Cyberark PAM Self-Hosted Architect

• +6 months +
• +Fully remote working
• +SC cleared role - must be elligible for clearance

Are you an experienced CyberArk Architect who can define and deliver enterprise-grade PAM and secrets-management platforms in secure, complex environments? We are seeking a highly skilled CyberArk PAM Self-Hosted Architect to take ownership of architectural strategy, design and integration across a major organisation.

This role is ideal for a senior expert who thrives on shaping security platforms, influencing stakeholders, and guiding delivery teams through best-practice implementation.

• Own the end-to-end architecture and high-level design for CyberArk PAM Self-Hosted and CyberArk Conjur, defining these as strategic platforms for privileged access and secrets management.
• Establish and maintain reference architectures, patterns, and standards for onboarding infrastructure, applications, DevOps platforms and third parties into CyberArk.
• Architect CyberArk PAM Self-Hosted components-Vault, PVWA, PSM, CPM, PSMP, PTA, DR-ensuring resilience, scalability, operational segregation and regulatory compliance.
• Design CyberArk Conjur / Secrets Manager Enterprise & Credential Provider for secure management of application, machine and DevOps secrets, integrating with:
  • CI/CD pipelines
  • Containers and Kubernetes/OpenShift
  • Multi-cloud platforms
• Collaborate with security, DevOps and infrastructure teams to integrate CyberArk with AD/LDAP, SAML/OIDC identity providers, SIEM (e.g. Splunk), ITSM, and MFA solutions.
• Lead installation, configuration, testing and handover of CyberArk secrets-management solutions into Run & Maintain teams.
• Provide architectural leadership on privileged access risk reduction through threat modelling, control selection and adherence to security policies.
• Act as a trusted advisor to senior stakeholders (CISO, security architects, platform owners, programme leadership), translating complex PAM/secret-management designs into clear business outcomes.

• Typically 7+ years' experience in cybersecurity architecture, with strong PAM expertise in complex and regulated environments.
• Proven hands-on architectural experience with CyberArk PAM Self-Hosted, including most of: Vault, PVWA, PSM, CPM, PSMP, PTA, DR.
• Strong experience designing and integrating CyberArk Conjur / Credential Provider for application and DevOps secrets.
• Demonstrable experience integrating CyberArk with:
  • AD/LDAP
  • SAML/OIDC identity providers
  • SIEM tools
  • ITSM/ticketing systems
  • At least one MFA platform
• Solid understanding of DevOps and cloud-native ecosystems, including Kubernetes, OpenShift, containers, Jenkins, CI/CD and IaC, and embedding CyberArk Conjur into these pipelines.
• Strong awareness of security and audit standards (NCSC, ISO 27001, NIST, FCA/financial, government).
• Excellent communication and stakeholder management skills, able to articulate PAM and secrets architecture to both technical and non-technical audiences.
• Experience working in or with secure, classified or national security environments.
• Strong documentation skills (HLDs, LLDs, design patterns, architecture decisions).
• Proven track record leading and delivering multiple CyberArk PAM and secrets-management projects.

If you'd like to discuss this CyberArk PAM Self-Hosted Architect in more detail, please send your updated CV to (url removed) and I will get in touch.