Sr. PAM Engineer

Senior PAM Engineer (CyberArk Privilege Cloud – SaaS)

Location:

Company:

Experience Level:

About the Role

PAM Engineer (CyberArk)

multi-region CyberArk Privilege Cloud (SaaS)

This is a high-impact role where operational excellence meets architectural finesse — perfect for someone who thrives on building secure, scalable, and compliant PAM ecosystems.

Key Responsibilities

• Operate and enhance

  CyberArk Privilege Cloud (Vault, PVWA, PSM, CPM) across

  Western Europe, Asia, and China

  regions.
• Oversee

  Tier-0 and Tier-1 privileged account onboarding

  (Windows, Unix, SAP, Network, DB).
• Administer

  Secure Tunneling and SIA (Zero Standing Privilege)

  integrations for cloud and hybrid assets.
• Conduct daily and weekly

  health checks, license reviews, and governance reporting

  (Safe-level, inventory, and audit decks).
• Implement and maintain

  password rotation, dual-control, and check-in/out policies

  following enterprise compliance standards.
• Collaborate with

  IAM, SOC/SIEM (Splunk), and Network teams

  to ensure monitoring, auditability, and compliance readiness.
• Manage

  regional CAB change requests

  for upgrades, patching, and new integrations (PSM/CPM v14.x).
• Maintain

  runbooks, SOPs, and automation scripts (PowerShell / REST API)

  for repeatable operations.
• Perform

  DNA scans, risk remediation, and license optimization

  in alignment with audit findings.

Required Skills & Experience

• 5+ years of experience in

  Privileged Access Management

  , including

  CyberArk Privilege Cloud or Self-Hosted

  .
• Proven expertise with

  PSM, CPM, PVWA, and Secure Tunnel

  configurations.
• Deep understanding of

  Active Directory integration

  , MFA (Microsoft Authenticator), and

  LDAP-based access controls

  .
• Experience handling

  cross-region governance

  (Europe, Asia, China) and

  CAB-driven change management

  .
• Strong troubleshooting ability: rotation failures, reconciliation issues, DNS/FQDN diagnostics, and connector logs.
• Familiarity with

  SIEM integration

  (Splunk, CEF/LEEF), log correlation, and compliance reporting.
• Hands-on with

  PowerShell automation

  and REST API scripting for account onboarding and health checks.
• Understanding of

  Zero Standing Privilege (SIA)

  and

  Privileged Session Management

  strategies in SaaS environments.

Preferred Qualifications

• CyberArk Certified Delivery Engineer (CDE)

  or

  Trustee certification

  .
• Working knowledge of

  AWS IAM, Azure AD

  , and cloud-native access control models.
• Experience designing PAM playbooks, automation frameworks, or audit dashboards.
• Exposure to

  regulated industries

  (Beverage, Manufacturing, FMCG, or Global Operations).

Why Join Us

• Be part of a

  global IAM transformation initiative

  that defines modern PAM excellence.
• Work alongside top cybersecurity experts across Europe and India.
• Own complex

  Cloud-based PAM architecture

  leveraging secure tunnels, SIA, and multi-region redundancy.
• Gain hands-on exposure to

  next-gen PAM governance, automation, and compliance frameworks

  .

Apply now

• 💼 Send your CV / profile to adithya.srivastava@gspann.com