Santander US Privileged Access Management (PAM) Senior CyberArk Engineer

Overview

The Senior CyberArk Engineer is responsible for architecting, deploying, and maintaining privileged access security solutions using the CyberArk suite. This role ensures the protection of critical systems, credentials, and privileged accounts while aligning with security best practices and regulatory requirements. The ideal candidate possesses deep hands-on expertise with CyberArk Privileged Access Security (PAS), strong security engineering skills, and experience operating in large, complex environments.

Key Responsibilities

CyberArk Engineering & Administration

• Design, deploy, configure, and maintain the full on-premises CyberArk Privileged Access Security (PAS) suite, including:
  • Enterprise Password Vault (EPV)
  • Privileged Session Manager (PSM)
  • Privileged Session Manager for SSH (PSM-SSH)
  • Central Policy Manager (CPM)
  • Privileged Threat Analytics (PTA)
• Implement and maintain CyberArk safes, platforms, policies, and connectors.
• Integrate CyberArk with enterprise systems, including LDAP/AD, and SIEM ticketing systems, and cloud platforms (AWS, Azure, GCP).
• Build and maintain custom connectors and plugins for applications and infrastructure.

Security Architecture & Governance

• Develop and enforce privileged access policies and best practices.
• Conduct threat modeling and ensure PAM alignment with regulatory frameworks (SOX, GLBA, NYDFS, etc.).
• Review privileged access workflows and recommend improvements to strengthen security posture.

Automation & Continuous Improvement

• Automate onboarding of privileged accounts, systems, and applications using REST APIs, PowerShell, Python, or similar tools.
• Tune CPM/PSM performance, optimize vault operations, and improve automated credential rotation processes.
• Implement continuous monitoring, alerting, and reporting mechanisms.

Operations & Support

• Serve as a subject matter expert (SME) for CyberArk-related issues across infrastructure, development, and security teams.
• Troubleshoot complex vaulting, credential, and session management issues.
• Perform CyberArk upgrades, patching, health checks, and system hardening.
• Participate in on-call rotations and provide escalation-level support.

Collaboration & Training

• Work closely with IAM, security operations, risk, and compliance stakeholders.
• Provide guidance and mentorship to junior engineers.
• Develop documentation, runbooks, and best practice guides.

Required Qualifications

• 58+ years of experience in Information Security or Identity and Access Management.
• 35+ years of hands-on CyberArk engineering experience.
• Strong understanding of privileged access management principles.
• Proficiency with:
  • PowerShell, Python, or equivalent scripting languages
  • Windows and Linux administration
  • Active Directory, LDAP, MFA integrations
  • Networking basics (firewalls, proxies, DNS)
• Experience supporting large-scale, high-availability PAM environments.

Preferred Qualifications

• CyberArk Defender, Sentry, or Guardian certifications.
• Experience with:
  • Threat and vulnerability management related to privileged access
• Background in regulated industries (finance, healthcare, government).

Core Competencies

• Strong analytical, problem-solving, and debugging skills.
• Excellent communication and documentation abilities.
• Ability to lead complex projects with minimal supervision.
• High attention to detail and commitment to security best practices.