Snr CyberArk Cloud (PAM) Architect - OUTSIDE IR35 at Costello & Reyes Group Limited, London & Remote, 12 to 18 Months, £Contract Rate

Costello & Reyes Group Ltd has been engaged by its client, an international Finance house to identify a CyberArk (PAM) Architect for an initial 12 - 18 months engagement (with a likelihood to extend).

Overview

The Senior CyberArk Architect will be responsible for designing, implementing, and governing enterprise-grade Privileged Access Management (PAM) and identity security solutions across complex hybrid and multi-cloud environments. This role requires deep technical expertise in CyberArk platforms, identity security architecture, and Zero Trust principles, alongside strong experience integrating security technologies across cloud, infrastructure, and enterprise identity ecosystems.

The role will act as a senior technical authority, shaping security architecture decisions, leading implementation strategy, and ensuring alignment with industry frameworks and organisational security standards.

Key Responsibilities

Security Architecture & Design

Lead the design and implementation of enterprise Privileged Access Management (PAM) architectures using CyberArk Cloud Platform.

Develop end-to-end identity and security architectures aligned to Zero Trust principles.

Define and govern secure identity lifecycle management across cloud and on-prem environments.

Design and integrate certificate management and PKI solutions within enterprise security architecture.

Provide architectural oversight for Secure Services Edge (SSE) and Zero Trust Network Access (ZTNA) implementations.

Technology Leadership & Implementation

Architect and support CyberArk solutions including:

o CyberArk SaaS (SCA - Secure Cloud Access)

o CyberArk SIA (Secure Infrastructure Access)

o EPM (Endpoint Privilege Manager)

o Secrets Manager and vault integrations

Lead integration of identity and security platforms including:

o SailPoint Identity Governance

o Okta Identity Platform

o Microsoft Entra ID (Azure AD)

o Microsoft Defender and Sentinel

Support deployment and integration of SSE technologies including:

o Zscaler Internet Access (ZIA/ZPA)

o Palo Alto Prisma Access

o Cisco Secure Access solutions

Security Engineering & Operations

Provide subject matter expertise in enterprise security technologies including:

o Firewalls and next-generation firewalls

o Intrusion Detection and Prevention Systems (IDS/IPS)

o Endpoint Detection and Response (EDR/XDR)

o Encryption and key management

o IAM and PAM controls

Support security incident response and forensic investigations where privileged access is involved.

Ensure security controls are correctly implemented, monitored, and continuously improved.

Cloud & Infrastructure Security

Design secure identity and access architectures across AWS, Microsoft Azure, and Google Cloud Platform.

Implement cloud-native security controls aligned with enterprise IAM and PAM strategies.

Ensure secure integration between cloud workloads and privileged access systems.

Advise on infrastructure security hardening and identity segmentation strategies.

Governance, Risk & Compliance

Ensure all security architecture aligns with recognised frameworks including:

o ISO 27001

o NIST Cybersecurity Framework (CSF)

o CIS Critical Security Controls

Provide input into security governance, risk assessments, and audit readiness activities.

Translate compliance requirements into practical security architecture controls.

Technical Skills & Experience

Candidates must demonstrate:

Extensive hands-on experience in CyberArk PAM architecture and deployment, including SaaS-based CyberArk solutions (SCA & SIA).

Strong understanding of identity and security architecture principles, including Zero Trust models.

Deep technical knowledge of:

o Secure Services Edge (SSE)

o Cloud identity and access management

o PKI and certificate lifecycle management

Proven experience integrating enterprise security platforms such as:

o CyberArk

o SailPoint

o Okta

o Microsoft Security Stack (Entra ID, Defender, Sentinel)

Strong background in enterprise security technologies:

o Firewalls (NGFW)

o IDS/IPS systems

o Endpoint security platforms

o Encryption technologies

o IAM and PAM controls

Demonstrable experience designing and operating security architectures in multi-cloud environments (AWS, Azure, GCP).

Strong understanding of security architecture patterns, segmentation models, and privileged access governance.

Frameworks & Standards Knowledge

ISO/IEC 27001 Information Security Management

NIST Cybersecurity Framework (CSF)

CIS Critical Security Controls

Zero Trust Architecture principles (NIST 800-207 preferred)

Certifications (Expected or Supported Development Path)

Candidates should hold or be working towards several of the following:

CyberArk Certified Delivery Engineer (CDE)

CyberArk Sentry/Guardian Certifications

CyberArk EPM/Secrets Manager Certifications

Zscaler Certified Architect (ZTCA)

Zscaler Certified Implementation Specialist (ZCIS)

ISC\xc2\xb2 Certified Information Systems Security Professional (CISSP)

Microsoft Certified: Azure Security Engineer Associate

Microsoft Identity and Access Administrator (Entra ID)

Key Attributes

Strong architectural thinking with the ability to operate at both strategic and technical depth

Proven ability to lead complex security transformation programmes

Strong stakeholder engagement skills across technical and executive levels

Ability to translate complex security concepts into business-aligned outcomes

Calm, structured approach to high-pressure security scenarios

Strong documentation and governance discipline

Desirable Experience

Large-scale enterprise PAM deployments across global environments

Regulated industry experience (financial services, defence, critical infrastructure, etc.)

Experience supporting security audits and regulatory assessments

Exposure to DevSecOps and secrets automation pipelines

This is an immediate requirement so if you feel you are interested, please submit your profile and details and get in touch for more information.

Costello & Reyes Group Ltd operate as a recruitment partner to its clients.