Key skills
AWSAzureGCPVaultIAMLDAPActive DirectoryREST APIChange ManagementCommunication
About this role
Airitos, LLC is seeking an experienced PAM Engineer with deep CyberArk expertise to join an active implementation project at a major financial services client. The role involves onboarding privileged accounts, managing CyberArk integrations, and ensuring compliance with security protocols.
Responsibilities:
- Onboard privileged accounts across Windows, Linux/Unix, databases, network devices, and cloud platforms into CyberArk Vault
- Configure and manage CPM (Central Policy Manager) plugins and policies for automated password rotation
- Deploy and troubleshoot PSM (Privileged Session Manager) and PSM for SSH/Web connectors
- Build and customize CyberArk platforms, connection components, and usage profiles to meet client requirements
- Integrate CyberArk with enterprise directories (Active Directory, LDAP), SIEM, ticketing systems, and MFA providers
- Support Secrets Manager / Conjur or Application Access Manager (AAM) implementations for application credential management
- Develop and refine safe structures, access control policies, and role-based access workflows
- Troubleshoot vault, connector, and component issues across Dev, UAT, and Production environments
- Participate in change management processes and document configurations, runbooks, and operational procedures
- Collaborate with client security, infrastructure, and application teams to plan and execute onboarding waves
- Support audit and compliance requirements by ensuring session recording, access logging, and reporting are properly configured
Requirements:
- Experienced PAM Engineer with deep CyberArk expertise
- Onboard privileged accounts across Windows, Linux/Unix, databases, network devices, and cloud platforms into CyberArk Vault
- Configure and manage CPM (Central Policy Manager) plugins and policies for automated password rotation
- Deploy and troubleshoot PSM (Privileged Session Manager) and PSM for SSH/Web connectors
- Build and customize CyberArk platforms, connection components, and usage profiles to meet client requirements
- Integrate CyberArk with enterprise directories (Active Directory, LDAP), SIEM, ticketing systems, and MFA providers
- Support Secrets Manager / Conjur or Application Access Manager (AAM) implementations for application credential management
- Develop and refine safe structures, access control policies, and role-based access workflows
- Troubleshoot vault, connector, and component issues across Dev, UAT, and Production environments
- Participate in change management processes and document configurations, runbooks, and operational procedures
- Collaborate with client security, infrastructure, and application teams to plan and execute onboarding waves
- Support audit and compliance requirements by ensuring session recording, access logging, and reporting are properly configured
- Strong working knowledge of CyberArk Privileged Access Security (PAS) suite, including Vault, PVWA, CPM, PSM, and AAM/Conjur
- Proficiency with CyberArk platform customization, including CPM plugins, PSM connectors, and connection components
- Experience with REST API integrations and CyberArk CLI utilities (PACli, RESTAPI)
- Solid understanding of Windows Server, Active Directory, Group Policy, and Linux/Unix system administration
- Familiarity with networking fundamentals (DNS, firewalls, load balancers) as they relate to CyberArk architecture
- Working knowledge of cloud platforms (AWS, Azure, GCP) and managing cloud-native privileged accounts
- Strong troubleshooting and log analysis skills across CyberArk components
- Clear written and verbal communication skills, comfortable working directly with client stakeholders
- 3+ years of hands-on CyberArk implementation and administration experience
- Demonstrated experience with large-scale account onboarding and platform buildout projects
- Prior consulting or client-facing delivery experience, comfortable operating with autonomy in a client environment
- Experience working within regulated industries (financial services, banking, insurance) and familiarity with compliance frameworks such as SOX, PCI-DSS, FFIEC, or NIST
- Background in broader IAM or security operations
- Experience participating in change advisory board (CAB) processes and enterprise release management workflows
- Remote position, with possible infrequent travel to client site
- Must be authorized to work in the USA
- CyberArk Certified Delivery Engineer (CDE) or CyberArk Defender certification preferred