Lead CyberArk Engineer

We are seeking a skilled and driven Lead CyberArk Engineer to lead the deployment, integration, and management of the CyberArk platform across the BeSEE region.

In this role, you will focus on securing privileged access to critical infrastructure by implementing innovative capabilities such as Just-in-Time access, password vaulting, session recording, and real-time monitoring. As part of a collaborative team, you will work closely with local and global stakeholders to ensure the successful onboarding and protection of essential assets.

Responsibilities

• Configure, integrate, and support the centralized PAM solution across on-prem and hybrid infrastructures
• Install, harden, and maintain CyberArk Vault servers on Windows Server environments
• Configure and manage core CyberArk components such as the Digital Vault, PVWA, CPM, PSM, PSM for SSH, and AAM/Credential Provider
• Develop and customize CPM plugins and PSM connection components for seamless target system integration
• Automate privileged account onboarding and management through PowerShell scripting, PACli, and the CyberArk REST API
• Enable and manage secure privileged access for both personal and non-personal accounts, including service accounts
• Implement core PAM capabilities, including Just-in-Time (JIT) access, session recording with forensic analysis, and automated credential vaulting and rotation
• Ensure seamless integration of PAM solutions with existing IAM platforms such as IGA and Active Directory/Entra ID
• Maintain detailed documentation regarding configurations, onboarding workflows, policies, and audit controls
• Troubleshoot CyberArk-related technical issues and remediate onboarding challenges effectively
• Provide technical advice and input on PAM architectural designs to ensure continuous improvement

Requirements

• 5+ years of proven experience in on-prem CyberArk engineering and administration
• At least 1 year of relevant leadership experience
• Strong knowledge of CyberArk components, including Digital Vault, PVWA, CPM, PSM, and AAM/Credential Provider
• Proficiency in PowerShell scripting and CyberArk REST API for automation and bulk-environment management
• Experience in configuring, developing, or customizing CPM plugins and PSM connectors
• Experience with implementing password vaulting, session recording, and JIT access functionality
• CyberArk Certified Delivery Engineer (CDE) certification is strongly preferred
• Strong troubleshooting skills with the ability to address system-related issues and accommodate business needs securely
• Fluent English communication skills at C1 level