Senior CyberArk Engineer [Interim]

Remote Full-time
CyberArk Engineer
Interim / Contract | 100% Remote (CET working hours preferred) | 6 months rolling engagement — multi-year programme

Our client, a major European grocery retail group, is running a business-critical programme to modernise and secure Identity and Access Management across its operations in Belgium, Serbia, Greece and Romania. A central pillar is onboarding all business-critical and cyber-critical assets onto a centralised Privileged Access Management (PAM) solution — built on CyberArk and complemented by Azure Entra PIM for cloud-native workloads — supporting Zero Trust principles across hybrid, multi-cloud and on-premises environments.
You join an established team of CyberArk engineers, working alongside a global PAM function, as the programme scales up its onboarding capacity. You report to the regional IAM Team Leader and own privileged-access use cases end-to-end — from first engagement with an application owner, through technical onboarding and testing, to formal sign-off and operational handover.

About Riverflex
Riverflex was founded in Amsterdam and London in 2018, eventually growing into a global team of consultants united by a mission to help courageous leaders drive transformative change. Today, we offer an integrated service through three service pillars: strategy and transformation consulting that Creates Change, talent services that Build Teams, and business-accelerating products that Augment Intelligence. For more information, visit www.riverflex.com.

Responsibilities
Application & infrastructure onboarding (core of the role)
You own privileged-access onboarding use cases end-to-end across network devices, infrastructure platforms, databases, cloud workloads and business applications.
You run application-owner discovery: leading intake meetings, completing intake forms, and capturing server, database, web-layer and privileged-role detail per use case.
You onboard accounts into CyberArk: duplicating and configuring platforms, creating Safes, assigning accounts, and configuring CPM password rotation and PSM / PSM-for-SSH session management.
You coordinate UAT with application owners through to closure: collecting evidence, securing formal sign-off, updating the Safe repository and handing over to Operations.
You keep the onboarding tracker and Jira board current, logging newly discovered access layers as separate tickets for scope traceability.
Account & credential management
You onboard and manage both personal privileged accounts and non-personal / service accounts.
You configure credential vaulting and automated rotation, and manage resource and group mappings for onboarded accounts.
You support self-service and API-driven onboarding at scale (e.g. REST-API store rollouts).
Connectors, integration & troubleshooting
You configure and support core CyberArk components: Digital Vault, PVWA, CPM, PSM, PSM for SSH (PSMP) and Credential Provider (AAM / CCP).
You diagnose and resolve onboarding blockers — CPM rotation failures, PSM/PKI certificate and CRL issues, LDAP integration, GPO/NTLM and network-connectivity problems.
You support platform activities such as Vault upgrades and primary-site switches, including re-verification of custom plugins post-upgrade.
Stakeholder engagement & delivery coordination
You act as first point of contact for application teams, engaging owners, vendors and regional / platform teams (network, storage, database, SAP Basis) to unblock onboarding.
You drive resistant application owners to commitment, using programme wave initiatives and business-security-advisor input as leverage.
You contribute to PAM strategy and architectural decisions and feed sizing / effort data into PI planning.
Documentation & compliance
You maintain documentation on configurations, onboarding processes, Safe repositories and audit controls.
You support break-glass, vaulting-standard and Definition-of-Done work in line with programme requirements.

Job requirements
3+ years hands-on experience in CyberArk engineering and administration (on-premises; SaaS exposure an advantage).
Strong knowledge of CyberArk components: Digital Vault, PVWA, CPM, PSM, PSM for SSH (PSMP), AAM / Credential Provider (CCP).
Proven end-to-end application and infrastructure onboarding experience: discovery, platform / Safe configuration, CPM rotation, PSM session management, UAT and sign-off.
Strong troubleshooting across CPM rotation, PKI/CRL and certificate issues, LDAP integration and network connectivity.
Confident, customer-facing engagement with application owners, vendors and platform teams; able to drive resistant stakeholders to commitment.
Familiarity with Jira-based delivery tracking and disciplined intake / documentation and compliance evidence collection.
Fluent in English.
The following are a plus:
Experience configuring web and SSH connectors, and developing or customising CPM plugins and PSM connectors for non-standard targets (e.g. thick-client and homegrown applications).
Proficiency in PowerShell and the CyberArk REST API for automation and bulk / self-service onboarding.
Working knowledge of Azure Entra ID / Entra PIM and how PAM complements directory services.

Why this role
This is a hands-on engineering seat on a multi-year, business-critical security programme at significant scale — securing privileged access across four countries and a broad estate of infrastructure, cloud and application systems. You’ll have real ownership of your use cases end-to-end, an established team and global function around you, and a long runway: the engagement is rolling with strong extension potential.

Apply now
Interested in this role? Submit your CV and a brief note on your relevant experience through the Riverflex website or reach out to our talent team directly.

We are an Equal Opportunity Employer and take pride in a diverse environment. We do not discriminate in recruitment, hiring, training, promotion, or other employment practices for reasons of race, color, religion, gender, sexual orientation, national origin, age, marital status, medical condition, or disability. Even if you believe you do not tick all the aforementioned requirements for the role, we still encourage you to take the time to apply.
Apply Now →

Similar Jobs

Experienced Registered Behavior Technician for In-Home ABA Therapy - Atlanta, GA

Remote

Immediate Hiring: Experienced Registered Behavioral Technician (RBT) for Clinic-Based ABA Therapy Services

Remote

Experienced Registered Behavioral Technician (RBT) - ABA Therapy for Children with Autism Spectrum Disorder

Remote

Experienced Registered Nurse - Telehealth: Providing Remote Care Coordination and Patient Support

Remote

Experienced Substitute Teacher for Riverside County Schools - Join Scoot Education's Innovative Team

Remote

Experienced Substitute Teacher for San Bernardino County - Flexible Schedules & Competitive Pay

Remote

Experienced School Year Instructional Coach for High-Dosage Tutoring Programs in Edgewater Park, NJ

Remote

Experienced School Year Tutor for K-8 Students in Math and Literacy - Mickleton, NJ

Remote

Experienced Secondary Social Studies Teacher for Kansas - Flexible Hybrid Remote Arrangement

Remote

USPS Office Helper

Remote

Work From Home Amazon Product Tester Jobs

Remote

Real Estate Associate Agent (1099) - Maple Valley

Remote

Fully Remote, Entry-Level Data Entry Specialist – Launch Your Career with Unlimited Growth Opportunities in a Dynamic and Supportive Work Environment

Remote

Print/Mail Insert Operator - ONSITE 3rd shift (15% shift diff!)

Remote

[Remote] Collection Representative - Remote

Remote

Sr. Engineering Manager - Transportation

Remote

Urgently Hiring: Need RN Clinical Care Leader Straight Nights

Remote

Part-Time Customer Service Representative – Remote Client Relations & Support Specialist at careerzynith

Remote

Southwest Software Engineer - Remote - $35/Hour - Workwarp - Immediate Openings Available

Remote

Teacher's Assistant

Remote
← Back