs end-user documentation and training materials.

• Maintain audit-ready evidence; plan and participate in disaster recovery capacity planning performance monitoring and maintenance to ensure high availability; support incident response for privilege-related events.

• Analyze the PAM environment and drive continuous improvement with clear outcomes (e.g. reduce local admin rights from X%Y% raise Discovery coverage to N% route Z% of privileged sessions via SIA keep break-glass MTTR < X minutes).

• Create regularly review and enhance PAM policies standards and procedures to meet security and compliance requirements.

• Stay current with industry trends and emerging technologies to keep the IAM strategy effective and up to date.

• Provide 247 support as needed for emergency situations and planned maintenance activities.

Heres What Youll Need (Basic Qualifications)

• Bachelors degree in a technical discipline or commensurate practical experience.

• 6 years in technology with 3 years in the general field of identity & access management (PAM experience qualifies); 2 years operating CyberArk Privilege Cloud in production (connectors HA/upgrades change control).

• 3 years hands-on direct experience with Endpoint Privilege Manager (EPM): least-privilege policy design elevation rules application control credential-theft protections for Windows/macOS.

• Hands-on experience with DevOps and Agile methodologies including implementation and administration of CyberArks secret management technologies such as Credential Provider Secrets Hub and Conjur (Cloud or Enterprise).

• Practical use of SaaS Discovery for accounts/secrets and streamlined onboarding flows.

• Solid fundamentals across Windows Linux and MacOS administration and cloud (AWS/Azure) integrations relevant to PAM.

Heres What Youll Bring to the Table (Preferred Qualifications)

• Clear concise written and verbal communication for designs runbooks and stakeholder updates.

• Demonstrated expertise in Privileged Access Management principles best practices and technologies including JIT access least-privilege and dynamic privilege models; comprehensive familiarity with an expanded suite of CyberArk tools such as Discovery SIA (with an understanding of when to use PSM versus SIA) WPM and Secrets Hub.

• Possession of relevant industry certifications (e.g. CISSP CISM CISA)

• CyberArk certifications (Defender Sentry Guardian).

• Advanced knowledge of DevOps pipelines and CI/CD solutions with proven experience in API integration (REST/JSON) web service connectivity scripting (PowerShell Python) and Infrastructure as Code (Terraform) for onboarding rotation policy management and reporting.

• Thorough understanding of Windows Unix and macOS operating systems; system administration experience is a plus.

• Proactive self-starter with exceptional analytical and problem-solving capabilities adept at working independently and collaboratively within teams managing multiple simultaneous projects and consistently meeting established deadlines.

• Superior communication and interpersonal abilities including clear technical documentation and effective presentation skills.

• Extensive understanding of information security and security architecture frameworks with a strong grasp of security risks and mitigation strategies. Capable of effectively communicating risk and remediation approaches to both technical and non-technical audiences producing audit-ready evidence supporting HA/DR initiatives and expertise in identifying security risks implementing mitigating controls and articulating risk across all business levelsfrom leadership to operations and development teams.

• Solid background in virtualization and cloud computing particularly AWS infrastructure and architecture; familiarity with additional cloud platforms such as Azure or GCP is advantageous.

• Experience working within GxP regulated environments and adhering to applicable compliance requirements.

• Commitment to fostering continuous improvement and delivering service excellence.

• A desire to make an impact as part of a high-growth transformational company that is Bold Relentless Curious and Collaborative.

Pay & Benefits

At Moderna we believe that when you feel your best you can do your best work. Thats why our US benefits and global well-being resources are designed to support youat work at home and everywhere in between.

• Best-in-class healthcare coverage plus voluntary benefit programs to support your unique needs

• A holistic approach to well-being with access to fitness mindfulness and mental health support

• Family planning benefits including fertility adoption and surrogacy support

• Generous paid time off including vacation volunteer days sabbatical global recharge days and a discretionary year-end shutdown

• Savings and investment opportunities to help you plan for the future

• Location-specific perks and extras

The successful candidate may be eligible for an annual discretionary bonus other incentive compensation or equity award subject to company plan eligibility criteria and individual performance.

About Moderna

Since our founding in 2010 we have aspired to build the leading mRNA technology platform the infrastructure to reimagine how medicines are created and delivered and a world-class team. We believe in giving our people a platform to change medicine and an opportunity to change the world.

By living our mission values and mindsets every day our people are the driving force behind our scientific progress and our culture. Together we are creating a culture of belonging and building an organization that cares deeply for our patients our employees the environment and our communities.

We are proud to have been recognized as a Science Magazine Top Biopharma Employer a Fast Company Best Workplace for Innovators and a Great Place to Work in the U.S.

If you want to make a difference and join a team that is changing the future of medicine we invite you to visit to learn more about our current opportunities.

Our Working Model

As we build our company we have always believed an in-person culture is critical to our success. Moderna champions the significant benefits of in-office collaboration by embracing a 70/30 work model. This 70% in-office structure helps to foster a culture rich in innovation teamwork and direct mentorship. Join us in shaping a world where every interaction is an opportunity to learn contribute and make a meaningful impact.

Moderna is a smoke-free alcohol-free and drug-free work environment.

Equal Opportunities

Moderna is committed to equal employment opportunity and non-discrimination for all employees and qualified applicants without regard to a persons race color sex gender identity or expression age religion national origin ancestry or citizenship ethnicity disability military or protected veteran status genetic information sexual orientation marital or familial status or any other personal characteristic protected under applicable is a place where everyone can grow. If you meet the Basic Qualifications for the role and you would be excited to contribute to our mission every day please apply!

Moderna is an E-Verify Employer in the United States. We consider qualified applicants regardless of criminal histories consistent with legal requirements.

Accommodations

Were focused on attracting retaining developing and advancing our employees. By cultivating a workplace that values diverse experiences backgrounds and ideas we create an environment where every employee can contribute their best.

Moderna is committed to offering reasonable accommodations to qualified job applicants with disabilities. Any applicant requiring an accommodation in connection with the hiring process and/or to perform the essential functions of the position for which the applicant has applied should contact the Accommodations team at .

Export Control Notice

This position may involve access to technology or data that is subject to U.S. export control laws including the Export Administration Regulations (EAR). As such employment is contingent upon the applicants ability to access export-controlled information in accordance with U.S. law. Due to the nature of the work and regulatory requirements only individuals who qualify as U.S. persons (citizens permanent residents asylees or refugees) are eligible for this position. For this role Moderna is unable to sponsor non-U.S. persons to apply for an export control license.

-