Haystack
← Back to Jobs
Other

CyberArk (EPM) Architect

HR PunditsSan Jose, CA🇺🇸United StatesPosted 13 Jul 2026

Quick Overview

Work Type
Hybrid
Level
Mid Senior

Job Description

CyberArk (EPM) Architect

Sanjose, CA

Contract








Architect, deploy, and configure CyberArk EPM across enterprise Windows and macOS environments.

Lead end to end migration of CyberArk EPM policies, configurations, application groups, and rule sets from one environment/tenant to another.

Design and implement application control, privilege elevation, and least privilege strategies.

Develop, optimize, and troubleshoot EPM policies, trusted applications, and elevation rules.

Integrate CyberArk EPM with enterprise identity, security, and endpoint management platforms (Microsoft Intune, MECM/SCCM, SentinelOne, SIEM, etc.).

Automate deployment, policy management, and migration activities using PowerShell and REST APIs.

Perform architecture reviews, health assessments, and recommend best practices for performance, scalability, and security.

Collaborate with security, infrastructure, desktop engineering, and application teams throughout implementation and migration projects.

Create technical documentation, migration runbooks, and operational procedures.

Provide Level 3/4 technical support and mentor engineering teams.

8+ years of endpoint security experience with 4+ years of hands-on CyberArk EPM architecture and implementation.

Proven experience deploying CyberArk EPM in large enterprise environments.

Strong experience migrating CyberArk EPM from one tenant/environment to another, including policy and configuration migration.

Deep understanding of application control, privilege management, allow/block rules, elevation policies, and sub process elevation.

Strong PowerShell scripting and API automation experience.

Experience with Microsoft Intune, MECM/SCCM, Active Directory, Entra ID, Windows security, and endpoint management.

Strong troubleshooting, communication, documentation, and stakeholder management skills.

CyberArk certifications (EPM, Defender, Sentry, or Guardian).

Experience with enterprise transformation, Zero Trust, and Privileged Access Management (PAM) initiatives.

Experience integrating EPM with SIEM, EDR/XDR, and ITSM platforms.

Skills

Active Directory
PowerShell
REST
Stakeholder Management
Technical Support
Zero Trust

Similar jobs