Senior PAM Engineer - CyberArk (Remote in the US)

We're looking for a Senior CyberArk Engineer to design, implement, and optimize Privileged Access Management (PAM) solutions for our clients. This role is ideal for someone with a strong professional services or consulting background — you've worked across multiple client environments, managed competing priorities, and know how to translate business requirements into secure, scalable CyberArk architectures.

This is a 100% remote position but applicants must be in the US to be considered.

• Lead end-to-end CyberArk implementations, upgrades, and migrations across diverse client environments (on-prem, hybrid, and cloud)
• Design and deploy core CyberArk components: Vault, CPM, PVWA, PSM, PSMP, and PTA
• Conduct discovery workshops with client stakeholders to gather requirements and define PAM strategy and architecture
• Develop and execute onboarding plans for privileged accounts (Windows, Unix/Linux, databases, network devices, cloud platforms)
• Integrate CyberArk with adjacent systems (SIEM, ITSM, IAM, ticketing tools, AD/LDAP) via REST APIs and connectors
• Create platform configurations, custom connectors, and PSM plugins/recordings for non-standard target systems
• Produce clear, client-ready documentation: solution designs, runbooks, architecture diagrams, and knowledge transfer materials
• Manage project timelines, scope, and client communications, often across multiple concurrent engagements
• Troubleshoot complex production issues and provide escalation support
• Mentor junior engineers and contribute to internal methodology, accelerators, and best-practice playbooks
• Stay current on CyberArk product roadmap, releases, and emerging PAM/identity security trends
• Embraces emerging technologies, including AI tools, to work smarter, solve problems, and drive better business outcomes

• 5+ years of hands-on CyberArk experience, including at least 2+ years in a professional services, consulting, or systems integrator environment
• Demonstrated experience leading or playing a key role in multiple full-lifecycle CyberArk implementations for different clients
• Deep technical knowledge of CyberArk PAS suite (Vault, CPM, PVWA, PSM, PSMP, PTA/PTA-EPM)
• Experience with platform onboarding across varied target types (Windows, Unix/Linux, databases, network/security devices, cloud IAM)
• Strong scripting skills (PowerShell, Python, or similar) for automation and custom integrations
• Familiarity with REST APIs and experience building or supporting CyberArk integrations
• Excellent client-facing communication skills — comfortable presenting to both technical teams and executive stakeholders
• Ability to manage ambiguity, shifting priorities, and multiple client engagements simultaneously
• Strong documentation skills and attention to detail

• CyberArk certifications (CDE, Sentry, Defender, or equivalent)
• Experience with CyberArk cloud offerings (Privilege Cloud, Identity Security Platform)
• Exposure to other IAM/PAM tools (BeyondTrust, Delinea, SailPoint, Okta) for comparative or migration context
• Experience with DevOps/Secrets Manager use cases (CyberArk Conjur, AAM)
• Background in regulated industries (finance, healthcare, government) and associated compliance frameworks (SOX, HIPAA, PCI-DSS)