Pam Engineer Cyberark/Iam

For our international customer in Valencia, we are looking for a hybrid PAM (Privileged Access Management) Engineer CyberArk/IAM.

EU candidates are welcome to apply. Candidates need to be based in Valencia or willing to relocate to Valencia. Candidates need to be flexible to work 3 hours in US Eastern Time where requir

ed
Work permit is not provided. Candidates need to be fluent in Engli

sh.
Tasks and responsibilit

• ies:Install, configure, and maintain CyberArk components including Vault, PVWA, CPM, PSM, PTA, and Con
• jur;
  Perform onboarding of privileged accounts across platforms such as Windows, Linux, databases (Oracle, SQL), cloud, and application environments, ensuring proper classification and secure vault
• ing;
  Manage end-to-end privileged account lifecycle including inventory collection, validation, ownership mapping, approval coordination, and onboard
• ing;
  Implement and manage Just-in-Time (JIT) privileged access and session management contr
• ols;
  Enforce password and credential management policies including automated password rotation, password complexity enforcement, and secure credential stor
• age;
  Manage secrets for applications using Conjur or equivalent secrets management soluti
• ons;
  Identify and manage accounts requiring special handling (e.G., service accounts, shared accounts, non-rotating accounts), ensuring appropriate controls and risk mitigat
• ion;
  Monitor password compliance and remediate accounts not adhering to defined rotation or policy standa
• rds;
  Provide Level 2/3 support for PAM-related incidents and service reque
• sts;
  Troubleshoot issues related to CyberArk and integrations with Active Directory, Entra ID (Azure AD), IAM tools, SIEM platforms, and Service
• Now;
  Perform regular health checks, system monitoring, patching, and upgrades of CyberArk infrastruct
• ure;
  Automate PAM processes using scripting and APIs (PowerShell, Python, REST APIs, psPAS) to reduce manual eff
• ort;
  Support bulk onboarding and large-scale privileged account management through automation and standardized meth
• ods;
  Design and support integrations between PAM and enterprise IAM systems (e.G., SailPoint, Saviynt, Entra ID) for identity lifecycle and access governance alignm
• ent;
  Maintain documentation including SOPs, onboarding procedures, runbooks, and automation scri
• pts;
  Collaborate with application, infrastructure, and cloud teams to enforce least privilege access and secure credential us
• age;
  Participate in audit andcompliance activities by providing evidence, reporting, and demonstrating control effectiven
• ess;
  Support governance activities including account recertification, ownership validation, and compliance monitor

ing;
Pro

• file:Bachelor or Master de
• gree;
  +4 years of experience in IT security, IAM, or PAM enginee
• ring;
  Strong hands-on experience with CyberArk PAM suite (Vault, CPM, PSM, P
• VWA);
  Experience with CyberArkConjur or other enterprise secrets management solut
• ions;
  Strong understanding of Just-in-Time (JIT) access and privileged session manage
• ment;
  Experience integrating PAM with IAM platforms (e.G., SailPoint, Saviynt, Entra ID / Azure
• AD);
  Experience managing privileged access in cloud environments (Azure,
• AWS);
  Strong understanding of Windows, Linux, Active Directory, and database systems (Oracle,
• SQL);
  Strong scripting and automation experience (PowerShell, Python, REST A
• PIs);
  Experience with ITSM tools such as ServiceNow and incident/change management proce
• sses;
  Knowledge of security controls, audit frameworks, and compliance stand
• ards;
  Strong analytical and problem-solving sk

ills;
Preferred qualifica

• tions:CyberArk Defender / Sentry certific
• ation;
  Experience implementing Conjur in DevOps / CI-CD environ
• ments;
  Experience with Privileged Threat Analytics (PTA) or advanced monitoring
• tools;
  Exposure to container platforms (Kubernetes, OpenShift) and secrets manag
• ement;
  Familiarity with Zero Trust security archite

cture;