Job Description

Project Role :

Security Architect

Project Role Description :

Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations.

Must have skills :

CyberArk Privileged Access Management

Good to have skills :

NA

Minimum

3

year(s) of experience is required

Educational Qualification :

15 years full time education



Summary: Hands-on with PAM (HashiCorp Vault / Thycotic) The PAM Consultant will be responsible for designing, implementing, administering, and optimizing Privileged Access Management solutions using HashiCorp Vault and Delinea (Thycotic) Secret Server. The role ensures secure credential management, privileged session governance, policy enforcement, and compliance across hybrid and multi-cloud environments. Roles & Responsibilities: -Deploy, configure, and maintain HashiCorp Vault Enterprise (Secrets Engine, PKI, KV, Transit, Identity, Workflow Automation). -Administer Thycotic Secret Server / Delinea Privilege Manager including safe creation, secret rotation, workflows & access policies. -Build and maintain credential rotation policies for servers, databases, applications, and cloud workloads. -Troubleshoot Vault and Thycotic infrastructure issues, integrations, and performance bottlenecks. -Implement PAM controls across AD, cloud (Azure/AWS/GCP), Linux/Unix, Network devices, and DevOps pipelines. -Manage onboarding of privileged accounts, application accounts, and service accounts. -Enforce least-privilege access, just-in-time access, and session monitoring policies. -Conduct periodic privileged access reviews and compliance reporting. Integrate Vault/Thycotic with identity platforms (Azure AD, Okta, Ping, AD). Automate secret retrieval and rotation using APIs, REST, CLI, Terraform, Python, or Ansible. Enable Vault integrations with CI/CD tools (GitHub, GitLab, Jenkins, Argo, Kubernetes). Implement Vault Agent / sidecar patterns in containerized environments. Monitor PAM system health, performance, logging, and event anomalies. Support incident investigations involving privileged misuse or credential exposure. Implement robust backup, disaster recovery, and high-availability configurations. Conduct vulnerability remediation related to privileged account exposures. Maintain architecture diagrams, SOPs, and operational runbooks. Provide PAM guidance to application teams, cloud teams, and security stakeholders. Conduct training sessions for privileged users and operational teams. Professional & Technical Skills: -Hands-on experience with HashiCorp Vault (Enterprise preferred): -Secrets Engines (KV v2, DB, SSH, Transit, PKI, AWS, Azure) -Vault clusters, namespaces, HSM integration, replication -Vault authentication methods (OIDC, LDAP, Kubernetes) -Strong expertise in Delinea/Thycotic Secret Server: -Secret lifecycle management -PAM workflows, password rotation -Privileged Session Management -Good understanding of IAM, RBAC, MFA, SSO and Zero Trust. -Windows & Linux administration -Active Directory privileged account management -Cloud IAM (Azure AD, AWS IAM, GCP IAM) -Scripting: PowerShell, Bash, Python -Infrastructure-as-Code: Terraform, Ansible -REST APIs and automation frameworks. -HashiCorp Vault Associate / Vault Expert Certification. -Delinea / Thycotic Secret Server Professional Certification. -Experience with PAM in regulated industries (BFSI, Healthcare, Energy). -Exposure to DevSecOps, Kubernetes security, and cloud security architecture. Additional Information: - The candidate should have minimum 3 years of experience in CyberArk Privileged Access Management. - This position is based at our Bengaluru office. - A 15 years full time education is required.




15 years full time education