CyberArk PAM Self-Hosted Architect

CyberArk PAM Self-Hosted Architect

+6 months +

+Fully remote working

+SC cleared role - must be elligible for clearance

Are you an experienced CyberArk Architect who can define and deliver enterprise-grade PAM and secrets-management platforms in secure, complex environments? We are seeking a highly skilled CyberArk PAM Self-Hosted Architect to take ownership of architectural strategy, design and integration across a major organisation.

This role is ideal for a senior expert who thrives on shaping security platforms, influencing stakeholders, and guiding delivery teams through best-practice implementation.

Responsibilities:

• Own the end-to-end architecture and high-level design for CyberArk PAM Self-Hosted and CyberArk Conjur, defining these as strategic platforms for privileged access and secrets management.

• Establish and maintain reference architectures, patterns, and standards for onboarding infrastructure, applications, DevOps platforms and third parties into CyberArk.

• Architect CyberArk PAM Self-Hosted components-Vault, PVWA, PSM, CPM, PSMP, PTA, DR-ensuring resilience, scalability, operational segregation and regulatory compliance.

• Design CyberArk Conjur / Secrets Manager Enterprise & Credential Provider for secure management of application, machine and DevOps secrets, integrating with:

  • CI/CD pipelines

  • Containers and Kubernetes/OpenShift

  • Multi-cloud platforms

• Collaborate with security, DevOps and infrastructure teams to integrate CyberArk with AD/LDAP, SAML/OIDC identity providers, SIEM (e.g. Splunk), ITSM, and MFA solutions.

• Lead installation, configuration, testing and handover of CyberArk secrets-management solutions into Run & Maintain teams.

• Provide architectural leadership on privileged access risk reduction through threat modelling, control selection and adherence to security policies.

• Act as a trusted advisor to senior stakeholders (CISO, security architects, platform owners, programme leadership), translating complex PAM/secret-management designs into clear business outcomes.

Required skills:

• Typically 7+ years' experience in cybersecurity architecture, with strong PAM expertise in complex and regulated environments.

• Proven hands-on architectural experience with CyberArk PAM Self-Hosted, including most of: Vault, PVWA, PSM, CPM, PSMP, PTA, DR.

• Strong experience designing and integrating CyberArk Conjur / Credential Provider for application and DevOps secrets.

• Demonstrable experience integrating CyberArk with:

  • AD/LDAP

  • SAML/OIDC identity providers

  • SIEM tools

  • ITSM/ticketing systems

  • At least one MFA platform

• Solid understanding of DevOps and cloud-native ecosystems, including Kubernetes, OpenShift, containers, Jenkins, CI/CD and IaC, and embedding CyberArk Conjur into these pipelines.

• Strong awareness of security and audit standards (NCSC, ISO 27001, NIST, FCA/financial, government).

• Excellent communication and stakeholder management skills, able to articulate PAM and secrets architecture to both technical and non-technical audiences.

• Experience working in or with secure, classified or national security environments.

• Strong documentation skills (HLDs, LLDs, design patterns, architecture decisions).

• Proven track record leading and delivering multiple CyberArk PAM and secrets-management projects.

If you'd like to discuss this CyberArk PAM Self-Hosted Architect in more detail, please send your updated CV to chloe.manerowkski@cbsbutler.com and I will get in touch.