CyberArk PAM Self-Hosted Architect

CyberArk PAM Self-Hosted Architect (with Secrets Manager Enterprise ) – SC Cleared / Eligible

Key Responsibilities

• Own the end-to-end architecture and high-level design for CyberArk PAM Self-Hosted and CyberArk Conjur as strategic platforms for Privileged Access Management and secrets management.
• Define and maintain reference architectures, patterns and standards for onboarding infrastructure, applications, DevOps platforms and third parties into CyberArk.
• Design CyberArk PAM Self-Hosted components (Vault, PVWA, PSM, CPM, PSMP, PTA, DR) for resilience, scalability, segregation of duties and regulatory compliance.
• Architect CyberArk Conjur and Credential Provider to securely manage application, machine and DevOps secrets, including integration with CI/CD pipelines, containers, Kubernetes/OpenShift and cloud platforms.
• Work closely with security, DevOps and infrastructure teams to design integrations with AD/LDAP, identity providers (SAML/OIDC), SIEM (Splunk), ITSM and ticketing tools.
• Lead CyberArk secret management solution installation, configuration, testing and handover the solution to Run and Maintain Team.
• Provide architectural leadership on privileged access risk reduction, including threat modelling, control selection and alignment with security policies and standards.
• Act as a trusted advisor to senior stakeholders (CISO, security architecture, platform owners, programme management), explaining PAM and secrets architectures in clear business terms.
• Govern and review detailed designs and implementation by SMEs and delivery partners to ensure conformance with architecture and security requirements.
• Contribute to roadmaps, business cases and investment planning for PAM and secrets management capabilities.
• Provide technical oversight and mentorship to PAM and DevOps teams, promoting best practice and knowledge sharing.

Required Skills and Experience

• Significant experience (typically 7+ years) in cybersecurity architecture, including a deep understanding of Privileged Access Management (PAM) in complex, regulated environments.
• Proven, hands-on architectural experience with CyberArk PAM Self-Hosted, including most of: Vault, PVWA, PSM, CPM, PSMP, PTA, DR and associated components.
• Strong experience designing and integrating CyberArk Secret management solution Conjur and Credential provider for application and DevOps secrets management.
• Demonstrable experience designing CyberArk integrations with Microsoft Active Directory/LDAP, identity providers (SAML/OIDC), SIEM, ITSM and ticketing tools and one MFA tool
• Understanding of DevOps and cloud-native ecosystems (e.g. Kubernetes, Jenkins, OpenShift, CI/CD pipelines, infrastructure-as-code) and how to embed CyberArk Conjur in these.
• Solid awareness of security and audit expectations (e.g. NCSC guidance, ISO 27001, NIST, FCA/financial or government standards).
• Strong stakeholder management skills, with the ability to communicate complex PAM and secrets topics to technical and non-technical stakeholders, up to senior management.
• Experience working in or with secure, classified or national security-related environments.
• Excellent documentation skills (HLD/LLD, patterns, design decisions) and ability to provide clear architectural direction.
• Has hands on experience of leading and delivering several CyberArk PAM and secret management projects.

Desirable Qualifications/Certifications

• CyberArk Certifications Sentry, CDE or Guardian focusing on PAM Self-Hosted