Security Engineer III (CyberArk)

Condé Nast is looking for a Security Engineer to join our global Cyber Security team. This is a high-visibility role designed for a technical lead who can bridge the gap between complex project delivery and long-term security engineering excellence. The successful candidate would have worked predominantly in the Identity and Access Management (IAM) space, specialising as an SME in the area of Privilege Access Management (PAM). As such you will have extensive knowledge of PAM solutions across multi-cloud and hybrid-on-premises environments, additionally you will have experience with identity lifecycle management as a whole and federated authentication protocols such as SAML, OIDC, and OAuth 2.0. As our SME within the PAM space, your journey will begin working on our global Privileged Access Management (PAM) project, where you will be responsible for the end-to-end implementation and delivery of our Privileged Access Management (PAM) solution into the organisation. As such, the successful candidate will have proven experience delivering end-to-end PAM solutions, including multiple CyberArk Privileged Cloud implementations, for medium to large organisations and would have worked in a professional services role or consultancy capacity previously. Following the successful deployment of the PAM platform, you will maintain end-to-end technical ownership as the platform's SME. As part of your role, you will collaborate strategically with the Identity team to harmonise our PAM and IAM architectures, ensuring both privileged and standard identities are hardened against modern threats through optimal configuration and policy alignment. This role reports to the Senior Security Architecture Manager, but will work closely with the Security Architect to ensure our PAM and IAM solutions are deployed effectively throughout the organisation. As the technical owner for key security platforms you will own the lifecycle management of these, ensuring they are delivering optimal security performance, automated lifecycle workflows, and a seamless user experience that aligns with our global security architecture. What will you be doing?

• Act as the primary SME and technical owner for CyberArk Privilege Cloud throughout the project lifecycle; spearheading the design, implementation and onboarding phases, orchestrating the transition to Business-As-Usual (BAU), and providing technical support and platform governance post-delivery.
• Provide other team members with knowledge transfer and upskilling on PAM.
• Integrate SaaS, Cloud and on-premises applications with CyberArk as needed.
• Establish and maintain ongoing processes and procedures needed as part of the overarching PAM program, including the PAM standard.
• Act as the senior escalation point for complex PAM tooling issues, working with internal teams (Infrastructure, Support, Networking, Identity) and vendors to escalate and resolve issues.
• Collaborate with the Identity team to evaluate emerging platform features and roadmap enhancements, ensuring that new capabilities are architected and integrated into the global security stack with a focus on scalability and resilience.
• Create, maintain and update design documentation, technical documentation, service guides and administrative guides for security tooling.
• Provide administrative and overall support of the PAM platform, assisting with upgrades, maintenance, DR testing and management of the platform as a whole.
• Ensure the platform is integrated with on-prem SIEM solutions and work with the SOC team to define identity and privilege use cases and setup alerting as needed.
• Support the security engineering team with the management of detection and response tooling when required.

Do you have a valid Security licence, Security Industry Authority license?, Do you have experience in macOS?, * Senior PAM Engineer/Consultant with 4+ years' experience designing and implementing CyberArk Privilege Cloud in complex enterprise environments

• Certified as a CyberArk Sentry - Privilege Cloud Engineer or CyberArk Certified Delivery Engineer (CDE)
• Strong understanding of privileged identity lifecycle management, including onboarding Active Directory users and local Windows/Linux administrator accounts.
• Experience integrating CyberArk with Okta for identity lifecycle management and deploying core components such as SIA.
• Broad technical knowledge of Active Directory (including GPO), databases, application servers, operating systems (Windows, Linux, macOS), and network infrastructure
• Advanced experience in configuring and troubleshooting privileged applications, privileged identity management, and API integrations.
• Experience integrating PAM solutions across hybrid environments including AWS for key and secrets management, SSH and API key management, and reporting
• Familiarity with integrating load balancing technologies with CyberArk.
• Experience integrating PAM solutions with SIEM solutions,
• Experience of having implemented and worked with identity access management solutions such as Okta, Ping, OneLogin.
• Knowledge of federated authentication protocols such as SAML, OIDC, and OAuth 2.0.
• Strong knowledge of identity access governance tools and processes, security policy, and governance.
• Experience working in geographically dispersed environments
• Strong communication, presentation, and written skills
• Strong data analysis skills with intermediate to advanced proficiency in Google Sheets or Excel
• Experience of using SIEM, XDR/EDR, and Vulnerability Management solutions desirable.
• Scripting experience is essential (Python, Powershell)

Does this sound like you? Please upload your CV and cover letter/portfolio, which highlights why you'd love to take on this role and why you're a great match for what we're looking for. We value the time and effort behind every application. All submissions are reviewed by a member of our talent team - we don't use AI-assisted technology to review applications. What benefits do we offer?

• 25 days holiday (plus bank holidays) and extra days of annual leave if you move house or want to volunteer.
• You'll have access to a competitive pension scheme, Bupa Private Healthcare, Season ticket loans and eye tests.
• We offer a range of tools to support your wellbeing, including core hours, 10 remote days (from home or a country with a Condé Nast office location), access to our Employee Assistance Programme, corporate gym membership and cycle to work scheme.
• We're a dog friendly office, plus you'll enjoy discounts and magazine subscriptions, keeping you up to date with all things Condé Nast.
• We encourage personal and professional growth through the Condé Nast Learning Hub where you'll find an extensive portfolio of learning courses and training, available in local languages.
• Our Employee Resource Groups provide a platform for employees to identify shared objectives, exchange ideas, and work on community priorities for our global workforce.

What happens next? If you are interested in this opportunity, please apply below, and we will review your application as soon as possible. You can update your resume or upload a cover letter at any time by accessing your candidate profile. Condé Nast is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, age, familial status and other legally protected characteristics.

Condé Nast Germany - ein Medienunternehmen, das mit starken Marken wie Vogue, Glamour, GQ und AD als Heritage für Luxus und Lifestyle steht. Mit unseren global führenden Medienmarken setzen wir auf Qualitätsjournalismus und hochwertigen Content. Für unsere Kunden, Partner, Leser und Follower kreieren wir täglich neue einzigartige Markenerlebnisse über alle Touchpoints hinweg.

Weil große Marken von Menschen geschaffen und geprägt werden, stehen unsere 300 MitarbeiterInnen in Deutschland immer im Mittelpunkt - Menschen mit Leidenschaft, Mut und Unternehmergeist!