PAM Engineer

Role: CyberArk PAM Administration

Location: Hyderabad

Type: Fulltime

Experience: 7+ Years

Must have:

Roles and Responsibilities:

Technical Skills:

The CyberArk Administrator is responsible for day-to-day operational monitoring, account provisioning, access troubleshooting, complex account onboarding, policy tuning, platform creation/modification, system troubleshooting , security governance, platform expansion, automation and execution of runbook-defined BAU activities in the CyberArk PAM environment. L1 is the first line of defense ensuring system availability, password rotation success, and handling basic service requests.

• Monitor CyberArk Dashboard and PVWA (Password Vault Web Access) health.

• Check Vault, CPM service availability and alert dashboards.

• Review and resolve password rotation failures (via CPM logs).

• Perform onboarding/offboarding of privileged accounts following runbook steps.

• Validate user access provisioning (Safe membership, platform mapping).

• Handle user requests — password retrieval errors, access unlocks, Safe access issues.

• Validate system backups and CPM job completion.

• Reconcile orphan accounts and validate platform compliance.

• Perform Safe permission audits and share reports

• Test vault connectivity from integrated servers and devices..

• Track recurring password rotation issues

• Repeated password rotation failures not resolvable via standard runbook.

• CPM, PVWA, or PSM service failures.

• Integration or platform issues needing script or configuration changes.

• Perform advanced troubleshooting (Vault/CPM/PSM logs, policy validation).

• Manage CPM platforms – create/modify platform settings and plugin parameters.

• Handle user and application onboarding, Safe structuring, and group-based access control.

• Execute and test password management for custom applications and devices.

• Monitor and maintain integration with AD, ticketing tools, and SIEM systems.

• Support periodic password change jobs, rotation exceptions, and platform tuning.

• Manage onboarding of new applications, servers, and privileged accounts.

• Coordinate with InfoSec and application teams for policy compliance.

• Develop scripts for automation of onboarding or health monitoring.

• Support audit and evidence collection

• Oversee all P1/P2 incidents and perform RCA.

• Lead platform architecture design and optimization.

• Approve and review configuration changes and new integrations.

• Manage high-severity vault or PSM/CPM service issues.

• Mentor L1/L2 teams; conduct technical knowledge transfer sessions.

• Monitor performance and resource usage (Vault sizing, CPM load, etc.).

• Plan and implement CyberArk upgrades, patch management, and DR drills.

• Review PAM architecture for scalability, redundancy, and compliance.

• Drive automation through API-based integrations or DevOps pipelines.

• Define and maintain CyberArk security policies and standards.

• Conduct internal and external audit readiness reviews.