PAM Architect with CyberArk

The world of global advisory audit and tax compliance services for large multi-nationals is rapidly changing and heavily dependent on technology.

The KPMG Delivery Network (KDN) is a KPMG special purpose member firm offering a way for clients to leverage KPMG top talent and technology platforms through regional teams of specialists enabling economies of scale and a new way of working that expands beyond local capability

Together with KDN KPMG member firms can drive the sales and delivery of global solutions at a competitive price and in a repeatable and consistent manner. As a member of KDN youll be a part of the KPMG family working alongside some of our professions most skilled practitioners on rewarding programs and initiatives that are changing the way business operates delivering value to our clients and driving positive change in the communities we serve.

Youll be enabling KDN accelerate new ways of working using cutting-edge technology and working together with our member firms located in nearly 150 countries to help us achieve our ambition to be the most trusted and trustworthy professional services firm.

And through your work youll build a global network and unlock opportunities that you may not have thought possible with access to great support vast resources and an inclusive supportive environment to help you reach your full potential.

Our KDN Bulgaria Cloud Services unit is focused on designing building securing and managing cloud native & hybrid platforms for the KPMG group of member firms as well as providing cloud advisory and engineering services to external clients.

The PAM Architect with strong hands-on expertise in CyberArkis responsible for designing and operating privileged access controls across enterprise environments. The role emphasizes automation-first delivery using Python PowerShell and Bash deep knowledge of Windows and Linux administration and the ability to extend privileged access governance into Azure and hybrid architectures while improving security posture audit readiness and operational efficiency.

Your responsibilities:

• Design implement and own enterprise Privileged Access Management (PAM) architecture and operations centered on CyberArk delivering secure scalable controls for human and non-human privileged identities across cloud hybrid and on-prem environments.
• Advise Security Architecture IAM Platform Engineering and Infrastructure teams on privileged access design patterns onboarding strategy and risk reductiontranslating policy and compliance requirements into enforceable technical controls.
• Lead hands-on deployment and configuration of core CyberArk capabilities (e.g. vaulting session management credential rotation onboarding/offboarding workflows and privileged access governance) ensuring high availability resilience and operational readiness.
• Engineer automated onboarding and lifecycle management for privileged accounts safes platforms and policies using PowerShell Python and Bashbuilding reusable modules and pipelines that standardize provisioning reduce manual effort and improve control consistency.
• Integrate CyberArk with identity providers and enterprise access systems (SSO/MFA/conditional access directory services) and design robust authentication authorization and approval workflows for privileged sessions and credential retrieval.
• Enable secure machine-to-machine access by implementing patterns for application identities service accounts APIs keys certificates and secrets including rotation least privilege and auditability across Windows and Linux workloads.
• Drive adoption of privileged session controls and monitoringimplementing session recording command/control policies (where applicable) and evidence retention to support incident response forensics and regulatory audits.
• Partner with cloud and Azure engineering teams to extend PAM controls into Azure (subscriptions resources automation accounts DevOps pipelines and cloud-native identities) ensuring privileged access is governed consistently across cloud and on-prem.
• Define and maintain PAM standards reference architectures hardening baselines and operational runbookscovering safe design platform configurations credential types rotation schedules break-glass procedures and emergency access.
• Troubleshoot complex integration and operational issues across CyberArk components directories endpoints and network dependenciesproviding deep technical support and root-cause analysis to maintain service reliability and performance.
• Establish metrics and continuous improvement practices for PAM effectiveness (onboarding coverage rotation compliance session governance access review outcomes) driving measurable reduction in privileged risk and improved audit posture.
• Provide technical leadership to engineers and stakeholders through workshops enablement sessions and hands-on guidanceaccelerating onboarding of new systems improving operational maturity and ensuring secure-by-design delivery.

What you bring in:

• Bachelors or Masters degree in computer science Cybersecurity Information Systems Engineering or a related technical field.
• CyberArk certifications strongly preferred:
  • CyberArk Defender (PAM)
  • CyberArk Sentry
  • CyberArk Guardian
• Additional IAM or security certifications beneficial:
  • CISSP CISM CCSP
  • Microsoft Entra ID / Azure security certifications
  • TOGAF or equivalent architecture certification (advantage)
• 812 years of experience in identity security PAM engineering IAM or security architecture roles.
• Proven experience designing and implementing CyberArk PAM solutions in enterprise or highly regulated environments.
• Hands-on experience with privileged access across Windows Linux/Unix databases network devices cloud platforms and applications.
• Experience integrating PAM with cloud (AWS Azure GCP) DevOps and CI/CD environments.
• Demonstrated ability to advise senior stakeholders on privileged access risks architectural trade-offs and remediation strategies.
• Experience supporting audits compliance initiatives and security risk assessments related to privileged access.

What we offer:

• The chance to work in a top talent team
• Attractive remuneration
• Build knowledge in cutting-edge technologies
• Opportunity for continuous training learning and certification
• Experience in an international and multicultural organization
• Work on challenging projects with clients in various industries around the globe
• Modern office environment
• Additional health insurance
• Life insurance
• 50 benefits and services to choose from
• Hybrid working policy