CyberArk PAM Engineer Security
Quick Overview
Job Description
Please note I have direct access to the Hiring Director on this position. This position is 100% Remote and does NOT include any travel.
Duration: 3-12+ Months
This is an outstanding opportunity for a CyberArk PAM Engineer to participate in large global CyberArk PAM implementations and, if so desired, expand their skillset to other security areas.
We are a growing Cybersecurity VAR and Systems Integrator specializing in Identity and Access Management (IAM), Privileged Access Management (PAM), Cloud Infrastructure Entitlement Management (CIEM), and GRC services. We are an active member of the Decentralized Identity Foundation (DIF). We are looking for a CyberArk Implementation Engineer (Professional Services) to meet high growth demands.
We are seeking a highly skilled CyberArk Implementation Engineer to join our Professional Services Delivery Team. In this role, the CyberArk PAM Engineer will act as the primary technical CyberArk PAM delivery expert for our enterprise clients and partners. Post sale, the CyberArk PAM Engineer will step in to own the end to end deployment of CyberArk PAM lifecycle, including translating high-level PAM and Security architectural designs into fully realized, production-ready CyberArk environments.
Responsibilities
CyberArk Deployment & Integration:
- Architecture Validation: Review client infrastructures, network topologies, and Active Directory structures to validate deployment plans before CyberArk installation.
- CyberArk Vault & Module Installation: Install, configure, and harden core CyberArk components including the Enterprise Password Vault (EPV), Central Policy Manager (CPM), Privileged Session Manager (PSM), and Privileged Web Access (PVWA).
- CyberArk Privilege Cloud Migration: Orchestrate deployments of CyberArk Privilege Cloud (P Cloud), including configuring local connectors (CPM/PSM) and managing secure cloud-to-on-prem communication.
- Onboarding & Configuration: Create platform policies, configure safe structures, configure automated password rotation rules, and onboard target privileged accounts (Windows, Unix/Linux, Databases, Network Devices).
- Machine Security Integration: Configure CyberArk Secrets Manager / Application Access Manager (AAM) to secure hardcoded credentials across client applications, CI/CD pipelines, and RPA tools.
Consultative Delivery & Partner Enablement
- Kickoff & Requirements Gathering: Guide client stakeholders through discovery sessions to map out scoping, domain controller integrations, and security policies.
- UAT & Testing: Lead User Acceptance Testing (UAT), documenting system performance, troubleshooting session broker failures, and ensuring seamless failover capabilities.
- Handover & Enablement: Deliver detailed "as-built" documentation and conduct interactive training handovers to client IT administrators for day-to-day operations.
Requirements:
- Must have 5+ years of hands-on experience designing, deploying, and configuring CyberArk PAM suites in mid-to-enterprise environments.
- Strong technical literacy in Active Directory, LDAP, Group Policy (GPOs), Kerberos, and overall Windows/Linux enterprise security administration.
- Solid understanding of firewall rules, load balancers, IIS, TLS certificates, and network security protocols.
- The following are only a Plus; NOT Mandatory: CyberArk IAM, CyberArk EPM, CyberArk SSO and MFA, Saviynt PAM, BeyondTrust, Okta PAM, writing scripts (PowerShell, Bash) or using REST APIs to automate account onboarding or customize CyberArk connection components, prior experience working for a Value-Added Reseller (VAR), System Integrator (SI), or Professional Services organization delivering external client-facing projects, any CyberArk Certifications: CyberArk Certified Delivery Engineer (CDE) or Certified Defender/Sentry status. Again, these are only a Plus, NOT Mandatory.
Note: Contract Flexibility
We understand that top-tier security talent requires flexibility. We are open to configuring this contract based on your availability:
- Option A: Full-Time dedication (40 hours/week, standard business hours) running point on client projects.
- Option B: Part-Time dedication (flexible hours) providing specialized technical execution during critical project phases.
Skills
Similar jobs
CBTC Systems Engineering Lead - Rail & Transit with Security Clearance
Parsons · Seattle, United States
3 minutes ago$134.1k - $241.4k/yrVendor Security Management Specialist
StratEdge It consulting INC · Austin, United States
4 minutes agoSystems Architect with Security Clearance
Guidehouse · Rockville, United States
57 minutes ago$130k - $216k/yrExternal Integration Support & Capability Lead with Security Clearance
Parsons · schriever sfb, United States
57 minutes ago$112.2k - $196.4k/yrInformation Systems Security Officer (ISSO) with Security Clearance
Echelon Services, LLC · Hanahan, United States
57 minutes agoSecurity Operations Center Subject Matter Expert (SOC/SME) - USSOCOM Zero Trust
Kentro · Tampa, United States
1 hour ago