Sr. PAM Engineer

Senior PAM Engineer (CyberArk Privilege Cloud ? SaaS) Location: Remote / India Company: GSPANN Experience Level: 5?10 Years | Function: IAM / PAM Operations & Architecture About the Role We are looking for an experienced PAM Engineer (CyberArk) to join our global Identity and Access Management team supporting the Carlsberg?Britvic Privilege Cloud environment. You?ll play a key role in managing and expanding a multi-region CyberArk Privilege Cloud (SaaS) deployment hosted on AWS , securing more than 3,200 privileged accounts across Europe and Asia. This is a high-impact role where operational excellence meets architectural finesse ? perfect for someone who thrives on building secure, scalable, and compliant PAM ecosystems. Key Responsibilities Operate and enhance CyberArk Privilege Cloud (Vault, PVWA, PSM, CPM) across Western Europe, Asia, and China regions. Oversee Tier-0 and Tier-1 privileged account onboarding (Windows, Unix, SAP, Network, DB). Administer Secure Tunneling and SIA (Zero Standing Privilege) integrations for cloud and hybrid assets. Conduct daily and weekly health checks, license reviews, and governance reporting (Safe-level, inventory, and audit decks). Implement and maintain password rotation, dual-control, and check-in/out policies following enterprise compliance standards. Collaborate with IAM, SOC/SIEM (Splunk), and Network teams to ensure monitoring, auditability, and compliance readiness. Manage regional CAB change requests for upgrades, patching, and new integrations (PSM/CPM v14.x). Maintain runbooks, SOPs, and automation scripts (PowerShell / REST API) for repeatable operations. Perform DNA scans, risk remediation, and license optimization in alignment with audit findings. Required Skills & Experience 5+ years of experience in Privileged Access Management , including CyberArk Privilege Cloud or Self-Hosted . Proven expertise with PSM, CPM, PVWA, and Secure Tunnel configurations. Deep understanding of Active Directory integration , MFA (Microsoft Authenticator), and LDAP-based access controls . Experience handling cross-region governance (Europe, Asia, China) and CAB-driven change management . Strong troubleshooting ability: rotation failures, reconciliation issues, DNS/FQDN diagnostics, and connector logs. Familiarity with SIEM integration (Splunk, CEF/LEEF), log correlation, and compliance reporting. Hands-on with PowerShell automation and REST API scripting for account onboarding and health checks. Understanding of Zero Standing Privilege (SIA) and Privileged Session Management strategies in SaaS environments. Preferred Qualifications CyberArk Certified Delivery Engineer (CDE) or Trustee certification . Working knowledge of AWS IAM, Azure AD , and cloud-native access control models. Experience designing PAM playbooks, automation frameworks, or audit dashboards. Exposure to regulated industries (Beverage, Manufacturing, FMCG, or Global Operations). Why Join Us Be part of a global IAM transformation initiative that defines modern PAM excellence. Work alongside top cybersecurity experts across Europe and India. Own complex Cloud-based PAM architecture leveraging secure tunnels, SIA, and multi-region redundancy. Gain hands-on exposure to next-gen PAM governance, automation, and compliance frameworks . Apply now if you are passionate about fortifying enterprise security and want to be part of a mission that safeguards digital trust at scale. ?? Send your CV / profile to [email protected]