Senior CyberArk Engineer – Privilege Cloud & Endpoint Privilege Manager (EPM)
Position Summary:
We are seeking an experienced CyberArk Engineer to support the implementation and operationalization of CyberArk Privilege Cloud (PAM) and CyberArk Endpoint Privilege Manager (EPM) across multiple business entities as part of a large-scale M&A integration program. The ideal candidate should possess strong hands-on experience in designing, configuring, implementing, and supporting CyberArk SaaS solutions while collaborating with cross-functional infrastructure, security, and identity teams.
Key Responsibilities:
CyberArk Privilege Cloud (PAM)
Lead technical discovery sessions to assess privileged account inventory, infrastructure readiness, identity architecture, and integration requirements.
Design and implement CyberArk Privilege Cloud architecture, including Safes, Platforms, RBAC, and account onboarding strategy.
Configure and manage Privilege Cloud Connectors, CPM, PSM, SAML SSO, MFA, and password management policies.
Onboard Windows, Linux, Database, Network, Cloud, Service, Shared, and Application accounts into CyberArk.
Configure password rotation, reconciliation accounts, session recording, privileged session management, and auditing.
Perform pilot onboarding, production rollout, validation testing, and operational readiness activities.
Troubleshoot onboarding failures, connector issues, password management failures, session connectivity issues, and platform configuration problems.
Support Hypercare activities and transition completed implementations to Operations teams.
CyberArk Endpoint Privilege Manager (EPM)
Design and configure CyberArk EPM tenant architecture, Sets, RBAC, and endpoint policy hierarchy.
Implement least privilege, privilege elevation, application control, and ransomware protection strategies.
Configure Allow, Elevate, Elevate if Necessary, Block, Trusted Publishers, Application Groups, and Threat Protection policies.
Package and deploy CyberArk EPM agents through Microsoft Intune, SCCM, or Jamf.
Monitor endpoint events and optimize policies based on pilot and production feedback.
Perform endpoint policy validation, application compatibility testing, and privilege removal verification.
Support Hypercare, production rollout, and ongoing policy tuning.
Identity & Integration
Integrate CyberArk solutions with Microsoft Entra ID, Active Directory, SAML, LDAP, SIEM platforms, and ITSM solutions.
Collaborate with Infrastructure, Network, Endpoint Management, Identity, and Security Operations teams to resolve implementation dependencies.
Validate firewall, proxy, DNS, SSL inspection, and network connectivity requirements for CyberArk SaaS services.
Support enterprise authentication, RBAC mapping, and identity lifecycle integration.
Testing & Deployment
Execute technical validation for pilot and production deployments.
Validate privileged account onboarding, password rotation, session management, application control, and endpoint privilege policies.
Support production rollout planning, implementation, Hypercare, and operational transition.
Troubleshoot production issues and implement corrective actions to ensure platform stability.
Collaboration & Delivery
Participate in technical workshops with business and infrastructure stakeholders.
Collaborate with M&A integration teams to onboard newly acquired entities into the enterprise CyberArk platform.
Coordinate with Platform Engineering, Security Operations, Identity, Endpoint Management, and Network teams throughout the implementation lifecycle.
Provide technical guidance and best practices for Privileged Access Management and Endpoint Privilege Management.
Required Skill:
- CyberArk
- CyberArk Privilege Cloud