Airitos

PAM Engineer - CyberArk Job Description We are seeking an experienced PAM Engineer with deep CyberArk expertise to join an active implementation project at a major financial services client. CyberArk is already deployed in the environment, and this role will focus on expanding coverage, onboarding accounts, building out integrations, and driving the implementation toward completion. This is a hands-on consulting engagement requiring someone who can hit the ground running with minimal ramp-up. Professional Responsibilities - Onboard privileged accounts across Windows, Linux/Unix, databases, network devices, and cloud platforms into CyberArk Vault - Configure and manage CPM (Central Policy Manager) plugins and policies for automated password rotation - Deploy and troubleshoot PSM (Privileged Session Manager) and PSM for SSH/Web connectors - Build and customize CyberArk platforms, connection components, and usage profiles to meet client requirements - Integrate CyberArk with enterprise directories (Active Directory, LDAP), SIEM, ticketing systems, and MFA providers - Support Secrets Manager / Conjur or Application Access Manager (AAM) implementations for application credential management - Develop and refine safe structures, access control policies, and role-based access workflows - Troubleshoot vault, connector, and component issues across Dev, UAT, and Production environments - Participate in change management processes and document configurations, runbooks, and operational procedures - Collaborate with client security, infrastructure, and application teams to plan and execute onboarding waves - Support audit and compliance requirements by ensuring session recording, access logging, and reporting are properly configured Professional Skills - Strong working knowledge of CyberArk Privileged Access Security (PAS) suite, including Vault, PVWA, CPM, PSM, and AAM/Conjur - Proficiency with CyberArk platform customization, including CPM plugins, PSM connectors, and connection components - Experience with REST API integrations and CyberArk CLI utilities (PACli, RESTAPI) - Solid understanding of Windows Server, Active Directory, Group Policy, and Linux/Unix system administration - Familiarity with networking fundamentals (DNS, firewalls, load balancers) as they relate to CyberArk architecture - Working knowledge of cloud platforms (AWS, Azure, GCP) and managing cloud-native privileged accounts - Strong troubleshooting and log analysis skills across CyberArk components - CyberArk Certified Delivery Engineer (CDE) or CyberArk Defender certification preferred - Clear written and verbal communication skills, comfortable working directly with client stakeholders Professional Experience - 3+ years of hands-on CyberArk implementation and administration experience - Demonstrated experience with large-scale account onboarding and platform buildout projects - Prior consulting or client-facing delivery experience, comfortable operating with autonomy in a client environment - Experience working within regulated industries (financial services, banking, insurance) and familiarity with compliance frameworks such as SOX, PCI-DSS, FFIEC, or NIST is a strong plus - Background in broader IAM or security operations is a plus - Experience participating in change advisory board (CAB) processes and enterprise release management workflows - Remote position, with possible infrequent travel to client site - Must be authorized to work in the USA

• Integrate front-end portal components with IAM APIs for real-time identity creation and provisioning • Deploy and configure APIs on gateways and developer portals • Troubleshoot and resolve API issues using a variety of tools including simulators and log analysis • Perform integration and data transformation between middleware layers, orchestration engines, and IAM platforms. • Work closely with IAM engineers, application teams, and other stakeholders across brands and regions • Support phased global rollout activities across multiple time zones.

• Design and implement enterprise-grade ISAM / ISVA architecture • Install and configure: ISVA Virtual Appliances (Access Control, Federation, Advanced Access Control) • Web Reverse Proxy (WRP) Policy Server Runtime components • Configure clustered deployments for scalability and redundancy • Design and implement multi-tier environments (DEV, QA, PROD) • Implement secure baseline configurations aligned with enterprise standards • Design and configure: Appliance clustering Runtime high availability Session failover and replication Load balancing strategies (F5, Netscaler, etc.) • Implement multi-data center deployments where required • Develop and test disaster recovery procedures • Configure database replication (if applicable) • Perform failover and resiliency testing • Integrate ISAM/ISVA with: Active Directory / LDAP • SAML 2.0 / OIDC / OAuth providers • Enterprise applications (on-prem and cloud) • MFA providers • Implement: Reverse proxy junctions Access control policies Federation trust relationships Adaptive authentication and step-up authentication • Configure advanced access control policies and contextual risk-based access • Tune reverse proxy performance and connection handling • Optimize authentication flows and federation transactions • Conduct performance testing and capacity planning • Troubleshoot latency, session issues, and authentication failures • Automate appliance configuration using REST APIs and scripting • Develop deployment automation (Shell, Python, Ansible, etc.) • Support CI/CD integration for configuration promotion • Implement configuration backup and version control processes • Produce detailed architecture and topology diagrams • Document build procedures and operational runbooks • Provide structured handoff to operations/support teams

• Platform Architecture & Deployment • Design and implement IBM ISIM / ISVG architecture for enterprise environments • Install and configure: WebSphere Application Server (WAS / Liberty) • IBM DB2 (or supported RDBMS) • LDAP directories (e.g., IBM SDS, AD, etc.) • IBM HTTP Server / load balancers • Build multi-tier environments (DEV, QA, PROD) following best practices • Configure clustering for WebSphere and ISIM application components • Implement secure configuration aligned with enterprise security standards • Architect and configure: WebSphere clustering • Database HA (HADR, clustering, replication) • LDAP replication • Load balancing and failover strategies • Develop and test disaster recovery procedures • Implement backup and recovery strategies • Perform failover testing and performance tuning • Integrate ISIM/ISVG with: Active Directory • HR systems • Target applications (via adapters or APIs) • SSO / Federation systems • Configure workflows, provisioning policies, access governance, and certifications • Develop and customize adapters where necessary • Implement role-based access control (RBAC) models • Tune JVMs, connection pools, and database performance • Optimize reconciliation and provisioning performance • Conduct capacity planning and scaling analysis • Monitor and resolve system bottlenecks • Automate builds and deployments using scripting (Shell, Python, Ansible, etc.) • Develop environment provisioning scripts • Support CI/CD integration where applicable • Maintain infrastructure-as-code where possible • Create detailed architecture diagrams and build documentation • Develop operational runbooks • Provide handover documentation to support teams

• Provides expert knowledge and act as a subject matter expert on key principles of Identity and Access Management and expertise with the Auth0 platform • Assist with building out engineering, development and operational support with the adoption of next generation IAM solutions • Experience implementing modern authentication solutions leveraging standard protocols and frameworks such as SAML, OAuth 2.0, OIDC • Engage in the review and design of new IAM solutions to ensure appropriate controls and tools are selected and operationalized • Ensure IT solutions meet requirements for security, availability, capacity , resiliency, and performance in a way that is efficient and supportable, reducing overall support costs • Maintains effective partnerships with teams, vendors, managers, leaders, and stakeholders

• Integrate front-end portal components with IAM APIs for real-time identity creation and provisioning. • Deploy and configure APIs on gateways and developer portals. • Troubleshoot and resolve API issues using a variety of tools including simulators and log analysis. • Perform integration and data transformation between middleware layers, orchestration engines, and IAM platforms. • Work closely with IAM engineers, application teams, and other stakeholders across brands and regions. • Support phased global rollout activities across multiple time zones.