CyberArk Architect - iAM/IPAM

Description :

CyberArk Architect with strong integration experience to lead the design, implementation, and integration of CyberArk Privileged Access Management (PAM) solutions across complex enterprise environments. The role requires deep expertise in CyberArk core components, integrations with enterprise platforms, automation, and security architecture, along with the ability to guide PAM strategy and governance.

Key Responsibilities :

CyberArk Architecture & Solution Design :

- Own end-to-end architecture for CyberArk PAM implementations.

- Design scalable, secure, and highly available PAM architectures aligned with Zero Trust and enterprise security strategies.

- Define logical and physical architecture, including vault design, DR, HA, network segmentation, and access models.

CyberArk Platform Components :

- Architect and implement :

- CyberArk Privilege Cloud / PAM Self-Hosted

- Digital Vault

- Password Vault Web Access (PVWA)

- Central Policy Manager (CPM)

- Privileged Session Manager (PSM / PSM for SSH / PSM for Web)

- Endpoint Privilege Manager (EPM) (where applicable)

- Define vault hardening, access control models, and platform security baselines.

Integrations & Automation :

- Design and implement integrations with :

- Identity Providers : Active Directory, Azure AD / Entra ID, LDAP

- ITSM Platforms : ServiceNow (request, approval, ticketing workflows)

- Cloud Platforms : AWS, Azure, GCP

- DevOps & Automation Tools : Jenkins, Ansible, Terraform, CI/CD pipelines

- Security Tools : SIEM (Splunk, Sentinel), SOAR platforms

- Implement REST API-based integrations and custom automation.

- Enable Secrets Management integrations for :

- Applications

- Containers

- Cloud-native workloads (Kubernetes, CI/CD tools)

- Ensure secure integrations using certificates, tokens, and encryption standards.

Privileged Access Governance & Controls :

- Define and implement :

- Privileged account lifecycle management

- Password rotation and credential vaulting

- Session isolation, monitoring, and recording

- Least privilege and Just-in-Time (JIT) access

- Integrate PAM with IAM / IGA platforms (SailPoint, Saviynt) for end-to-end governance.

Platform Operations & Optimization :

- Lead :

- Platform upgrades and version migrations

- Performance tuning and scalability planning

- High availability and disaster recovery design/testing

- Define operational runbooks and support models.

- Support SOC teams with alerting, session review, and incident investigations.

Governance, Risk & Compliance :

- Ensure alignment with SOX, PCI-DSS, ISO 27001, HIPAA, and internal security standards.

- Design audit-ready privileged access controls and reporting.

- Support internal and external audits related to privileged access.

Technical Leadership & Stakeholder Management :

- Act as technical lead and trusted advisor for PAM programs.

- Lead architecture workshops, design reviews, and security discussions.

- Mentor CyberArk engineers and review solution designs.

- Support pre-sales activities including architecture inputs, effort estimation, and solution proposals.

Required Skills & Experience :

Mandatory :

- 8 to 12+ years of security/IAM experience with 46+ years on CyberArk

- Strong hands-on experience with :

- CyberArk PAM architecture and core components

- Enterprise-scale CyberArk deployments

- API-based and ITSM integrations

- Proven experience integrating CyberArk with :

- Active Directory / Azure AD (Entra ID)

- ServiceNow

- Cloud platforms (AWS, Azure)

- Strong understanding of PAM concepts, Zero Trust, and least privilege models

Technical Skills :

- CyberArk REST APIs

- PowerShell, Bash, Python scripting

- Authentication & federation concepts

- Network security fundamentals (firewalls, segmentation, certificates)

- SIEM/SOC integration and log forwarding