Home
Explore roles
Explore companies
Log in
Sign up
Roles
Initialize IT
PAM (CyberArk) Architect
Explore roles
Initialize IT
PAM (CyberArk) Architect
£600,000
London
Hybrid
RECENTLY POSTED
Graduate
Junior
Mid
Senior
Leader
Description

PAM (CyberArk) Architect - 2 days London/Hybrid - £600 - urgent!

Required Experience

  • IAM/PAM roles with 3+ years as a CyberArk Architect.
  • Hands-on experience designing and implementing: CyberArk Vault, PSM/PSMP, CPM and PVWA
  • Strong understanding of privileged account classification, credential rotation, session monitoring, and JIT models.
  • Experience onboarding:
  • Windows/Linux Servers
  • Databases
  • Network devices
  • Cloud services (AWS/Azure)
  • Experience integrating CyberArk with ServiceNow, SIEM, SSO, and enterprise directories.

Working on an Identity & Access Management (IAM) as part of an IT Controls Remediation programme delivering Privileged Access Management (PAM) with CyberArk and Identity Governance & Administration (IGA) with Saviynt. Further Integration with Workday (HR) as the authoritative source of identity and ServiceNow for access request workflows and operational processes.

You will define and deliver the end-to-end architecture for a major Privileged Access Management implementation. This includes design of the CyberArk CorePAS platform, onboarding strategy for privileged accounts, vaulting, session control, credential rotation, JIT access, and integration with enterprise systems including AD, Entra ID, ServiceNow, and infrastructure/security tooling.

The role will be responsible for ensuring strong security foundations, scalable platform design, privileged account discovery, and embedding operational processes aligned to enterprise security controls.

Architectural Design

  • Own the overall CyberArk architectural blueprint, covering:
  • Vault environment
  • PSM (Privileged Session Manager)
  • CPM (Credential Provider Manager)
  • Conjur or Alero (if applicable)
  • EPM (Endpoint Privilege Management)
  • JIT access and least privilege models
  • Produce architectural artefacts: HLD, LLD, data flow diagrams, platform topology.

Privileged Access Strategy

  • Define privileged account onboarding strategy and classification model.
  • Develop vaulting and credential rotation standards.
  • Create session monitoring and audit strategies.
  • Architect PAM operational model (day-to-day vault admin, break-glass, emergency access).

Integration Architecture

  • Integrate CyberArk with:
  • AD/Entra ID for authentication and group-based access
  • Windows/Linux/UNIX Servers
  • Databases, network devices, cloud platforms
  • ServiceNow for privileged access request workflows
  • SIEM/SOAR for alerting and monitoring
  • Define API integrations for application credential management.

Security & Governance

  • Ensure PAM design aligns to:
  • Zero Trust
  • NIST 800-53/800-63
  • CIS Controls
  • Internal SOX/ISO27001 requirements
  • Implement controls for least privilege, JIT elevation, and removal of standing privileges.

Technical Leadership

  • Act as the technical authority for PAM engineering teams.
  • Validate configurations, policies, platform hardening, and onboarding plans.
  • Define reusable design patterns for application onboarding.

Preferred Experience

  • CyberArk CDE/CPE/CIM certifications (highly desirable).
  • Experience in highly regulated environments (Banking/Insurance/Energy).
  • Knowledge of DevOps secrets management and modern cloud PAM patterns.
Role tech stack
Initialize IT
PAM (CyberArk) Architect£600,000
Share role
© 2026 HAYSTACK APP LTD
Privacy policy & Cookies
Terms
Feedback
Contact
Careers