Trainee Power BI Engineer
June 19, 2026SCCM L3 Engineer
June 19, 2026CyberArk PAM Architect
Remote
Overview
We are looking to hire CyberArk PAM Architect who is available to join immediately or within 30 days. This is a fully remote opportunity
The CyberArk PAM Architect is responsible for the design, implementation, operation, and governance of the CyberArk Privileged Access Management platform. The role provides L3+ engineering support and architectural leadership for securing privileged accounts, service accounts, application credentials, and privileged sessions across on-premises, cloud, and hybrid environments.
LOCATION
Remote
EXPERIENCE
15 - 20 years
FUNCTIONAL AREA
Development
Key Responsibilities
CyberArk Platform Management
- Design, deploy, and maintain CyberArk PAM solutions.
- Manage CyberArk components including:
- Digital Vault
- PVWA
- CPM
- PSM
- PSM for SSH
- PTA
- AAM / Conjur
- Perform upgrades, migrations, and platform optimization.
- Ensure platform availability and resiliency.
Privileged Account Governance
- Onboard privileged accounts and systems.
- Define password rotation policies.
- Implement least privilege controls.
- Manage privileged account lifecycle processes.
- Conduct access reviews and compliance reporting.
Service Account & Application Credential Management
- Discover and onboard service accounts.
- Implement credential rotation and reconciliation.
- Manage application secrets using:
- CyberArk AAM
- CyberArk Conjur
- Secure DevOps and CI/CD privileged credentials.
Session Management & Monitoring
- Configure privileged session monitoring and recording.
- Review session recordings during investigations.
- Define alerting and anomaly detection rules.
- Support incident response and forensic investigations.
Cloud & Hybrid PAM
- Integrate CyberArk with:
- Microsoft Entra ID
- Active Directory
- Azure
- AWS
- GCP
- Kubernetes
- Implement cloud privilege governance.
- Secure privileged access for SaaS platforms.
Architecture & Governance
- Define CyberArk standards and best practices.
- Develop PAM roadmaps and implementation strategies.
- Support audits and compliance initiatives.
- Create technical documentation and operational procedures.
Required Technical Skills
CyberArk Technologies
- CyberArk PAM
- Digital Vault
- CPM
- PVWA
- PSM
- PTA
- AAM
- Conjur
- EPM
Infrastructure Technologies
- Active Directory
- LDAP
- Windows Server
- Linux
- VMware
- IIS
- SQL Server
Scripting & Automation
- PowerShell
- REST APIs
- Python
- CyberArk REST API
Security & Governance
- PAM Architecture
- Zero Trust
- Privileged Session Management
- Credential Management
- Secrets Management
Experience Requirements
- 15+ years in Cybersecurity or IAM.
- 12+ years administering and engineering CyberArk PAM.
- Experience with large-scale CyberArk deployments.
- Experience with service account governance and secrets management.
- Experience supporting enterprise environments with strict compliance requirements.
Preferred Certifications
- CyberArk Defender PAM
- CyberArk Sentry PAM
- CyberArk Guardian
- CISSP
- CISM
- Microsoft SC-300
- Microsoft SC-100
Expected Seniority (L3+)
For both roles, the resource should be capable of:
- Leading technical design workshops.
- Acting as an escalation point for L1/L2 teams.
- Creating architecture standards and governance frameworks.
- Driving remediation of security findings.
- Leading IAM/PAM projects independently.
- Mentoring junior engineers and operations teams.
- Engaging with auditors, security architects, and senior stakeholders.
Required Qualifications (Must Have)
- Extensive experience in Active Directory engineering within enterprise environments
- Proven, hands-on expertise in:
- Active Directory Tiering model (Tier 0 / Tier 1 / Tier 2) – mandatory
- Microsoft Entra ID (Azure AD)
- Conditional Access (design & enforcement)
- Privileged Identity Management (PIM)
- Group Policy (GPO)
- Hybrid identity (AD Connect / Entra ID sync)
- Strong experience with:
- Access governance and access reviews
- Identity security and privileged access controls
- Advanced troubleshooting (AD, authentication, identity sync)
- Proven ability to operate as a expert engineer / SME / technical lead
Mandatory Microsoft Certifications
- Microsoft Certified: Identity and Access Administrator Associate (SC-300)
- Microsoft Certified: Windows Server Hybrid Administrator Associate (AZ-800 & AZ-801)
Preferred / Nice to Have
- Experience with PKI / Certificate Services
- Knowledge of Identity Protection and Zero Trust models
- Exposure to ISO 27001 / audit / compliance frameworks
- Microsoft Certified: Cybersecurity Architect Expert (SC-100)
Key Competencies
- Strong security-first mindset
- Deep understanding of privileged access risks and AD Tiering enforcement
- Ability to drive and influence identity architecture decisions
- Strong ownership and accountability in critical environments
- Excellent problem-solving and advanced troubleshooting skills
- Ability to collaborate across security, cloud, and infrastructure teams
Ideal Candidate
- A senior identity expert who owns Active Directory Tiering end-to-end, has strong command of Microsoft Entra ID, Conditional Access, and PIM, and can drive identity security maturity across hybrid environments.