Our Ability Jobs

At U.S. Bank, we’re on a journey to do our best. Helping the customers and businesses we serve to make better and smarter financial decisions and enabling the communities we support to grow and succeed. We believe it takes all of us to bring our shared ambition to life, and each person is unique in their potential. A career with U.S. Bank gives you a wide, ever-growing range of opportunities to discover what makes you thrive at every stage of your career. Try new things, learn new skills and discover what you excel at—all from Day One.

Job Description

U.S. Bancorp is seeking a Privileged Identity and Access Management (IAM) CyberArk Operations Engineer. This is a critical role requiring a highly dedicated individual to mature the lifecycle of privileged accounts management. This role requires a highly motivated engineer, focused on high risk security mindset, operational resiliency, and service excellence to ensure the privileged accounts within PAM solution and the solution itself is stable and maintained to the highest levels of availability for our enterprise customers. This requires a dynamic individual with excellent communications skills, a collaborative mentality, a high level of attention to detail, and a drive to maintain and improve enterprise privileged access controls. 　

The role offers a hybrid/flexible schedule, which means there’s an in-office expectation of 3 or more days per week and the flexibility to work outside the office location for the other days at one of the following locations:

• Minneapolis, MN

• Cincinnati, Ohio

• Charlotte, NC

• Irving, T

The CyberArk Operations Engineer will be responsible for the day-to-day privileged accounts management, maintenance, and support of the CyberArk Privileged Access Management (PAM) environment. This role involves configuring, monitoring, troubleshooting, and optimizing CyberArk components to ensure secure and efficient privileged account management. The engineer will work closely with cross-functional teams, including IT, security, and compliance, to support identity and access management initiatives, ensuring adherence to security policies and best practices.

Requirements:

4 years or more enterprise security experience that included implementing and maintaining CyberArk password vault solution, components, technology plug-in, features, and services across a complex and global enterprise environment specifically Enterprise Password Vault (Privileged Accounts at OS and DB levels), Privileged Session Manager-PSM (Control and monitor privileged accesses), Discovery and Analysis tool.

• Experience with troubleshooting privileged accounts password rotation failures on UNIX/Linux, Database (Oracle, SQL), Directory (Active Directory, LDAP), Mainframe, and Cloud platforms.

• Knowledge of UNIX/Linux operating systems, including user authentication and access, SSH keys, sudoers files, etc.

• Experience in developing automation scripts (PowerShell, Python) for operational tasks (such as modifying account properties, initiating CPM operations, etc. in CyberArk) using REST API.

• Strong proficiency in written and verbal communication to describe highly technical information in an understandable level to any audience.

• Experience developing and maintaining metric based reports and KPIs to provide visibility on scope, coverage, identify gaps and enhancement opportunities for the IAM solutions or tool platforms.

• Proven experience in translating Enterprise security standards and policies into effective CyberArk solution configurations and governance processes.

• Demonstrated proficiency in creating and managing Platforms, Policies and Safes within the CyberArk solution.

• Exceptional troubleshooting / supporting expertise with a root cause analysis mindset with a drive to eliminate repetitive or reoccurring performance issues.

• Experience designing, developing, building, and implementing process workflows, forms, rules, password policies, Lifecycle Events, Reports and Access Certifications

• Perform functional and technical requirements gathering and analysis for an enterprise-wide Identity & Access Management program.

• Strong documentation skills to provide validation of use cases, system functionality, and user acceptance testing.

• Experience working with agile frameworks: work along side product manager, sprint ceremonies, regular standups.

• Demonstrated ability to mentor junior engineers for knowledge transfer and to increase core engineering proficiencies.

• Willingness to learn and commitment to follow all policies and procedures in a technically diverse global enterprise IT organization.

Desired Skillset:

• Working knowledge of REST and/or SOAP APIs

• PowerShell, Python or other scripting language

• PACLI, Password Upload Utility, DNA, and Export Vault Data CyberArk utilities

• Custom terminal-based and web-based CPM plugin creation

• Custom PSM web-based Connection Component creation

• Integrating applications with CyberArk Credential Manager products to enable automatic password rotations and retrievals

• Proficient in Excel (functions, custom filtering, macros, etc.) as well as other Microsoft Office applications (PowerPoint, Word)

• Ability to use regular expressions for advanced filtering, searching, and text editing tasks

Primary job responsibilities include:

• Responsible for Privileged User account administration for various platforms including UNIX, Windows, Databases, Mainframe, Cloud

• Create and modify Account Platforms to ensure privileged accounts are being managed appropriately to meet security and compliance requirements.

• Perform root cause analysis for issues and implement preventive measures to mitigate future risks.

