CyberArk Architect
Posted Today by Square One Resources
£600 Per day
Inside
Undetermined
London, UK
Summary: The CyberArk Architect role involves leading the architectural design and implementation of a Privileged Access Management (PAM) solution using CyberArk within an Identity & Access Management (IAM) framework. The position requires expertise in CyberArk technologies and integration with various enterprise systems. The role is contract-based for six months, requiring a strong focus on security and operational processes. The successful candidate will work closely with engineering teams to ensure robust PAM solutions are delivered effectively.
Key Responsibilities:
- Own the overall CyberArk architectural blueprint, covering vault environment, PSM, CPM, and other components.
- Produce architectural artefacts: HLD, LLD, data flow diagrams, platform topology.
- Define privileged account onboarding strategy and classification model.
- Develop vaulting and credential rotation standards.
- Create session monitoring and audit strategies.
- Architect PAM operational model including day-to-day vault admin and emergency access.
- Integrate CyberArk with AD/Entra ID, servers, databases, cloud platforms, and ServiceNow.
- Define API integrations for application credential management.
- Ensure PAM design aligns with Zero Trust and compliance requirements.
- Act as the technical authority for PAM engineering teams.
- Validate configurations, policies, and onboarding plans.
- Define reusable design patterns for application onboarding.
Key Skills:
- Strong experience as a CyberArk Architect in IAM/PAM roles.
- Hands-on experience with CyberArk Vault, PSM/PSMP, CPM, and PVWA.
- Understanding of privileged account classification, credential rotation, and session monitoring.
- Experience onboarding Windows/Linux Servers, Databases, and Cloud services.
- Experience integrating CyberArk with ServiceNow, SIEM, SSO, and enterprise directories.
Salary (Rate): £600 daily
City: London
Country: UK
Working Arrangements: undetermined
IR35 Status: inside IR35
Seniority Level: undetermined
Industry: IT
Job Title:CyberArk Architect
Location: London - 2 days per week
Salary/Rate: Up to £600 per day inside IR35
Start Date: 07/04/2026
Job Type: Contract - 6 months
Company Introduction
We have an exciting opportunity now available with one of our sector-leading consultancy clients! They are currently looking for a skilled CyberArk Architect to join their team for a six-month contract.
Working on an Identity & Access Management (IAM) as part of an IT Controls Remediation programme delivering Privileged Access Management (PAM) with CyberArk and Identity Governance & Administration (IGA) with Saviynt. Further Integration with Workday (HR) as the authoritative source of identity and ServiceNow for access request workflows and operational processes.
The CyberArk PAM Architect will define and deliver the end-to-end architecture for a major Privileged Access Management implementation. This includes design of the CyberArk CorePAS platform, onboarding strategy for privileged accounts, vaulting, session control, credential rotation, JIT access, and integration with enterprise systems including AD, Entra ID, ServiceNow, and infrastructure/security tooling.
The role will be responsible for ensuring strong security foundations, scalable platform design, privileged account discovery, and embedding operational processes aligned to enterprise security controls.
Job Responsibilities/Objectives
Own the overall CyberArk architectural blueprint, covering:
Vault environment, PSM (Privileged Session Manager), CPM (Credential Provider Manager), Conjur or Alero (if applicable), EPM (Endpoint Privilege Management), JIT access and least privilege models
Produce architectural artefacts: HLD, LLD, data flow diagrams, platform topology.
Define privileged account onboarding strategy and classification model.
Develop vaulting and credential rotation standards.
Create session monitoring and audit strategies.
Architect PAM operational model (day-to-day vault admin, break-glass, emergency access).
Integrate CyberArk with:AD/Entra ID for authentication and group-based access, Windows/Linux/UNIX Servers, Databases, network devices, cloud platforms, ServiceNow for privileged access request workflows, SIEM/SOAR for alerting and monitoring
Define API integrations for application credential management.
Ensure PAM design aligns to:Zero Trust, NIST 800-53/800-63, CIS Controls, Internal SOX/ISO27001 requirements
Implement controls for least privilege, JIT elevation, and removal of standing privileges.
Act as the technical authority for PAM engineering teams.
Validate configurations, policies, platform hardening, and onboarding plans.
Define reusable design patterns for application onboarding.
Required Skills/Experience
The ideal candidate will have the following:
- IAM/PAM roles with strong experience as a CyberArk Architect.
- Hands-on experience designing and implementing: CyberArk Vault, PSM/PSMP, CPM and PVWA
- Strong understanding of privileged account classification, credential rotation, session monitoring, and JIT models.
- Experience onboarding:Windows/Linux Servers, Databases, Network devices, Cloud services (AWS/Azure)
- Experience integrating CyberArk with ServiceNow, SIEM, SSO, and enterprise directories.
Desirable Skills/Experience
Although not essential, the following skills are desired by the client:
- CyberArk CDE/CPE/CIM certifications (highly desirable).
- Experience in highly regulated environments (Banking/Insurance/Energy).
- Knowledge of DevOps secrets management and modern cloud PAM patterns.
If you are interested in this opportunity, please apply now with your updated CV in Microsoft Word/PDF format.
Disclaimer
Notwithstanding any guidelines given to level of experience sought, we will consider candidates from outside this range if they can demonstrate the necessary competencies.
Square One is acting as both an employment agency and an employment business, and is an equal opportunities recruitment business. Square One embraces diversity and will treat everyone equally. Please see our website for our full diversity statement.