Pam Engineer Cyberark/Iam

For our international customer in Valencia, we are looking for a hybrid PAM (Privileged Access Management) Engineer CyberArk/IAM.Todos los candidatos deben asegurarse de leer atentamente la siguiente descripción del puesto y la información antes de enviar su solicitud.EU candidates are welcome to apply.Candidates need to be based in Valencia or willing to relocate to Valencia.Candidates need to be flexible to work 3 hours in US Eastern Time where requiredWork permit is not provided.Candidates need to be fluent in English.Tasks and responsibilities:Install, configure, and maintain CyberArk components including Vault, PVWA, CPM, PSM, PTA, and Conjur; Perform onboarding of privileged accounts across platforms such as Windows, Linux, databases (Oracle, SQL), cloud, and application environments, ensuring proper classification and secure vaulting; Manage end-to-end privileged account lifecycle including inventory collection, validation, ownership mapping, approval coordination, and onboarding; Implement and manage Just-in-Time (JIT) privileged access and session management controls; Enforce password and credential management policies including automated password rotation, password complexity enforcement, and secure credential storage; Manage secrets for applications using Conjur or equivalent secrets management solutions; Identify and manage accounts requiring special handling (e.G., service accounts, shared accounts, non-rotating accounts), ensuring appropriate controls and risk mitigation; Monitor password compliance and remediate accounts not adhering to defined rotation or policy standards; Provide Level 2/3 support for PAM-related incidents and service requests; Troubleshoot issues related to CyberArk and integrations with Active Directory, Entra ID (Azure AD), IAM tools, SIEM platforms, and ServiceNow; Perform regularhealth checks, system monitoring, patching, and upgrades of CyberArk infrastructure; Automate PAM processes using scripting and APIs (PowerShell, Python, REST APIs, psPAS) to reduce manual effort; Support bulk onboarding and large-scale privileged account management through automation and standardized methods; Design and support integrations between PAM and enterprise IAM systems (e.G., SailPoint, Saviynt, Entra ID) for identity lifecycle and access governance alignment; Maintain documentation including SOPs, onboarding procedures, runbooks, and automation scripts; Collaborate with application, infrastructure, and cloud teams to enforce least privilege access and secure credential usage; Participate in audit and compliance activities by providing evidence, reporting, and demonstrating control effectiveness; Support governance activities including account recertification, ownership validation, and compliance monitoring; Profile:Bachelor or Master degree; +4 years of experience in IT security, IAM, or PAM engineering; Strong hands-onexperience with CyberArk PAM suite (Vault, CPM, PSM, PVWA); Experience withCyberArk Conjur or other enterprise secrets management solutions; Strong understanding of Just-in-Time (JIT) access xqysrnh and privileged session management; Experience integrating PAM with IAM platforms (e.G., SailPoint, Saviynt, Entra ID / Azure AD); Experience managing privileged access in cloud environments (Azure, AWS); Strong understanding of Windows, Linux, Active Directory, and database systems (Oracle, SQL); Strong scripting and automation experience (PowerShell, Python, REST APIs); Experience withITSM tools such as ServiceNow and incident/change management processes; Knowledge of security controls, audit frameworks, and compliance standards; Strong analytical and problem-solving skills; Preferred qualifications:CyberArk Defender / Sentry certification; Experience implementing Conjur in DevOps / CI-CD environments; Experience withPrivileged Threat Analytics (PTA) or advanced monitoring tools; Exposure to container platforms (Kubernetes, OpenShift) and secrets management; Familiarity with Zero Trust security architecture

Candidates need to be flexible to work 3 hours in US Eastern Time where requiredWork permit is not provided. Candidates need to be fluent in English.Tasks and responsibilities:Install, configure, and maintain CyberArk components including Vault, PVWA, CPM, PSM, PTA, and Conjur; Perform onboarding of privileged accounts across platforms such as Windows, Linux, databases (Oracle, SQL), cloud, and application environments, ensuring proper classification and secure vaulting; Manage end-to-end privileged account lifecycle including inventory collection, validation, ownership mapping, approval coordination, and onboarding; Implement and manage Just-in-Time (JIT) privileged access and session management controls; Enforce password and credential management policies including automated password rotation, password complexity enforcement, and secure credential storage; Manage secrets for applications using Conjur or equivalent secrets management solutions; Identify and manage accounts requiring special handling (e.G., service accounts, shared accounts, non-rotating accounts), ensuring appropriate controls and risk mitigation; Monitor password compliance and remediate accounts not adhering to defined rotation or policy standards; Provide Level 2/3 support for PAM-related incidents and service requests; Troubleshoot issues related to CyberArk and integrations with Active Directory, Entra ID (Azure AD), IAM tools, SIEM platforms, and ServiceNow; Perform regularhealth checks, system monitoring, patching, and upgrades of CyberArk infrastructure; Automate PAM processes using scripting and APIs (PowerShell, Python, REST APIs, psPAS) to reduce manual effort; Support bulk onboarding and large-scale privileged account management through automation and standardized methods; Design and support integrations between PAM and enterprise IAM systems (e.G., SailPoint, Saviynt, Entra ID) for identity lifecycle and access governance alignment; Maintain documentation including SOPs, onboarding procedures, runbooks, and automation scripts; Collaborate with application, infrastructure, and cloud teams to enforce least privilege access and secure credential usage; Participate in audit and compliance activities by providing evidence, reporting, and demonstrating control effectiveness; Support governance activities including account recertification, ownership validation, and compliance monitoring; Profile:Bachelor or Master degree; +4 years of experience in IT security, IAM, or PAM engineering; Strong hands-onexperience with CyberArk PAM suite (Vault, CPM, PSM, PVWA); Experience withCyberArk Conjur or other enterprise secrets management solutions; Strong understanding of Just-in-Time (JIT) access xqysrnh and privileged session management; Experience integrating PAM with IAM platforms (e.G., SailPoint, Saviynt, Entra ID / Azure AD); Experience managing privileged access in cloud environments (Azure, AWS); Strong understanding of Windows, Linux, Active Directory, and database systems (Oracle, SQL); Strong scripting and automation experience (PowerShell, Python, REST APIs); Experience withITSM tools such as ServiceNow and incident/change management processes; Knowledge of security controls, audit frameworks, and compliance standards; Strong analytical and problem-solving skills; Preferred qualifications:CyberArk Defender / Sentry certification; Experience implementing Conjur in DevOps / CI-CD environments; Experience withPrivileged Threat Analytics (PTA) or advanced monitoring tools; Exposure to container platforms (Kubernetes, OpenShift) and secrets management; Familiarity with Zero Trust security architecture