• Create custom reports, spreadsheets, and PowerPoints to regularly track metrics and KPIs

• Ensure CyberArk solutions comply with security policies, regulatory requirements, and industry best practices.

• Provide training and support to IT and security teams on CyberArk best practices and usage: Creating procedural documentation and help educate vault users and supporting IAM Teams with knowledge transfer

• Assist in developing runbooks for incident response and disaster recovery related to privileged access management.

• Respond to and resolve incidents related to privileged access, CyberArk operations, and security breaches promptly.

Maintaining and supporting CyberArk solution, including:

• Enterprise Password Vault (EPV), Central Policy Manager (CPM), Password Vault Web Access (PVWA) , Privileged Session Manager (PSM), Privileged Session Manager Proxy (PSMP), Configuration of the Application Identity Manager (AIM), EPM

• Creating, managing and testing CPM and PSM plugins

• Performing health check monitoring on all CyberArk servers: Monitor and troubleshoot CyberArk systems and related processes to ensure continuous availability and optimal performance.

• Provide on-call support on a rotation basis.

• Apply patches, upgrades, and perform system health checks on the CyberArk environment.

• Conduct periodic audits of privileged accounts and associated controls, providing reports and recommendations for improvements.

• Collaborate with auditors and compliance teams to demonstrate the effectiveness of the CyberArk environment during assessments.

If there’s anything we can do to accommodate a disability during any portion of the application or hiring process, please refer to our disability accommodations for applicants (https://careers.usbank.com/global/en/disability-accommodations-for-applicants) .

Benefits:

Our approach to benefits and total rewards considers our team members’ whole selves and what may be needed to thrive in and outside work. That's why our benefits are designed to help you and your family boost your health, protect your financial security and give you peace of mind. Our benefits include the following (some may vary based on role, location or hours):

• Healthcare (medical, dental, vision)

• Basic term and optional term life insurance

• Short-term and long-term disability

• Pregnancy disability and parental leave

• 401(k) and employer-funded retirement plan

• Paid vacation (from two to five weeks depending on salary grade and tenure)

• Up to 11 paid holiday opportunities

• Adoption assistance

• Sick and Safe Leave accruals of one hour for every 30 worked, up to 80 hours per calendar year unless otherwise provided by law

EEO is the Law

U.S. Bank is an equal opportunity employer committed to creating a diverse workforce. We consider all qualified applicants without regard to race, religion, color, sex, national origin, age, sexual orientation, gender identity, disability or veteran status, among other factors. Applicants can learn more about the company’s status as an equal opportunity employer by viewing the federal KNOW YOUR RIGHTS (https://eeoc.gov/sites/default/files/2023-06/22-088_EEOC_KnowYourRights6.12ScreenRdr.pdf) EEO poster.

E-Verify

U.S. Bank participates in the U.S. Department of Homeland Security E-Verify program in all facilities located in the United States and certain U.S. territories. The E-Verify program is an Internet-based employment eligibility verification system operated by the U.S. Citizenship and Immigration Services. Learn more about the E-Verify program (https://careers.usbank.com/verification-of-eligibility-for-employment) .

The salary range reflects figures based on the primary location, which is listed first. The actual range for the role may differ based on the location of the role. In addition to salary, U.S. Bank offers a comprehensive benefits package, including incentive and recognition programs, equity stock purchase 401(k) contribution and pension (all benefits are subject to eligibility requirements). Pay Range: $102,340.00 - $120,400.00 - $132,440.00

U.S. Bank will consider qualified applicants with arrest or conviction records for employment. U.S. Bank conducts background checks consistent with applicable local laws, including the Los Angeles County Fair Chance Ordinance and the California Fair Chance Act as well as the San Francisco Fair Chance Ordinance. U.S. Bank is subject to, and conducts background checks consistent with the requirements of Section 19 of the Federal Deposit Insurance Act (FDIA). In addition, certain positions may also be subject to the requirements of FINRA, NMLS registration, Reg Z, Reg G, OFAC, the NFA, the FCPA, the Bank Secrecy Act, the SAFE Act, and/or federal guidelines applicable to an agreement, such as those related to ethics, safety, or operational procedures.

Applicants must be able to comply with U.S. Bank policies and procedures including the Code of Ethics and Business Conduct and related workplace conduct and safety policies.

Job postings typically remain open for approximately 20 days of the posting date listed above, however the job posting may be closed earlier should it be determined the position is no longer required due to business need. Job postings in areas with a high volume of applicants, such as customer service, contact center, and Financial Crimes investigations, remain open for approximately 5 days of the posting listed date.