Please note I have direct access to the Hiring Director on this position. This position is 100% Remote and does NOT include any travel.
Duration: 3-12+ Months
This is an outstanding opportunity for a CyberArk PAM Engineer to participate in large global CyberArk PAM implementations and, if so desired, expand their skillset to other security areas.
We are a growing Cybersecurity VAR and Systems Integrator specializing in Privileged Access Management (PAM), Identity and Access Management (IAM), Cloud Infrastructure Entitlement Management (CIEM), and GRC services. We are an active member of the Decentralized Identity Foundation (DIF). We are looking for a CyberArk Implementation Engineer (Professional Services) to meet high growth demands.
We are seeking a highly skilled CyberArk Implementation Engineer to join our Professional Services Delivery Team. In this role, the CyberArk PAM Engineer will act as the primary technical CyberArk PAM technical implementation expert for our enterprise clients and partners. Post sale, the CyberArk PAM Engineer will step in to own the end to end deployment lifecycle of CyberArk PAM, including translating high-level PAM and Security architectural designs into fully realized, production-ready CyberArk environments.
Responsibilities
CyberArk Deployment & Integration:
- Architecture Validation: Review client infrastructures, cloud environments, network topologies, and Active Directory structures to validate deployment plans prior to CyberArk PAM installation.
- CyberArk Vault & Module Installation: Install, configure, and harden core CyberArk components including Enterprise Password Vault (EPV), Central Policy Manager (CPM), Privileged Session Manager (PSM), and Privileged Web Access (PVWA).
- CyberArk Privilege Cloud Migration: Orchestrate deployments of CyberArk Privilege Cloud (P Cloud), including configuring local connectors (CPM/PSM) and managing secure cloud-to-on-prem communication.
- Onboarding & Configuration: Create platform policies, configure safe structures, configure automated password rotation rules, and onboard target privileged accounts (Windows, Unix/Linux, Databases, Network Devices).
- Machine Security Integration: Configure CyberArk Secrets Manager / Application Access Manager (AAM) to secure hardcoded credentials across client applications, CI/CD pipelines, and RPA tools.
Consultative Delivery & Partner Enablement
- Kickoff & Requirements Gathering: Guide client stakeholders through discovery sessions to map out scoping, domain controller integrations, and security policies.
- UAT & Testing: Lead User Acceptance Testing (UAT), documenting system performance, troubleshooting session broker failures, and ensuring seamless failover capabilities.
- Handover & Enablement: Deliver detailed "as-built" documentation and conduct interactive training handovers to client IT administrators for day-to-day operations.
Requirements:
- Must have 5+ years of hands-on experience designing, deploying, implementing and configuring CyberArk PAM suites in mid-to-enterprise environments.
- Strong technical literacy in Active Directory, LDAP, Group Policy (GPOs), Kerberos, and overall Windows/Linux enterprise security administration.
- Solid understanding of firewall rules, load balancers, IIS, TLS certificates, and network security protocols.
- The following are only a Plus; NOT Mandatory: CyberArk IAM, CyberArk EPM, CyberArk SSO and MFA, Saviynt PAM, BeyondTrust, Okta PAM, writing scripts (PowerShell, Bash) or using REST APIs to automate account onboarding or customize CyberArk connection components, prior experience working for a Value-Added Reseller (VAR), System Integrator (SI), or Professional Services organization delivering external client-facing projects, any CyberArk Certifications: CyberArk Certified Delivery Engineer (CDE) or Certified Defender/Sentry status. Again, these are only a Plus, NOT Mandatory.
Note: Contract Flexibility
We understand that top-tier security talent requires flexibility. We are open to configuring this contract based on your availability:
- Option 1: Full-Time dedication (40 hours/week, standard business hours) running point on client projects.
- Option 2: Part-Time dedication (flexible hours) providing specialized technical execution during critical project phases.