Role: CyberArk PAM EngineerRole Overview
Design, develop, and implement CyberArk PAM solutions across enterprise environments. Customize core components (PVWA, CPM, PSM, PSM SSH) and manage end-to-end privileged access lifecycle.
Key Responsibilities
- Implement and manage CyberArk Vault, PVWA, CPM, PSM
- Onboard privileged, service, and application accounts (Windows, Unix/Linux, DB, network, cloud)
- Develop custom plugins, REST API integrations, and automation scripts
- Configure password rotation, credential checkout, session recording
- Integrate CyberArk with IAM / CIAM / IGA tools (SailPoint, Azure AD, LDAP)
- Perform PAM upgrades, patching, and platform hardening
- Troubleshoot performance issues and platform bottlenecks
- Ensure compliance with SOX, ISO 27001, SOC
- Create technical documentation, onboarding standards, runbooks
- Collaborate with security, cloud, infra, and app teams
- Provide L3 support and mentor junior engineers
Essential Skills (Hard Skills)
- CyberArk PAM expertise (3–5+ years): Vault, PVWA, CPM, PSM, Safe design, access policies
- Strong scripting: PowerShell (preferred), Python, Shell
- Experience with REST APIs, JSON, web services
- Knowledge of PAM concepts: least privilege, credential vaulting, session monitoring
- Hands-on with Active Directory, LDAP, Windows, Unix/Linux
- Exposure to cloud platforms: AWS, Azure, GCP
Soft Skills
- Strong problem-solving and troubleshooting
- Ability to work independently and lead implementations
- Effective communication and cross-team collaboration
- Mentorship and knowledge sharing
- Detail-oriented with documentation skills
Experience
- 5+ years in Cybersecurity / IAM / PAM engineering
- Experience in enterprise-scale, regulated environments
Certifications (Preferred)
- CyberArk Defender (PAM)
- CISSP / CISM (nice to have)
- Cloud certifications (AWS / Azure – plus)
Job Type: Full-time
Pay: $70.00-$90.00 per hour
Work Location: Hybrid remote in Brampton, ON
