IAM (CyberArk) Engineer

About The Position

Requirements

• 7+ years of hands-on CyberArk engineering experience in large-scale enterprise environments.
• Deep expertise in CyberArk Vault, PVWA, CPM, PSM, and Endpoint Privilege Manager (EPM), including architecture, deployment, upgrades, and troubleshooting.
• Proven experience designing and implementing custom CPM plugins and PSM connectors, using Plugin Generator Utility, CLI tools, and scripting.
• Strong understanding of privileged access risks, credential management, session security, and Zero Trust security principles.
• Experience integrating CyberArk with infrastructure, applications, databases, cloud platforms (Azure, AWS, GCP), and CI/CD pipelines.
• Experience operating platforms within Agile, DevSecOps, and ITIL-aligned environments.
• Strong analytical, organizational, and problem-solving skills in complex, time-critical environments.
• Excellent written and verbal communication skills, with the ability to influence technical and business stakeholders.

Nice To Haves

• CISSP
• CyberArk Certifications
• ITIL 4 Foundations Certification

Responsibilities

• Act as the CyberArk PAM Subject Matter Expert and senior escalation point, providing expert guidance on architecture, advanced configuration, operational best practices, and long-term platform strategy.
• Design, implement, and continuously evolve enterprise-scale CyberArk platforms, including CyberArk Vault, Password Vault Web Access (PVWA), Central Policy Manager (CPM), Privileged Session Manager (PSM), and Endpoint Privilege Manager (EPM).
• Own the health, availability, performance, and security posture of the CyberArk platform, ensuring high availability, scalability, disaster recovery readiness, and secure operations across global environments.
• Define, document, and enforce platform standards, architectural patterns, and guardrails for privileged access across on-prem, cloud, hybrid, and SaaS environments, aligned with Zero Trust and enterprise security architecture principles.
• Operate CyberArk as a productized security platform, contributing to roadmap development, lifecycle management, and continuous improvement initiatives focused on reliability, automation, and user experience.
• Partner with IAM, infrastructure, cloud, application, and DevOps teams to embed PAM capabilities by design into enterprise platforms, applications, and CI/CD pipelines.
• Drive automation and self-service enablement to streamline privileged account onboarding, credential rotation, access approvals, and operational workflows, reducing manual effort and improving time-to-value.
• Lead complex CyberArk integrations with operating systems, databases, enterprise applications, cloud platforms, and DevSecOps toolchains.
• Design, develop, and maintain custom CPM plugins and PSM connectors, leveraging Plugin Generator Utility, CLI tools, scripting, and automation to support advanced and non-standard use cases.
• Implement and govern secure credential management, session isolation, session monitoring, and privileged workflow enforcement across the enterprise.
• Provide senior-level troubleshooting for complex production incidents, performing root cause analysis and driving permanent corrective actions.
• Participate in incident, problem, and change management forums, making risk-based decisions and recommending compensating controls when deviations from standards are required.
• Ensure adherence to SLA and OLA commitments, driving accountability with internal teams and external vendors supporting the CyberArk platform.
• Support audit, compliance, and risk management activities, including the creation, tracking, and remediation of PAM-related findings.
• Mentor and coach junior engineers, elevating platform capability, engineering maturity, and operational excellence across the team.
• Develop and maintain technical documentation, architectural artifacts, standards, and operational runbooks.
• Present PAM strategies, risks, and improvement initiatives to both technical and non-technical stakeholders, influencing enterprise security architecture, Zero Trust adoption, and identity governance decisions.