Lead System Engineer

About the Role:

We are seeking an experienced Lead System Engineer with deep hands-on expertise in CyberArk PAM and integrations with enterprise IT systems. This role requires designing, configuring, and managing end-to-end privileged access lifecycle, along with automation, troubleshooting, and cross-functional collaboration across DevOps and cloud teams. Experience in SailPoint IdentityNow and Okta is a nice to have.

Primary Responsibilities:

1. Core PAM (CyberArk) Responsibilities:

• Manage and maintain CyberArk components:
  
  • PVWA, PSM, CPM, PTA
• Configure and administer vaults, safes, and privileged account policies.
• Automate password rotation, onboarding, and privileged session workflows.
• Handle account discovery vs. onboarding and conduct mass onboarding.
• Configure, audit, and troubleshoot PSM sessions, access issues, and rotation failures.
• Implement and enforce CyberArk security policies, manage compliance audits.

2. DevOps & Automation Integration:

• Integrate CyberArk with Jenkins, Ansible, and Terraform for secrets automation.
• Use PowerShell, REST API (PSPas), or custom scripts for CyberArk task automation.
• Leverage Conjur Cloud to secure secrets in CI/CD pipelines.
• Align CyberArk management in Infrastructure-as-Code environments.

3. Support & Monitoring:

• Provide L2/L3 support for CyberArk vault issues, session failures, and access errors.
• Monitor and audit privileged activity; generate compliance-ready reports.
• Own remediation of high-risk vulnerabilities, patching, and hardening practices.

Nice to Have:

Technical Environment:

• CyberArk Core PAM (PVWA, PSM, CPM, PTA)
• PowerShell, REST API (PSPas), Python (optional)
• Jenkins, Ansible, Terraform (DevOps tools)
• Active Directory, LDAP
• AWS (basic exposure)
• SailPoint IdentityNow, Okta (basic to intermediate experience)
• ITSM tools: ServiceNow – Incident, Change, and Sprint management