CyberArk Solution Architect

About The Position

Requirements

• Bachelor’s degree and 6 years of relevant experience. An additional 2 years of experience with an Associate’s Degree. An additional 4 years of experience with a high school diploma.
• Strong experience implementing or supporting CyberArk Privileged Access Management (PAM) solutions.
• Experience with CyberArk Enterprise Password Vault (EPV), Password Vault Web Access (PVWA), Central Policy Manager (CPM), and Privileged Session Manager (PSM).
• Experience designing and documenting CyberArk safe structures, credential policies, and privileged access models.
• Experience onboarding service accounts, application accounts, database accounts, and secrets into CyberArk.
• Experience gathering and documenting technical and functional requirements across enterprise application environments.
• Experience documenting requirements as Jira epics and user stories.
• Strong understanding of credential management, password rotation, privileged access governance, and security best practices.
• Experience integrating applications with CyberArk-managed credentials and secrets.
• Experience supporting cloud-based secret management solutions such as AWS Secrets Manager.
• Excellent verbal and written communication skills.
• Strong analytical, documentation, and problem-solving skills.
• Ability to shift focus between competing priorities in a fast-paced environment.
• Demonstrates leadership in the face of ambiguity and works proactively to drive issues to resolution.

Nice To Haves

• CyberArk Defender, Sentry, or Guardian certification.
• Experience supporting federal government systems or environments.
• Experience supporting Public Trust or other federal security compliance requirements.
• Experience working in AWS cloud environments.
• Familiarity with identity and access management (IAM) and privileged access management (PAM) frameworks.
• Experience working within enterprise cybersecurity modernization initiatives.
• Experience using Jira and Confluence.
• Familiarity with DevSecOps and infrastructure automation practices.

Responsibilities

• Lead requirements gathering sessions with application, infrastructure, security, and business stakeholders for CyberArk onboarding initiatives.
• Document current-state privileged access management processes and account usage across multiple applications and environments.
• Identify and inventory accounts requiring migration into CyberArk, including: Service accounts, Database service accounts, User database accounts, Application accounts, Application secrets, AWS Secrets Manager-managed secrets, Custom application-managed secrets.
• Design and document CyberArk onboarding approaches for applications and infrastructure components.
• Define and document CyberArk safe structures, access models, RBAC requirements, and credential storage strategies.
• Research and document application integration requirements needed for applications to securely retrieve and use credentials stored in CyberArk.
• Analyze dependencies, authentication methods, credential rotation impacts, and operational constraints associated with migrating accounts into CyberArk.
• Develop architectural diagrams, workflow documentation, and implementation guidance for CyberArk integrations.
• Create and maintain Jira epics, features, and user stories to support implementation and migration activities.
• Collaborate with application development teams to identify code or configuration changes required to integrate with CyberArk-managed credentials.
• Support the development of credential rotation policies, access control policies, and privileged access governance standards.
• Provide technical leadership and guidance to implementation teams throughout planning, design, testing, and deployment phases.
• Coordinate with cloud engineering teams regarding AWS Secrets Manager integrations and hybrid secret management approaches.
• Participate in technical reviews, risk assessments, and solution validation activities.
• Maintain positive working relationships with federal clients, delivery teams, and stakeholders while supporting mission-critical systems.