Key skills
PythonPowerShellAWSAzureGoogle CloudLDAPActive DirectoryIdentity ManagementSentryCommunicationZero Trust
About this role
Position: CyberArk Senior Engineer
Location: Remote
Hiring Mode: 3+ Months Contract
Job Description:
We're seeking a highly skilled and motivated CyberArk Senior Engineer to join our team. The ideal candidate possesses deep technical expertise in the CyberArk, with a specific focus on implementing and managing Endpoint Privilege Manager (EPM). This role is not just about execution; it requires a strong understanding of security architecture principles to design, evolve, and govern the PAM environment.
Key Responsibilities
CyberArk EPM Implementation & Management:
- Co-Lead the planning, installation, configuration, and ongoing maintenance of the CyberArk EPM solution across the enterprise endpoint landscape (Windows, macOS).
- Develop and manage EPM policies, application control rules, and trusted application definitions to enforce least privilege principles and block malicious activity.
- Collaborate with endpoint, infrastructure, and application teams to onboard endpoints and integrate EPM with existing management tools.
Architecture & Design:
- Serve as a trusted Cyberark resource on EPM, and process improvements around EPM.
- Translate high-level business and security requirements into robust, scalable, and secure technical designs and deployment strategies for EPM.
- Provide architectural guidance for the integration of CyberArk components with Identity Providers (IdP), Security Information and Event Management (SIEM), and other critical security infrastructure.
Engineering & Operations:
- Develop and implement automation (e.g., PowerShell, REST APIs) for EPM deployment, policy lifecycle management, and reporting.
- Perform performance tuning, monitoring, and troubleshooting of the CyberArk environment, ensuring high availability and resilience.
- Create and maintain comprehensive documentation, including design documents, runbooks, and operational procedures.
Consultation & Governance:
- Act as a security consultant to business units, explaining the architectural "why" behind EPM policy decisions and providing strategic guidance on privilege removal.
- Conduct regular security reviews and audits of the CyberArk platform to ensure compliance with internal standards and external regulations.
Required Qualifications
- Experience: 5+ years of experience in Information Security, with at least 3+ years dedicated to implementing and engineering CyberArk EPM solutions in a large, complex environment.
- CyberArk Expertise: Mandatory deep hands-on experience with CyberArk Endpoint Privilege Manager (EPM), including policy creation, agent deployment, removing local admin rights, and application control.
- Architecture Knowledge: Proven ability to understand the architectural philosophy of a PAM solution including least privilege, zero trust, shared technology platforms, and segmentation and translate this into practical engineering deliverables.
Technical Skills:
- Expertise in Windows and macOS operating systems, including user privilege models, security hardening, and troubleshooting endpoint-related issues.
- Strong scripting skills (e.g., PowerShell, Python) for automation and integration.
- Solid understanding of Active Directory, LDAP, Kerberos, and other core identity services.
- Communication: Excellent verbal and written communication skills with the ability to articulate complex technical concepts and architectural decisions to technical and non-technical stakeholders.
Preferred Qualifications
- Certifications: CyberArk Certified Defender (CCD), CyberArk Certified Sentry (CCS), or CyberArk Certified Guardian (CCG).
- Cloud Experience: Experience implementing EPM or other PAM solutions in a hybrid or multi-cloud environment (AWS, Azure, Google Cloud Platform).
- Related Technologies: Familiarity with other privileged identity management tools or security concepts like Just-in-Time (JIT) PAM, Secrets Management, and DevOps security practices.