PAM Engineer - CyberArk

About The Position

Requirements

• Strong working knowledge of CyberArk Privileged Access Security (PAS) suite, including Vault, PVWA, CPM, PSM, and AAM/Conjur
• Proficiency with CyberArk platform customization, including CPM plugins, PSM connectors, and connection components
• Experience with REST API integrations and CyberArk CLI utilities (PACli, RESTAPI)
• Solid understanding of Windows Server, Active Directory, Group Policy, and Linux/Unix system administration
• Familiarity with networking fundamentals (DNS, firewalls, load balancers) as they relate to CyberArk architecture
• Working knowledge of cloud platforms (AWS, Azure, GCP) and managing cloud-native privileged accounts
• Strong troubleshooting and log analysis skills across CyberArk components
• 3+ years of hands-on CyberArk implementation and administration experience
• Demonstrated experience with large-scale account onboarding and platform buildout projects
• Prior consulting or client-facing delivery experience, comfortable operating with autonomy in a client environment
• Must be authorized to work in the USA

Nice To Haves

• CyberArk Certified Delivery Engineer (CDE) or CyberArk Defender certification preferred
• Clear written and verbal communication skills, comfortable working directly with client stakeholders
• Experience working within regulated industries (financial services, banking, insurance) and familiarity with compliance frameworks such as SOX, PCI-DSS, FFIEC, or NIST is a strong plus
• Background in broader IAM or security operations is a plus
• Experience participating in change advisory board (CAB) processes and enterprise release management workflows

Responsibilities

• Onboard privileged accounts across Windows, Linux/Unix, databases, network devices, and cloud platforms into CyberArk Vault
• Configure and manage CPM (Central Policy Manager) plugins and policies for automated password rotation
• Deploy and troubleshoot PSM (Privileged Session Manager) and PSM for SSH/Web connectors
• Build and customize CyberArk platforms, connection components, and usage profiles to meet client requirements
• Integrate CyberArk with enterprise directories (Active Directory, LDAP), SIEM, ticketing systems, and MFA providers
• Support Secrets Manager / Conjur or Application Access Manager (AAM) implementations for application credential management
• Develop and refine safe structures, access control policies, and role-based access workflows
• Troubleshoot vault, connector, and component issues across Dev, UAT, and Production environments
• Participate in change management processes and document configurations, runbooks, and operational procedures
• Collaborate with client security, infrastructure, and application teams to plan and execute onboarding waves
• Support audit and compliance requirements by ensuring session recording, access logging, and reporting are properly configured