Senior CyberArk Architect & Implementation Lead - Privileged Access management - PAM / IAM
- 100% REMOTE
- Immediate contract - 3-6 months
Role Overview:
We are seeking an expert who can both design the blueprint and build the house. As our Senior CyberArk Architect and Lead Implementer, this role will be the technical authority for our Privileged Access Management (PAM) strategy. You are responsible for the entire lifecycle of the platform—from high-level architectural design and infrastructure planning to hands-on deployment, custom API integrations, and the automation of credential management across our global enterprise.
Required Skills & Qualifications
Experience:
- 8+ years in Cybersecurity, with dedicated, hands-on experience in CyberArk Architecture and Implementation.
Technical Mastery:
- Deep expertise in the CyberArk Core PAS suite and Secret Management.
- Proficiency in PowerShell or Python for automation and API-driven workflows.
- Strong knowledge of Active Directory/LDAP, Kerberos, SAML, and TLS/SSL certificate management.
Infrastructure: Solid experience with Windows/Linux Server administration and cloud-native security groups/IAM roles.
Leadership: Proven ability to lead complex technical migrations and act as the subject matter expert (SME) during security audits or incident response.
Key Responsibilities
Architectural Strategy & Design:
- Design and document the end-to-end CyberArk solution architecture (on-prem, hybrid, or CyberArk Privilege Cloud) to ensure high availability, scalability, and disaster recovery.
- Define the "Least Privilege" roadmap and Zero Trust strategy for protecting administrative accounts, service accounts, and CI/CD pipelines.
- Create detailed technical designs for Distributed Vaults, Primary/Subordinate Vaults, and secure network zoning.
Expert Implementation & Engineering:
- Lead the end-to-end installation and configuration of the PAS Suite: Vault, PVWA, CPM, PSM, and PSMP.
- Deploy and manage CyberArk Conjur or Application Identity Manager (AIM) to secure secrets for DevOps tools and non-human identities.
- Implement Privileged Threat Analytics (PTA) to identify and respond to anomalous account activity and lateral movement.
Automation & Custom Integration:
- Develop custom CPM Plug-ins and PSM Connection Components to manage access for non-standard or proprietary applications.
- Automate routine tasks—such as account onboarding, safe creation, and reporting—using REST APIs, PowerShell (PoShPACLI), or Python.
- Integrate CyberArk with enterprise ecosystems including SIEM (Splunk/Sentinel), ITSM (ServiceNow), and Cloud Providers (AWS/Azure/Google Cloud Platform).
Preferred Certifications
- CyberArk CDE (Certified Delivery Engineer).
- CyberArk Guardian or Sentry level certification.
- CISSP (Certified Information Systems Security Professional).
Never miss an opportunity! Create an alert based on the job you applied for.
