Title: PAM (CyberArk) EngineerLocation: Bulgaria and Spain (Remote)Employment Contract. (C2H)Job Description:The PAM Engineer is responsible for the deployment, administration, and operational management of Privileged Access Management (PAM) solutions, ensuring secure onboarding, governance, and lifecycle management of privileged accounts and secrets across on-premises and cloud environments. The engineer implements strong credential management controls, Just-in-Time (JIT) access, secrets management, and automation of PAM processes while maintaining compliance with organizational security and audit requirements.KEY RESPONSIBILITIES
- Install, configure, and maintain CyberArk components including Vault, PVWA, CPM, PSM, PTA, and Conjur
- Perform onboarding of privileged accounts across platforms such as Windows, Linux, databases (Oracle, SQL), cloud, and application environments, ensuring proper classification and secure vaulting
- Manage end-to-end privileged account lifecycle including inventory collection, validation, ownership mapping, approval coordination, and onboarding
- Implement and manage Just-in-Time (JIT) privileged access and session management controls
- Enforce password and credential management policies including automated password rotation, password complexity enforcement, and secure credential storage
- Manage secrets for applications using Conjur or equivalent secrets management solutions
- Identify and manage accounts requiring special handling (e.G., service accounts, shared accounts, non-rotating accounts), ensuring appropriate controls and risk mitigation
- Monitor password compliance and remediate accounts not adhering to defined rotation or policy standards
- Provide Level 2/3 support for PAM-related incidents and service requests
- Troubleshoot issues related to CyberArk and integrations with Active Directory, Entra ID (Azure AD), IAM tools, SIEM platforms, and ServiceNow
- Perform regular health checks, system monitoring, patching, and upgrades of CyberArk infrastructure
- Automate PAM processes using scripting and APIs (PowerShell, Python, REST APIs, psPAS) to reduce manual effort
- Support bulk onboarding and large-scale privileged account management through automation and standardized methods
- Design and support integrations between PAM and enterprise IAM systems (e.G., SailPoint, Saviynt, Entra ID) for identity lifecycle and access governance alignment
- Maintain documentation including SOPs, onboarding procedures, runbooks, and automation scripts
- Collaborate with application, infrastructure, and cloud teams to enforce least privilege access and secure credential usage
- Participate in audit and compliance activities by providing evidence, reporting, and demonstrating control effectiveness
- Support governance activities including account recertification, ownership validation, and compliance monitoringREQUIRED SKILLS & QUALIFICATIONS
- Bachelor’s degree in Computer Science, Information Security, or related field
- 4–8 years of experience in IT security, IAM, or PAM engineering
- Strong hands-on experience with CyberArk PAM suite (Vault, CPM, PSM, PVWA)
- Experience with CyberArk Conjur or other enterprise secrets management solutions
- Strong understanding of Just-in-Time (JIT) access and privileged session management
- Experience integrating PAM with IAM platforms (e.G., SailPoint, Saviynt, Entra ID / Azure AD)
- Experience managing privileged access in cloud environments (Azure, AWS)
- Strong understanding of Windows, Linux, Active Directory, and database systems (Oracle, SQL)
- Strong scripting and automation experience (PowerShell, Python, REST APIs)
- Experience with ITSM tools such as ServiceNow and incident/change management processes
- Knowledge of security controls, audit frameworks, and compliance standards
- Strong analytical and problem-solving skillsPREFERRED QUALIFICATIONS:
- CyberArk Defender / Sentry certification
- Experience implementing Conjur in DevOps / CI-CD environments
- Experience with Privileged Threat Analytics (PTA) or advanced monitoring tools
- Exposure to container platforms (Kubernetes, OpenShift) and secrets management
- Familiarity with Zero Trust security architectureSOFT SKILLS :
- Strong analytical and troubleshooting abilities
- Ability to work independently and within cross-functional teams
- Excellent communication skills with both technical and non-technical stakeholders
- Attention to detail and commitment to security best practices