CyberArk Engineer

Bridgesoft

Location: Hyderabad, Telangana, India
Job type: Full-time

Required skills

Python
SIEM
AWS
Ansible
Azure
Bash
business objectives
client satisfaction
compliance
cross-functional
DevOps
end-to-end
GCP
incident response
information security
Jenkins
Kubernetes
LDAP
Linux
macOS
MFA
microservices
Session Management
Splunk
SSH
SSO
task automation
Terraform
Unix
Vault
PowerShell
SOX
ServiceNow
REST APIs

About the role

Bridgesoft

Website: bridgesoft.com
Job details:

Company Description

Bridgesoft is a leading provider of technology, and information security management solutions, specializing in efficient identity governance to help enterprises manage IT risks effectively. With a customer-centric approach, we focus on innovation and maximizing the return on investment for our clients. Our team is driven by a commitment to client satisfaction, leveraging years of expertise to address complex business and IT challenges. Trusted by organizations globally, Bridgesoft offers strategic and technological support to help companies achieve their business objectives.

Job Description

We are seeking a Senior CyberArk Engineer with deep expertise in Privileged Access Management (PAM) as part of our Identity & Access Management (IAM) program. You will design, implement, secure, and operate CyberArk solutions at scale, integrating across hybrid infrastructure (on-prem and cloud). This role will own the end-to-end privileged identity lifecycle, delivering strong controls for least privilege, credential rotation, session isolation, and audit.

Responsibilities:

Architecture & Design

Design and implement CyberArk PAM architecture including Vault/EPV, PVWA, PSM, CPM, PSMP, and PTA/EPM across multi-domain AD and hybrid environments.
Define and enforce vault hardening, platform policies, safe structure, onboarding workflows, retention, and break-glass procedures.
Engineer integrations with AD/LDAP, MFA/IdP (Azure AD, Okta), SIEM/SOAR, ITSM (ServiceNow), and cloud providers (AWS/Azure/GCP).
Establish DR/HA architecture, backup/restore, and runbooks.

Implementation & Automation

Lead privileged account discovery and onboarding at scale (Windows, Linux/Unix, databases, network/security devices, cloud control planes, applications).
Build and customize CPM plugins, PSM connectors, and platforms; manage rotation, reconciliation, and verification policies.
Automate via CyberArk REST APIs, PACLI, and scripts (PowerShell, Python, Bash); integrate with CI/CD (Jenkins, Azure DevOps), Ansible, and Terraform for policy-as-code where applicable.
Implement Endpoint Privilege Management (EPM) for least privilege on workstations/servers (application control, elevation policies, JIT access).

Operations & Security

Operate the PAM service: onboarding, policy tuning, session management, troubleshooting, patching, upgrades/migrations, certificate management, and health checks.
Monitor PTA/threat analytics and respond to anomalies (e.g., suspicious session behavior, policy violations).
Create dashboards and reports for compliance (SOX, PCI DSS, ISO 27001), audit reviews, and management reporting.
Coordinate with Security, Platform, Network, Cloud, and App teams to remediate findings and improve control coverage.

Governance & Compliance

Define RBAC, segregation of duties, approval workflows, and access review processes for privileged identities.
Maintain standards, baselines, SOPs, and technical documentation; contribute to policy and control mapping.
Support internal/external audits, evidence collection, and control testing.

Incident Response & Support

Provide Tier-3 support, problem management, and root cause analysis; participate in on-call rotation.
Lead privilege-related incident response (credential exposure, misuse, suspicious sessions, break-glass events).

Qualifications:

7–10 years total experience in Identity & Access Management, with 5+ years hands-on experience implementing and operating CyberArk in enterprise environments.
Strong hands-on with core CyberArk components: EPV/Vault, PVWA, PSM, CPM, PSMP, PTA, EPM.
Proven experience with platforms & plugins (Windows/Unix, databases, network devices), onboarding flows, and session management (recording, keystroke indexing, live monitoring).
Expertise in AD/LDAP, Kerberos, MFA/SSO/IdP, RBAC, privilege elevation, least privilege.
Proficiency in scripting/automation: PowerShell and Python (APIs, task automation, reporting).
Experience integrating with cloud (AWS/Azure/GCP) and DevOps toolchains for secrets management (e.g., Conjur/Secrets Manager, AAM).
Good understanding of networking, TLS/certificates, Windows/Linux administration, and security hardening.
Familiarity with compliance frameworks: SOX, PCI DSS, ISO 27001, and audit-ready evidence/reporting.
Excellent documentation, communication, and cross-functional collaboration skills.

Education & Certifications:

Bachelor’s or Master’s in Computer Science, Information Security, or related field.
CyberArk Certifications: Defender (PAM/EPM), Sentry, Guardian (highly preferred).
Security certifications: CISSP, CISM, CCSP, or equivalent.

Preferred Experience:

Designing DR/HA for CyberArk; performing upgrades/migrations across major versions.
EPM policy design for Windows/macOS/Linux endpoints (application allow/deny, elevation workflows).
Secrets management in CI/CD and microservices (e.g., Conjur/OpenShift/Kubernetes).
Integration with SIEM/SOAR (Splunk, Sentinel, QRadar) and ITSM (ServiceNow) for approvals and auto-onboarding.
Key management and SSH cert-based workflows; passwordless patterns (JIT, JEA/JITP).
Exposure to PAM for OT/ICS environments (if relevant to the industry).

Click on Apply to know more.

This page is fully interactive when JavaScript is enabled. Please enable JavaScript to apply or browse related roles.