CyberArk PAM Self-Hosted Architect

+6 months +

+Fully remote working

+SC cleared role - must be elligible for clearance

Are you an experienced CyberArk Architect who can define and deliver enterprise‑grade PAM and secrets-management platforms in secure, complex environments? We are seeking a highly skilled CyberArk PAM Self-Hosted Architect to take ownership of architectural strategy, design and integration across a major organisation.

This role is ideal for a senior expert who thrives on shaping security platforms, influencing stakeholders, and guiding delivery teams through best‑practice implementation.

• Own the end‑to‑end architecture and high‑level design for CyberArk PAM Self‑Hosted and CyberArk Conjur, defining these as strategic platforms for privileged access and secrets management.

• Establish and maintain reference architectures, patterns, and standards for onboarding infrastructure, applications, DevOps platforms and third parties into CyberArk.

• Architect CyberArk PAM Self‑Hosted components-Vault, PVWA, PSM, CPM, PSMP, PTA, DR-ensuring resilience, scalability, operational segregation and regulatory compliance.

• Design CyberArk Conjur / Secrets Manager Enterprise & Credential Provider for secure management of application, machine and DevOps secrets, integrating with:

  • CI/CD pipelines
  • Containers and Kubernetes/OpenShift
  • Multi‑cloud platforms

• Collaborate with security, DevOps and infrastructure teams to integrate CyberArk with AD/LDAP, SAML/OIDC identity providers, SIEM (e.g. Splunk), ITSM, and MFA solutions.

• Lead installation, configuration, testing and handover of CyberArk secrets‑management solutions into Run & Maintain teams.

• Provide architectural leadership on privileged access risk reduction through threat modelling, control selection and adherence to security policies.

• Act as a trusted advisor to senior stakeholders (CISO, security architects, platform owners, programme leadership), translating complex PAM/secret‑management designs into clear business outcomes.

• Typically 7+ years' experience in cybersecurity architecture, with strong PAM expertise in complex and regulated environments.

• Proven hands‑on architectural experience with CyberArk PAM Self‑Hosted, including most of: Vault, PVWA, PSM, CPM, PSMP, PTA, DR.

• Strong experience designing and integrating CyberArk Conjur / Credential Provider for application and DevOps secrets.

• Demonstrable experience integrating CyberArk with:

  • AD/LDAP
  • SAML/OIDC identity providers
  • SIEM tools
  • ITSM/ticketing systems
  • At least one MFA platform

• Solid understanding of DevOps and cloud‑native ecosystems, including Kubernetes, OpenShift, containers, Jenkins, CI/CD and IaC, and embedding CyberArk Conjur into these pipelines.

• Strong awareness of security and audit standards (NCSC, ISO 27001, NIST, FCA/financial, government).

• Excellent communication and stakeholder management skills, able to articulate PAM and secrets architecture to both technical and non‑technical audiences.

• Experience working in or with secure, classified or national security environments.

• Strong documentation skills (HLDs, LLDs, design patterns, architecture decisions).

• Proven track record leading and delivering multiple CyberArk PAM and secrets‑management projects.

If you'd like to discuss this CyberArk PAM Self‑Hosted Architect in more detail, please send your updated CV to chloe.manerowkski@cbsbutler.com and I will get in touch.