Privileged Access Engineer

Job Description

• Sydney or Melbourne
• Join Rest's Information Security team

Established in 1988, Rest is one of Australia’s largest profit-to-member superannuation funds.

We support more than two million members, with around $100 billion of funds under management and are recognised as a responsible investment leader*. We believe when members understand and engage with their super, they’re more likely to get a better retirement outcome.

Everything we do at Rest is underpinned by our values and behaviours, we want to Be Daring, Keep it Simple, Take Action and Have Grit. To put it simply we want our people to thrive and love the work they do.

As an Privileged Access Engineer, you will play a critical role in designing, implementing, and managing Privilege Identity Access Management solutions across the Rest environment. Your primary focus will be on deploying and maintaining CyberArk Privileged Cloud solution to secure privileged access throughout the enterprise.

This role requires a proactive and security-focused mindset, working closely with IT, security and the business to mitigate risks, enforce compliance, and optimize privileged access controls. You’ll contribute to the strategic evolution of Rest's IAM landscape, ensuring that our systems, applications, and data remain protected against emerging threats.

• Design, implement, and manage CyberArk Privileged Cloud solution to secure privileged accounts and sensitive credentials across the enterprise.
• Lead the installation, configuration, and maintenance of CyberArk privileged Cloud components including Vault, PAS, PVWA, CPM, PSM, and PTA.
• Monitor and maintain daily operations of PAM systems to ensure high availability, optimal performance, and robust security of privileged access.
• Oversee the full lifecycle management of privileged accounts—provisioning, deprovisioning, credential rotation, and auditing—across platforms such as CyberArk Privilege Cloud, Microsoft Entra ID, and SailPoint Identity Security Cloud (ISC).
• Conduct regular privileged access reviews, ensuring strict adherence to the principle of least privilege and compliance requirements.
• Investigate and respond to security incidents or anomalies related to privileged access, working closely
• with the incident response team for swift resolution and root cause analysis.
• Partner with IT and application teams to integrate PAM solutions seamlessly with critical enterprise systems and tools.
• Develop and enforce policies governing privileged access in line with security frameworks and compliance standards.
• Manage patching, upgrades, and troubleshooting of all CyberArk components, ensuring a secure and stable environment.
• Provide technical expertise, guidance, and training to internal teams and end-users on best practices in identity and access management.
• Perform regular audits and generate detailed reports on privileged account usage, policy violations, and compliance status.
• Identify and resolve issues related to authentication, access controls, and application integration within the broader identity ecosystem.
• Maintain comprehensive documentation of configurations, processes, and operational best practices across all supported identity platforms.

Qualifications

• Hands-on experience implementing CyberArk Privilege Cloud solutions, including Core PAS, Endpoint Privilege Manager (EPM), Conjur, Secure Web Session (SWS) and Secure Infrastructure Access (SIA).
• Proven expertise in integrating CyberArk with Active Directory, major cloud platforms (AWS, Azure, GCP), and DevOps tools for seamless privileged access management.
• Experience with Microsoft Windows Server, Solaris, and Red Hat Enterprise Linux environments,
• PowerShell scripting and API integration for automating administrative tasks and streamlining system operations.
• Solid experience with Multi-Factor Authentication (MFA) and Single Sign-On (SSO) technologies.
• Familiarity with SIEM & ServiceNow integration to enhance security monitoring and incident response.
• Strong infrastructure background, preferably within AWS, Azure, or GCP environments.
• Foundational knowledge of network architecture, including firewalls, DNS, whitelisting, and general networking principles.
• Excellent communication skills, with the ability to explain complex architectural concepts and technical issues to both business and technical audiences.
• Strong analytical and problem-solving abilities, capable of translating intricate requirements into effective PAM solutions that drive business value.

Additional Information

Our benefits have been designed so you can tailor your experience with us and include:

• Personal and professional development opportunities
• Hybrid working
• Purchase leave scheme and gender neutral 16 weeks paid parental leave
• Super Contribution Continuation for 12 Months of parental leave
• Linkedin Learning
• Income Protection Insurance
• Rest Excellence awards (peer recognition awards based on Rest’s values and behaviours)
• Rest Stops - meeting free breaks

If you share our values, believe you can help make a difference for our members and want to be part of a leading superannuation fund with a Super culture, please click Apply Now.

Rest is committed to creating a flexible work environment and culture that embraces diversity, equity, and inclusion - where people feel welcome, safe to be themselves and inspired to do their best.

We value the different backgrounds, lived experiences and abilities our diverse team brings. We welcome and encourage applications from candidates of all ages, cultural backgrounds, faiths, gender identities, sexual orientations and thinking styles. This includes people with disability, neurodiverse individuals, Aboriginal & Torres Strait Islander peoples and those with disrupted work history due to career or other breaks.

Please note only people with the right to work in Australia will be considered.

*Funds under management as at 31 July 2025. Rest is recognised as a Responsible Investment Leader by the Responsible Investment Association Australia (RIAA) in its Responsible Investment Benchmark Report 2022.