Job Description

- CyberArk Engineer

Position Overview

We are seeking an experienced CyberArk Engineer to manage and enhance our Privileged Access Management (PAM) capabilities. The role will focus on administering the CyberArk platform, onboarding accounts, enforcing security policies, and ensuring compliance with regulatory standards. The ideal candidate will have strong hands-on experience in CyberArk administration, privileged access security, and integration with enterprise and cloud environments.

Key Responsibilities

CyberArk Administration

Administer and maintain the CyberArk PAM platform, including Vault, PVWA, CPM, and PSM. Onboard privileged accounts, applications, SSH keys, and machine identities. Configure password rotation, credential vaulting, and policy enforcement. Manage connectors and plugins for enterprise integrations. Perform upgrades, patching, and ongoing maintenance.

Privileged Access Security

Implement least privilege principles for admin, service, and application accounts. Enforce Just-in-Time (JIT) access for privileged accounts. Monitor privileged sessions using PSM and review recordings for anomalies. Integrate CyberArk with SIEM/SOAR platforms to support threat detection and response. Collaborate with SOC to investigate and remediate privileged account misuse.

Governance, Risk & Compliance

Ensure PAM policies align with MAS TRM, PCI-DSS, ISO 27001, and NIST CSF standards. Support audit reporting and privileged access reviews. Participate in risk assessments and remediation planning. Maintain up-to-date documentation, SOPs, and PAM playbooks.

Continuous Improvement & Integration

Collaborate with IAM and security architecture teams to align PAM with enterprise IAM roadmap. Integrate CyberArk with cloud platforms (AWS, Azure, GCP) and DevOps pipelines. Explore CyberArk advanced modules such as Conjur, Alero, and Endpoint Privilege Manager. Automate onboarding and account lifecycle tasks via APIs, Python, or PowerShell scripting.

Key Performance Indicators (KPIs)

% of privileged accounts onboarded and vaulted. SLA adherence for account onboarding and password rotation. % reduction in unmonitored privileged sessions. Compliance audit success rate. MTTR (Mean Time to Remediate) privileged account incidents. Automation coverage (manual vs automated onboarding).

Education & Experience

Education: Diploma/Bachelor's degree in Information Technology, Cybersecurity, or related field. Experience: 3-6 years of professional experience in CyberArk administration and Privileged Access Management. Mandatory Skills: + CyberArk PAM (Vault, PVWA, CPM, PSM)
+ Privileged Access Management principles and enforcement
+ Scripting (Python/PowerShell) for automation
Good to Have: + Experience with cloud PAM integration (AWS, Azure, GCP)
+ Familiarity with advanced CyberArk modules (Alero, Conjur, EPM)
+ Knowledge of security and compliance standards (PCI-DSS, MAS TRM, ISO 27001, NIST CSF)