Senior CyberArk Engineer
Santander
full-time
Posted on:
Location Type: Hybrid
Location: Dallas • Florida, Massachusetts, Texas • 🇺🇸 United States
Visit company websiteSalary
💰 $101,250 - $180,000 per year
Job Level
Senior
Tech Stack
AWSAzureCloudDNSFirewallsGoogle Cloud PlatformLinuxPythonVault
About the role
- Responsible for architecting, deploying, and maintaining privileged access security solutions using the CyberArk suite.
- Ensure the protection of critical systems, credentials, and privileged accounts while aligning with security best practices and regulatory requirements.
- Design, deploy, configure, and maintain the full on-premises CyberArk Privileged Access Security (PAS) suite.
- Implement and maintain CyberArk safes, platforms, policies, and connectors.
- Integrate CyberArk with enterprise systems, including LDAP/AD, and SIEM ticketing systems, and cloud platforms (AWS, Azure, GCP).
- Build and maintain custom connectors and plugins for applications and infrastructure.
- Develop and enforce privileged access policies and best practices.
- Conduct threat modeling and ensure PAM alignment with regulatory frameworks (SOX, GLBA, NYDFS , etc.).
- Review privileged access workflows and recommend improvements to strengthen security posture.
- Automate onboarding of privileged accounts, systems, and applications using REST APIs, PowerShell, Python, or similar tools.
- Tune CPM/PSM performance, optimize vault operations, and improve automated credential rotation processes.
- Implement continuous monitoring, alerting, and reporting mechanisms.
- Serve as a subject matter expert (SME) for CyberArk-related issues across infrastructure, development, and security teams.
- Troubleshoot complex vaulting, credential, and session management issues.
- Perform CyberArk upgrades, patching, health checks, and system hardening.
- Participate in on-call rotations and provide escalation-level support.
- Work closely with IAM, security operations, risk, and compliance stakeholders.
- Provide guidance and mentorship to junior engineers.
- Develop documentation, runbooks, and best practice guides.
Requirements
- Bachelor's Degree or equivalent work experience: Computer Science/Software Engineering or equivalent field. - Required.
- 5+ years of experience in Information Security or Identity and Access Management.- Required
- 5+ years of hands-on on-premises CyberArk engineering experience.-Required
- Strong understanding of privileged access management principles.-Required
- Proficiency with: PowerShell, Python, or equivalent scripting languages.
- Windows and Linux administration.
- Active Directory, LDAP, MFA integrations.
- Networking basics (firewalls, proxies, DNS).
- Experience supporting large-scale, high-availability PAM environments.
- Threat and vulnerability management related to privileged access.
- Background in regulated industries (finance, healthcare, government).
- Strong analytical, problem-solving, and debugging skills.
- Excellent communication and documentation abilities.
- Ability to lead complex projects with minimal supervision.
- High attention to detail and commitment to security best practices.
- Certifications: CyberArk Defender, Sentry, or Guardian certifications.-Preferred
- Established work history or equivalent demonstrated through a combination of work experience, training, military service, or education.
- Experience in Microsoft Office products.
Benefits
- Link to Santander Benefits: Santander Benefits - 2025 Santander OnGoing/NH eGuide (foleon.com)
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
CyberArkPowerShellPythonWindows administrationLinux administrationActive DirectoryLDAPMFA integrationsREST APIsnetworking basics
Soft skills
analytical skillsproblem-solving skillsdebugging skillscommunication abilitiesdocumentation abilitiesleadershipattention to detailmentorship
Certifications
CyberArk DefenderCyberArk SentryCyberArk Guardian