· Design, implement, and manage CyberArk Privileged Access Management (PAM) solutions to safeguard critical infrastructure and sensitive credentials across the organization. Serve as a Subject Matter Expert (SME) for CyberArk, driving PAM strategy, enforcing least-privilege principles, and ensuring compliance with security policies and regulatory requirements.
· Implement and maintain security measures to protect an organization's cloud infrastructure, networks, and data. Work on monitoring security systems, identifying and responding to security incidents, and performing vulnerability assessments across cloud platforms.
Key Accountabilities
Strategic Activities
PAM Architecture & Implementation: Lead the end-to-end design, deployment, and configuration of CyberArk components including EPV (Enterprise Password Vault), CPM (Central Policy Manager), PVWA (Password Vault Web Access), PSM (Privileged Session Manager), PSMP, AIM/AAM, and PTA (Privileged Threat Analytics).
Onboarding & Safe Management: Manage the onboarding of privileged accounts (Windows, Unix/Linux, databases, network devices, cloud platforms) into CyberArk vaults, configure Safes, platforms, and Master Policy in alignment with organizational security standards.
Session Management & Monitoring: Configure and manage Privileged Session Manager (PSM) for session recording, monitoring, and auditing of privileged user activity to support forensic investigations and compliance requirements.
Credential & Secret Management: Implement and maintain CyberArk Application Identity Manager (AIM/AAM) and Secrets Manager for secure application-to-application credential management, eliminating hard-coded credentials.
Security Policy Enforcement: Define and enforce least-privilege access controls, implement dual-control workflows, enforce password rotation policies, and ensure continuous alignment with CyberArk best practices and vendor recommendations.
Incident Response & Threat Analytics: Utilize CyberArk PTA to detect, investigate, and respond to anomalous privileged access behaviour; collaborate with the SOC team on PAM-related security incidents.
Integrations: Integrate CyberArk with enterprise SIEM, ITSM (ServiceNow), Active Directory/LDAP, MFA solutions, and ticketing systems to enable automated workflows and centralized visibility.
Upgrades & Patching: Plan and execute CyberArk component upgrades, patching, and hotfix deployments with minimal operational disruption, following change management processes.
Compliance & Audit Support: Produce evidence, reports, and documentation to satisfy internal and external audits (ISO 27001, SOC 2, PCI-DSS, NIST, etc.) related to privileged access management.
Documentation & Knowledge Sharing: Maintain comprehensive technical documentation including runbooks, SOP guides, architecture diagrams, and training materials; mentor junior team members on PAM concepts and CyberArk tooling.
Any other additional responsibility could be assigned to the role holder from time to time as a standalone project or regular work. The same would be suitably represented in the Primary responsibilities and agreed between the incumbent, reporting officer and HR.
Skills Required for the role
Deep hands-on expertise in CyberArk PAM components: EPV, CPM, PVWA, PSM, PSMP, AIM/AAM, and PTA.
Solid understanding of identity and access management (IAM) principles and zero-trust security models.
Proficiency in scripting (PowerShell, Python, or REST API calls) to automate CyberArk administrative tasks.
Strong knowledge of Windows Server, Active Directory, Unix/Linux systems, and network security fundamentals.
Excellent problem-solving, analytical thinking, and incident-handling skills under pressure.
Strong communication skills with the ability to articulate technical concepts to non-technical stakeholders.
D. Educational and Experience Requirements
Minimum Education Requirement
Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field. Equivalent work experience may be considered.
Minimum Requirement
Desired
Experience
2-4+ years of hands-on CyberArk SME experience covering:
EPV, CPM, PVWA, PSM, PSMP deployment and administration
AIM/AAM and Secrets Manager configuration
Privileged Threat Analytics (PTA) setup and tuning
Platform and Safe management
· CyberArk REST API / PACLI usage.
Master's degree in Cybersecurity, Information Assurance, or related discipline.
Experience in cloud PAM (AWS, Azure, GCP) using CyberArk Cloud Entitlements Manager or equivalent
Prior exposure to DevSecOps / CI-CD secrets management pipelines
Experience working in regulated industries (BFSI, Healthcare, Energy, Aviation)
Familiarity with competing PAM tools (BeyondTrust, Thycotic/Delinea)