CyberArk Engineer

CyberArk Configuration and Management

1. Configure the CyberArk environment to align with project requirements, including:

1. Access management and control models.
2. Authentication and authorization configurations.
3. Role-based group permissions.

1. Design and implement Safe and Data Permission structures in the Vault adhering to naming conventions and organizational standards.
2. Manage Master Policy configurations and platforms, including the creation and testing of policies for new account groups.
3. Define and implement CyberArk workflows and privileged account controls tailored to organizational needs.

Privileged Account and Credential Management

1. Load, verify, and onboard credentials for privileged accounts.
2. Prioritize and manage accounts based on rollout plans and business requirements.
3. Pilot, test, and deploy automated credential rotation for supported platforms.
4. Migrate accounts from legacy systems to CyberArk using tools like Auto-Detection and Password Upload Utility.

Customization and Integration

1. Gather requirements and coordinate with CyberArk Extensions Services for customizations and plug-ins.
2. Configure and test CPM plug-ins, PSM Universal Connections, PVWA integrations, and REST API capabilities.
3. Assist in creating PowerShell scripts and optimizing REST API usage for PAM solution management.

Session Management and Threat Analytics

1. Configure and enable Privileged Session Manager (PSM) and PSM for SSH for secure connections, live session monitoring, and audits.
2. Implement Privileged Threat Analytics (PTA) for environment monitoring and optimization.

Operations and Maintenance

1. Oversee daily system operations, performance, and health monitoring of the CyberArk infrastructure.
2. Provide first-level technical support and liaise with CyberArk support teams as needed.
3. Utilize PAM Reporter for troubleshooting and incident resolution.

Documentation and Training

1. Draft technical and process documentation for CyberArk configurations, workflows, and best practices.
2. Conduct training sessions for internal personnel on CyberArk operations and maintenance.

Ongoing Support and Enhancements

1. Troubleshoot problems on a day-to-day basis and provide solutions to fix the security problems.
2. Experience in managing EDR tool to stop execution of malicious code, block zero-day exploits, kill processes, contain command, and control callbacks.
3. Investigate, analyze, and evaluate new technologies and risks.
4. Experience in planning and designing the enterprise security architecture.
5. Assist with onboarding local, networking device, root, and service accounts, testing environments in ITSD and DAS.
6. Support software upgrades, such as v14 LTS or greater

Client-Facing Responsibilities: Collaborate directly with clients to communicate technical and functional aspects of CyberArk solutions, manage expectations, and build positive, long-term relationships to ensure successful project outcomes.

Qualifications

• Bachelor s degree in Information Security, Computer Science, or a related field.
• 10+ years of hands-on experience with CyberArk PAM solutions, including installation, configuration, and management.
• Proficiency in CyberArk components such as

• EPV - Enterprise Password Vault
• CPM - Central Policy Manager
• PVWA - Privileged Vault Web Access
• PSM - Privileged Session Manager
• PTA - Privileged Threat Analytics

• Experience with REST APIs, PowerShell scripting, and workflow automation.
• Strong understanding of access management, privileged account management, and security policies.
• Ability to troubleshoot and resolve issues related to CyberArk and PAM implementations.
• Excellent documentation and communication skills.

Preferred Skills

• Certification in CyberArk Defender or Sentry.
• Experience with non-out-of-the-box platform customizations.
• Knowledge of secure coding practices and regulatory compliance frameworks.