PAM CYBERARK ENGINEERCountry: Mexico
Santander US – Privileged Access Management (PAM) Senior CyberArk Engineer
Overview
The Senior CyberArk Engineer is responsible for architecting, deploying, and maintaining privileged access security solutions using the CyberArk suite. This role ensures the protection of critical systems, credentials, and privileged accounts while aligning with security best practices and regulatory requirements. The ideal candidate possesses deep hands-on expertise with CyberArk Privileged Access Security (PAS), strong security engineering skills, and experience operating in large, complex environments.
Key Responsibilities
CyberArk Engineering & Administration
1. Design, deploy, configure, and maintain the full on-premises CyberArk Privileged Access Security (PAS) suite, including:Enterprise Password Vault (EPV)Privileged Session Manager (PSM)Privileged Session Manager for SSH (PSM-SSH)Central Policy Manager (CPM)Privileged Threat Analytics (PTA)
2. Implement and maintain CyberArk safes, platforms, policies, and connectors.
3. Integrate CyberArk with enterprise systems, including LDAP/AD, and SIEM ticketing systems, and cloud platforms (AWS, Azure, GCP).
4. Build and maintain custom connectors and plugins for applications and infrastructure.
Security Architecture & Governance
5. Develop and enforce privileged access policies and best practices.
6. Conduct threat modeling and ensure PAM alignment with regulatory frameworks (SOX, GLBA, NYDFS, etc.).
7. Review privileged access workflows and recommend improvements to strengthen security posture.
Automation & Continuous Improvement
8. Automate onboarding of privileged accounts, systems, and applications using REST APIs, PowerShell, Python, or similar tools.
9. Tune CPM/PSM performance, optimize vault operations, and improve automated credential rotation processes.
10. Implement continuous monitoring, alerting, and reporting mechanisms.
Operations & Support
11. Serve as a subject matter expert (SME) for CyberArk-related issues across infrastructure, development, and security teams.
12. Troubleshoot complex vaulting, credential, and session management issues.
13. Perform CyberArk upgrades, patching, health checks, and system hardening.
14. Participate in on-call rotations and provide escalation-level support.
Collaboration & Training
15. Work closely with IAM, security operations, risk, and compliance stakeholders.
16. Provide guidance and mentorship to junior engineers.
17. Develop documentation, runbooks, and best practice guides.
Required Qualifications
18. –+ years of experience in Information Security or Identity and Access Management.
19. –+ years of hands-on CyberArk engineering experience.
20. Strong understanding of privileged access management principles.
21. Proficiency with:PowerShell, Python, or equivalent scripting languagesWindows and Linux administrationActive Directory, LDAP, MFA integrationsNetworking basics (firewalls, proxies, DNS)
22. Experience supporting large-scale, high-availability PAM environments.
Preferred Qualifications
23. CyberArk Defender, Sentry, or Guardian certifications.
24. Experience with:Threat and vulnerability management related to privileged access
25. Background in regulated industries (finance, healthcare, government).
Core Competencies
26. Strong analytical, problem-solving, and debugging skills.
27. Excellent communication and documentation abilities.
28. Ability to lead complex projects with minimal supervision.
29. High attention to detail and commitment to security best practices.