Bridgesoft - Senior CyberArk Engineer - SIEM/SOAR

Job Description :

We are seeking a Senior CyberArk Engineer with deep expertise in Privileged Access Management (PAM) as part of our Identity & Access Management (IAM) program. You will design, implement, secure, and operate CyberArk solutions at scale, integrating across hybrid infrastructure (on-prem and cloud). This role will own the end-to-end privileged identity lifecycle, delivering strong controls for least privilege, credential rotation, session isolation, and audit.

Responsibilities :

Architecture & Design :

- Define and enforce vault hardening, platform policies, safe structure, onboarding workflows, retention, and break-glass procedures.

- Engineer integrations with AD/LDAP, MFA/IdP (Azure AD, Okta), SIEM/SOAR, ITSM (ServiceNow), and cloud providers (AWS/Azure/GCP).

- Establish DR/HA architecture, backup/restore, and runbooks.

Implementation & Automation :

- Build and customize CPM plugins, PSM connectors, and platforms; manage rotation, reconciliation, and verification policies.

- Automate via CyberArk REST APIs, PACLI, and scripts (PowerShell, Python, Bash); integrate with CI/CD (Jenkins, Azure DevOps), Ansible, and Terraform for policy-as-code where applicable.

- Implement Endpoint Privilege Management (EPM) for least privilege on workstations/servers (application control, elevation policies, JIT access).

Operations & Security :

- Monitor PTA/threat analytics and respond to anomalies (e.g., suspicious session behavior, policy violations).

- Create dashboards and reports for compliance (SOX, PCI DSS, ISO 27001), audit reviews, and management reporting.

- Coordinate with Security, Platform, Network, Cloud, and App teams to remediate findings and improve control coverage.

Governance & Compliance :

- Maintain standards, baselines, SOPs, and technical documentation; contribute to policy and control mapping.

- Support internal/external audits, evidence collection, and control testing.

Incident Response & Support :

- Lead privilege-related incident response (credential exposure, misuse, suspicious sessions, break-glass events).

Qualifications :

- Strong hands-on with core CyberArk components : EPV/Vault, PVWA, PSM, CPM, PSMP, PTA, EPM.

- Proven experience with platforms & plugins (Windows/Unix, databases, network devices), onboarding flows, and session management (recording, keystroke indexing, live monitoring).

- Expertise in AD/LDAP, Kerberos, MFA/SSO/IdP, RBAC, privilege elevation, least privilege.

- Proficiency in scripting/automation : PowerShell and Python (APIs, task automation, reporting).

- Experience integrating with cloud (AWS/Azure/GCP) and DevOps toolchains for secrets management (e.g., Conjur/Secrets Manager, AAM).

- Good understanding of networking, TLS/certificates, Windows/Linux administration, and security hardening.

- Familiarity with compliance frameworks : SOX, PCI DSS, ISO 27001, and audit-ready evidence/reporting.

- Excellent documentation, communication, and cross-functional collaboration skills.

Education & Certifications :

- CyberArk Certifications : Defender (PAM/EPM), Sentry, Guardian (highly preferred).

- Security certifications : CISSP, CISM, CCSP, or equivalent.

Preferred Experience :

- EPM policy design for Windows/macOS/Linux endpoints (application allow/deny, elevation workflows).

- Secrets management in CI/CD and microservices (e.g., Conjur/OpenShift/Kubernetes).

- Integration with SIEM/SOAR (Splunk, Sentinel, QRadar) and ITSM (ServiceNow) for approvals and auto-onboarding.

- Key management and SSH cert-based workflows; passwordless patterns (JIT, JEA/JITP).

- Exposure to PAM for OT/ICS environments (if relevant to the industry).