CyberArk (EPM) Architect

HR Pundits
San Jose, United States of America
yesterday

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Intermediate

Job location

San Jose, United States of America

Tech stack

Microsoft Windows
Microsoft Active Directory
Apple Mac Systems
Automation of Tests
System Center Configuration Manager
Powershell
Zero Trust Network Access
Security Information and Event Management
Cyberark
Software Troubleshooting
Microsoft InTune
Deployment Automation
Sentry
Windows Security
REST
SentinelOne Expertise

Job description

Architect, deploy, and configure CyberArk EPM across enterprise Windows and macOS environments.

Lead end to end migration of CyberArk EPM policies, configurations, application groups, and rule sets from one environment/tenant to another.

Design and implement application control, privilege elevation, and least privilege strategies.

Develop, optimize, and troubleshoot EPM policies, trusted applications, and elevation rules.

Integrate CyberArk EPM with enterprise identity, security, and endpoint management platforms (Microsoft Intune, MECM/SCCM, SentinelOne, SIEM, etc.).

Automate deployment, policy management, and migration activities using PowerShell and REST APIs.

Perform architecture reviews, health assessments, and recommend best practices for performance, scalability, and security.

Collaborate with security, infrastructure, desktop engineering, and application teams throughout implementation and migration projects.

Create technical documentation, migration runbooks, and operational procedures.

Requirements

8+ years of endpoint security experience with 4+ years of hands-on CyberArk EPM architecture and implementation.

Proven experience deploying CyberArk EPM in large enterprise environments.

Strong experience migrating CyberArk EPM from one tenant/environment to another, including policy and configuration migration.

Deep understanding of application control, privilege management, allow/block rules, elevation policies, and sub process elevation.

Strong PowerShell scripting and API automation experience.

Experience with Microsoft Intune, MECM/SCCM, Active Directory, Entra ID, Windows security, and endpoint management.

Strong troubleshooting, communication, documentation, and stakeholder management skills.

CyberArk certifications (EPM, Defender, Sentry, or Guardian).

Experience with enterprise transformation, Zero Trust, and Privileged Access Management (PAM) initiatives.

Apply for this position