Title: PAM (CyberArk) Engineer
Location: Bulgaria and Spain (Remote)
Employment Contract. (C2H)
Job Description:
The PAM Engineer is responsible for the deployment, administration, and operational management of Privileged Access Management (PAM) solutions, ensuring secure onboarding, governance, and lifecycle management of privileged accounts and secrets across on-premises and cloud environments. The engineer implements strong credential management controls, Just-in-Time (JIT) access, secrets management, and automation of PAM processes while maintaining compliance with organizational security and audit requirements
.KEY RESPONSIBILITIE
S• Install, configure, and maintain CyberArk components including Vault, PVWA, CPM, PSM, PTA, and Conju
r• Perform onboarding of privileged accounts across platforms such as Windows, Linux, databases (Oracle, SQL), cloud, and application environments, ensuring proper classification and secure vaultin
g• Manage end-to-end privileged account lifecycle including inventory collection, validation, ownership mapping, approval coordination, and onboardin
g• Implement and manage Just-in-Time (JIT) privileged access and session management control
s• Enforce password and credential management policies including automated password rotation, password complexity enforcement, and secure credential storag
e• Manage secrets for applications using Conjur or equivalent secrets management solution
s• Identify and manage accounts requiring special handling (e.g., service accounts, shared accounts, non-rotating accounts), ensuring appropriate controls and risk mitigatio
n• Monitor password compliance and remediate accounts not adhering to defined rotation or policy standard
s• Provide Level 2/3 support for PAM-related incidents and service request
s• Troubleshoot issues related to CyberArk and integrations with Active Directory, Entra ID (Azure AD), IAM tools, SIEM platforms, and ServiceNo
w• Perform regular health checks, system monitoring, patching, and upgrades of CyberArk infrastructur
e• Automate PAM processes using scripting and APIs (PowerShell, Python, REST APIs, psPAS) to reduce manual effor
t• Support bulk onboarding and large-scale privileged account management through automation and standardized method
s• Design and support integrations between PAM and enterprise IAM systems (e.g., SailPoint, Saviynt, Entra ID) for identity lifecycle and access governance alignmen
t• Maintain documentation including SOPs, onboarding procedures, runbooks, and automation script
s• Collaborate with application, infrastructure, and cloud teams to enforce least privilege access and secure credential usag
e• Participate in audit and compliance activities by providing evidence, reporting, and demonstrating control effectivenes
s• Support governance activities including account recertification, ownership validation, and compliance monitorin
g
REQUIRED SKILLS & QUALIFICATIO
NS• Bachelor's degree in Computer Science, Information Security, or related fie
ld• 4–8 years of experience in IT security, IAM, or PAM engineeri
ng• Strong hands-on experience with CyberArk PAM suite (Vault, CPM, PSM, PVW
A)• Experience with CyberArk Conjur or other enterprise secrets management solutio
ns• Strong understanding of Just-in-Time (JIT) access and privileged session manageme
nt• Experience integrating PAM with IAM platforms (e.g., SailPoint, Saviynt, Entra ID / Azure A
D)• Experience managing privileged access in cloud environments (Azure, AW
S)• Strong understanding of Windows, Linux, Active Directory, and database systems (Oracle, SQ
L)• Strong scripting and automation experience (PowerShell, Python, REST API
s)• Experience with ITSM tools such as ServiceNow and incident/change management process
es• Knowledge of security controls, audit frameworks, and compliance standar
ds• Strong analytical and problem-solving skil
ls
PREFERRED QUALIFICATIO
NS:• CyberArk Defender / Sentry certificat
ion• Experience implementing Conjur in DevOps / CI-CD environme
nts• Experience with Privileged Threat Analytics (PTA) or advanced monitoring to
ols• Exposure to container platforms (Kubernetes, OpenShift) and secrets managem
ent• Familiarity with Zero Trust security architect
ure
SOFT SKIL
LS :• Strong analytical and troubleshooting abili
ties• Ability to work independently and within cross-functional t
eams• Excellent communication skills with both technical and non-technical stakehol
ders• Attention to detail and commitment to security best pract
ices