CyberArk PAM Assessment Architect

Back to Jobs

Job Description

CyberArk PAM Assessment Architect
Remote
Contract

Role Overview
We are seeking an experienced CyberArk PAM Assessment Architect to lead
Privileged Access Management (PAM) assessments, architecture reviews, and strategic advisory engagements.
The ideal candidate will possess deep expertise in CyberArk solutions, privileged identity governance, security architecture, and risk management. This role will be responsible for evaluating existing PAM environments, identifying security gaps, developing remediation roadmaps, and providing architectural guidance for CyberArk implementations and optimization initiatives.

Key Responsibilities
PAM Assessment & Advisory
 Conduct comprehensive assessments of Privileged Access Management programs, processes, controls, and technologies.
 Evaluate current-state CyberArk deployments and identify architectural, operational, and security gaps.
 Assess privileged account lifecycle management, credential management, session monitoring, and access governance controls.
 Perform maturity assessments and benchmark PAM capabilities against industry standards and best practices.
 Develop target-state PAM architectures and strategic roadmaps.

Architecture & Design
 Design enterprise-scale CyberArk PAM solutions aligned with security, compliance, and business requirements.
 Provide architectural recommendations for:
o CyberArk Privileged Access Manager (PAM)
o Privileged Session Manager (PSM)
o Privileged Threat Analytics (PTA)
o Central Policy Manager (CPM)
o Privileged Cloud Solutions
o Endpoint Privilege Manager (EPM)
 Review high-availability, disaster recovery, scalability, and performance requirements.
 Define integration strategies with IAM, SIEM, ITSM, Active Directory, Azure AD/Entra ID, cloud platforms, and security tools.

Stakeholder Management
 Engage with security leaders, IAM teams, infrastructure teams, auditors, and business stakeholders.
 Present assessment findings, risk analyses, and remediation recommendations to technical and executive audiences.
 Lead workshops, architecture reviews, and discovery sessions.

Risk & Compliance
 Assess PAM controls against regulatory and compliance frameworks such as:
o NIST
o ISO 27001
o SOX
o PCI-DSS
o HIPAA
o CIS Controls
o CMMC (preferred)
 Identify privileged access risks and recommend mitigation strategies.
Documentation
 Produce assessment reports, architecture diagrams, gap analyses, and implementation roadmaps.
 Document current-state and future-state architectures.
 Develop executive summaries and technical recommendations.

Required Qualifications
 8+ years of Information Security and Identity & Access Management experience.
 5+ years of hands-on CyberArk architecture, assessment, or implementation experience.
 Deep understanding of PAM concepts, privileged account governance, credential vaulting, session management, and least-privilege principles.
 Experience conducting PAM assessments and security architecture reviews.
 Strong understanding of Active Directory, Windows, Linux/Unix, databases, cloud platforms, and enterprise infrastructure.
 Experience integrating CyberArk with IAM, SIEM, ITSM, and cloud environments.
 Excellent client-facing communication and presentation skills.

Preferred Qualifications
 CyberArk certifications such as:
o CyberArk Defender
o CyberArk Sentry
o CyberArk Guardian
 CISSP, CISM, or similar security certifications.
 Experience with cloud PAM solutions across AWS, Azure, and GCP.
 Experience with other PAM technologies such as BeyondTrust, Delinea (Thycotic), or One Identity.

Technical Skills
 CyberArk PAM Suite
 PSM, CPM, PVWA, PTA, EPM
 Active Directory / Entra ID
 LDAP, Kerberos, SAML, OAuth, OIDC
 Windows and Linux Administration
 Azure, AWS, GCP
 SIEM platforms (Splunk, QRadar, Sentinel)
 ITSM tools (ServiceNow)

Job Information

Rate / Salary

$ - $

Sector

Not Specified