CyberArk Endpoint Privilege Manager (EPM) Architect
Mergen IT LLC
San Jose, United States of America
yesterday
Role details
Contract type
Permanent contract Employment type
Full-time (> 32 hours) Working hours
Regular working hours Languages
English Experience level
IntermediateJob location
San Jose, United States of America
Tech stack
Microsoft Windows
Microsoft Active Directory
Apple Mac Systems
Automation of Tests
System Center Configuration Manager
Powershell
Zero Trust Network Access
Security Information and Event Management
Cyberark
Microsoft InTune
Deployment Automation
Sentry
Windows Security
REST
SentinelOne Expertise
Job description
- Architect, deploy, and configure CyberArk EPM across enterprise Windows and macOS environments.
- Lead end to end migration of CyberArk EPM policies, configurations, application groups, and rule sets from one environment/tenant to another.
- Design and implement application control, privilege elevation, and least privilege strategies.
- Develop, optimize, and troubleshoot EPM policies, trusted applications, and elevation rules.
- Integrate CyberArk EPM with enterprise identity, security, and endpoint management platforms (Microsoft Intune, MECM/SCCM, SentinelOne, SIEM, etc.).
- Automate deployment, policy management, and migration activities using PowerShell and REST APIs.
- Perform architecture reviews, health assessments, and recommend best practices for performance, scalability, and security.
- Collaborate with security, infrastructure, desktop engineering, and application teams throughout implementation and migration projects.
- Create technical documentation, migration runbooks, and operational procedures.
Requirements
- 8+ years of endpoint security experience with 4+ years of hands on CyberArk EPM architecture and implementation.
- Proven experience deploying CyberArk EPM in large enterprise environments.
- Strong experience migrating CyberArk EPM from one tenant/environment to another, including policy and configuration migration.
- Deep understanding of application control, privilege management, allow/block rules, elevation policies, and sub process elevation.
- Strong PowerShell scripting and API automation experience.
- Experience with Microsoft Intune, MECM/SCCM, Active Directory, Entra ID, Windows security, and endpoint management.
- Strong troubleshooting, communication, documentation, and stakeholder management skills.
- CyberArk certifications (EPM, Defender, Sentry, or Guardian).
- Experience with enterprise transformation, Zero Trust, and Privileged Access Management (PAM) initiatives.
Experience integrating EPM with SIEM, EDR/XDR, and ITSM platforms.