Overview

The CyberArk Solution Architect leads the design, planning, and implementation activities required to migrate federal government applications into the CyberArk Privileged Access Management (PAM) platform. This role is responsible for gathering and documenting requirements, analyzing current-state privileged access management processes, identifying privileged and non-privileged accounts requiring migration, and designing secure CyberArk onboarding solutions across multiple enterprise applications.

The architect collaborates with application teams, infrastructure teams, database administrators, cloud engineers, and security stakeholders to define how accounts, credentials, secrets, and access policies will be securely managed within CyberArk. Responsibilities include documenting CyberArk safe design requirements, credential management workflows, account onboarding strategies, application integration requirements, and operational support considerations.

This role requires deep knowledge of CyberArk components including Enterprise Password Vault (EPV), Password Vault Web Access (PVWA), Central Policy Manager (CPM), Privileged Session Manager (PSM), and application credential management capabilities. The architect will also support integration strategies for AWS Secrets Manager and custom application secrets.

The CyberArk Solution Architect will lead technical discovery efforts, facilitate requirements workshops, develop Jira epics and user stories, and provide architectural guidance to implementation teams throughout the project lifecycle. Success in this role requires strong analytical skills, excellent communication abilities, experience supporting federal government environments, and the ability to manage complex technical initiatives across multiple stakeholders.

Key Functions

• Lead requirements gathering sessions with application, infrastructure, security, and business stakeholders for CyberArk onboarding initiatives.
• Document current-state privileged access management processes and account usage across multiple applications and environments.
• Identify and inventory accounts requiring migration into CyberArk, including:
  • Service accounts
  • Database service accounts
  • User database accounts
  • Application accounts
  • Application secrets
  • AWS Secrets Manager-managed secrets
  • Custom application-managed secrets
• Design and document CyberArk onboarding approaches for applications and infrastructure components.
• Define and document CyberArk safe structures, access models, RBAC requirements, and credential storage strategies.
• Research and document application integration requirements needed for applications to securely retrieve and use credentials stored in CyberArk.
• Analyze dependencies, authentication methods, credential rotation impacts, and operational constraints associated with migrating accounts into CyberArk.
• Develop architectural diagrams, workflow documentation, and implementation guidance for CyberArk integrations.
• Create and maintain Jira epics, features, and user stories to support implementation and migration activities.
• Collaborate with application development teams to identify code or configuration changes required to integrate with CyberArk-managed credentials.
• Support the development of credential rotation policies, access control policies, and privileged access governance standards.
• Provide technical leadership and guidance to implementation teams throughout planning, design, testing, and deployment phases.
• Coordinate with cloud engineering teams regarding AWS Secrets Manager integrations and hybrid secret management approaches.
• Participate in technical reviews, risk assessments, and solution validation activities.
• Maintain positive working relationships with federal clients, delivery teams, and stakeholders while supporting mission-critical systems.

Minimum Qualifications

• Bachelor's degree and 6 years of relevant experience.
• An additional 2 years of experience with an Associate's Degree.
• An additional 4 years of experience with a high school diploma.
• Strong experience implementing or supporting CyberArk Privileged Access Management (PAM) solutions.
• Experience with CyberArk Enterprise Password Vault (EPV), Password Vault Web Access (PVWA), Central Policy Manager (CPM), and Privileged Session Manager (PSM).
• Experience designing and documenting CyberArk safe structures, credential policies, and privileged access models.
• Experience onboarding service accounts, application accounts, database accounts, and secrets into CyberArk.
• Experience gathering and documenting technical and functional requirements across enterprise application environments.
• Experience documenting requirements as Jira epics and user stories.
• Strong understanding of credential management, password rotation, privileged access governance, and security best practices.
• Experience integrating applications with CyberArk-managed credentials and secrets.
• Experience supporting cloud-based secret management solutions such as AWS Secrets Manager.
• Excellent verbal and written communication skills.
• Strong analytical, documentation, and problem-solving skills.
• Ability to shift focus between competing priorities in a fast-paced environment.
• Demonstrates leadership in the face of ambiguity and works proactively to drive issues to resolution.

Preferred Qualifications or Skills

• CyberArk Defender, Sentry, or Guardian certification.
• Experience supporting federal government systems or environments.
• Experience supporting Public Trust or other federal security compliance requirements.
• Experience working in AWS cloud environments.
• Familiarity with identity and access management (IAM) and privileged access management (PAM) frameworks.
• Experience working within enterprise cybersecurity modernization initiatives.
• Experience using Jira and Confluence.
• Familiarity with DevSecOps and infrastructure automation practices.