CyberArk Architect

Job Title: CyberArk Architect
Location: London - 2 days per week
Salary/Rate: Up to £600 per day inside IR35
Start Date: 20/04/2026
Job Type: Contract - 6 months

Company Introduction
We have an exciting opportunity now available with one of our sector-leading consultancy clients! They are currently looking for a skilled CyberArk Architect to join their team for a six-month contract.

Working on an Identity & Access Management (IAM) as part of an IT Controls Remediation programme delivering Privileged Access Management (PAM) with CyberArk and Identity Governance & Administration (IGA) with Saviynt. Further Integration with Workday (HR) as the authoritative source of identity and ServiceNow for access request workflows and operational processes.
The CyberArk PAM Architect will define and deliver the end-to-end architecture for a major Privileged Access Management implementation. This includes design of the CyberArk CorePAS platform, onboarding strategy for privileged accounts, vaulting, session control, credential rotation, JIT access, and integration with enterprise systems including AD, Entra ID, ServiceNow, and infrastructure/security tooling.
The role will be responsible for ensuring strong security foundations, scalable platform design, privileged account discovery, and embedding operational processes aligned to enterprise security controls.

Job Responsibilities/Objectives

• Own the overall CyberArk architectural blueprint, covering:
• Vault environment, PSM (Privileged Session Manager), CPM (Credential Provider Manager), Conjur or Alero (if applicable), EPM (Endpoint Privilege Management), JIT access and least privilege models
• Produce architectural artefacts: HLD, LLD, data flow diagrams, platform topology.
• Define privileged account onboarding strategy and classification model.
• Develop vaulting and credential rotation standards.
• Create session monitoring and audit strategies.
• Architect PAM operational model (day-to-day vault admin, break-glass, emergency access).
• Integrate CyberArk with:AD/Entra ID for authentication and group-based access, Windows/Linux/UNIX Servers, Databases, network devices, cloud platforms, ServiceNow for privileged access request workflows, SIEM/SOAR for alerting and monitoring
• Define API integrations for application credential management.
• Ensure PAM design aligns to:Zero Trust, NIST 800-53/800-63, CIS Controls, Internal SOX/ISO27001 requirements
• Implement controls for least privilege, JIT elevation, and removal of standing privileges.
• Act as the technical authority for PAM engineering teams.
• Validate configurations, policies, platform hardening, and onboarding plans.
• Define reusable design patterns for application onboarding.

Required Skills/Experience
The ideal candidate will have the following:

• IAM/PAM roles with strong experience as a CyberArk Architect.
• Hands-on experience designing and implementing: CyberArk Vault, PSM/PSMP, CPM and PVWA
• Strong understanding of privileged account classification, credential rotation, session monitoring, and JIT models.
• Experience onboarding:Windows/Linux Servers, Databases, Network devices, Cloud services (AWS/Azure)
• Experience integrating CyberArk with ServiceNow, SIEM, SSO, and enterprise directories.

Desirable Skills/Experience
Although not essential, the following skills are desired by the client:

• CyberArk CDE/CPE/CIM certifications (highly desirable).
• Experience in highly regulated environments (Banking/Insurance/Energy).
• Knowledge of DevOps secrets management and modern cloud PAM patterns.

If you are interested in this opportunity, please apply now with your updated CV in Microsoft Word/PDF format.

Disclaimer
Notwithstanding any guidelines given to level of experience sought, we will consider candidates from outside this range if they can demonstrate the necessary competencies.
Square One is acting as both an employment agency and an employment business, and is an equal opportunities recruitment business. Square One embraces diversity and will treat everyone equally. Please see our website for our full diversity statement.