PAM Engineer - CyberArk

Job Description

We are seeking an experienced PAM Engineer with deep CyberArk expertise to join an active implementation project at a major financial services client. CyberArk is already deployed in the environment, and this role will focus on expanding coverage, onboarding accounts, building out integrations, and driving the implementation toward completion. This is a hands-on consulting engagement requiring someone who can hit the ground running with minimal ramp-up.

Professional Responsibilities

• Onboard privileged accounts across Windows, Linux/Unix, databases, network devices, and cloud platforms into CyberArk Vault
• Configure and manage CPM (Central Policy Manager) plugins and policies for automated password rotation
• Deploy and troubleshoot PSM (Privileged Session Manager) and PSM for SSH/Web connectors
• Build and customize CyberArk platforms, connection components, and usage profiles to meet client requirements
• Integrate CyberArk with enterprise directories (Active Directory, LDAP), SIEM, ticketing systems, and MFA providers
• Support Secrets Manager / Conjur or Application Access Manager (AAM) implementations for application credential management
• Develop and refine safe structures, access control policies, and role-based access workflows
• Troubleshoot vault, connector, and component issues across Dev, UAT, and Production environments
• Participate in change management processes and document configurations, runbooks, and operational procedures
• Collaborate with client security, infrastructure, and application teams to plan and execute onboarding waves
• Support audit and compliance requirements by ensuring session recording, access logging, and reporting are properly configured

Professional Skills

• Strong working knowledge of CyberArk Privileged Access Security (PAS) suite, including Vault, PVWA, CPM, PSM, and AAM/Conjur
• Proficiency with CyberArk platform customization, including CPM plugins, PSM connectors, and connection components
• Experience with REST API integrations and CyberArk CLI utilities (PACli, RESTAPI)
• Solid understanding of Windows Server, Active Directory, Group Policy, and Linux/Unix system administration
• Familiarity with networking fundamentals (DNS, firewalls, load balancers) as they relate to CyberArk architecture
• Working knowledge of cloud platforms (AWS, Azure, GCP) and managing cloud-native privileged accounts
• Strong troubleshooting and log analysis skills across CyberArk components
• CyberArk Certified Delivery Engineer (CDE) or CyberArk Defender certification preferred
• Clear written and verbal communication skills, comfortable working directly with client stakeholders

Professional Experience

• 3+ years of hands-on CyberArk implementation and administration experience
• Demonstrated experience with large-scale account onboarding and platform buildout projects
• Prior consulting or client-facing delivery experience, comfortable operating with autonomy in a client environment
• Experience working within regulated industries (financial services, banking, insurance) and familiarity with compliance frameworks such as SOX, PCI-DSS, FFIEC, or NIST is a strong plus
• Background in broader IAM or security operations is a plus
• Experience participating in change advisory board (CAB) processes and enterprise release management workflows
• Remote position, with possible infrequent travel to client site
• Must be authorized to work in the USA