Senior PAM Engineer - CyberArk (Remote in the US)
About the Role
We're looking for a Senior CyberArk Engineer to design, implement, and optimize Privileged Access Management (PAM) solutions for our clients. This role is ideal for someone with a strong professional services or consulting background — you've worked across multiple client environments, managed competing priorities, and know how to translate business requirements into secure, scalable CyberArk architectures.
This is a 100% remote position but applicants must be in the US to be considered.
What You'll Do
Lead end-to-end CyberArk implementations, upgrades, and migrations across diverse client environments (on-prem, hybrid, and cloud)
Design and deploy core CyberArk components: Vault, CPM, PVWA, PSM, PSMP, and PTA
Conduct discovery workshops with client stakeholders to gather requirements and define PAM strategy and architecture
Develop and execute onboarding plans for privileged accounts (Windows, Unix/Linux, databases, network devices, cloud platforms)
Integrate CyberArk with adjacent systems (SIEM, ITSM, IAM, ticketing tools, AD/LDAP) via REST APIs and connectors
Create platform configurations, custom connectors, and PSM plugins/recordings for non-standard target systems
Produce clear, client-ready documentation: solution designs, runbooks, architecture diagrams, and knowledge transfer materials
Manage project timelines, scope, and client communications, often across multiple concurrent engagements
Troubleshoot complex production issues and provide escalation support
Mentor junior engineers and contribute to internal methodology, accelerators, and best-practice playbooks
Stay current on CyberArk product roadmap, releases, and emerging PAM/identity security trends
Embraces emerging technologies, including AI tools, to work smarter, solve problems, and drive better business outcomes
What We're Looking For
Required
5+ years of hands-on CyberArk experience, including at least 2+ years in a professional services, consulting, or systems integrator environment
Demonstrated experience leading or playing a key role in multiple full-lifecycle CyberArk implementations for different clients
Deep technical knowledge of CyberArk PAS suite (Vault, CPM, PVWA, PSM, PSMP, PTA/PTA-EPM)
Experience with platform onboarding across varied target types (Windows, Unix/Linux, databases, network/security devices, cloud IAM)
Strong scripting skills (PowerShell, Python, or similar) for automation and custom integrations
Familiarity with REST APIs and experience building or supporting CyberArk integrations
Excellent client-facing communication skills — comfortable presenting to both technical teams and executive stakeholders
Ability to manage ambiguity, shifting priorities, and multiple client engagements simultaneously
Strong documentation skills and attention to detail
Preferred
CyberArk certifications (CDE, Sentry, Defender, or equivalent)
Experience with CyberArk cloud offerings (Privilege Cloud, Identity Security Platform)
Exposure to other IAM/PAM tools (BeyondTrust, Delinea, SailPoint, Okta) for comparative or migration context
Experience with DevOps/Secrets Manager use cases (CyberArk Conjur, AAM)
Background in regulated industries (finance, healthcare, government) and associated compliance frameworks (SOX, HIPAA, PCI-DSS)