Staff CyberArk PAM Engineer (IAM/Security)

Company Description

It all started in sunny San Diego, California in 2004 when a visionary engineer, Fred Luddy, saw the potential to transform how we work. Fast forward to today — ServiceNow stands as a global market leader, bringing innovative AI-enhanced technology to over 8,100 customers, including 85% of the Fortune 500®. Our intelligent cloud-based platform seamlessly connects people, systems, and processes to empower organizations to find smarter, faster, and better ways to work. But this is just the beginning of our journey. Join us as we pursue our purpose to make the world work better for everyone.

Job Description

We are seeking a highly skilled and experienced Senior CyberArk PAM Engineer to serve as an engineering lead for the design, architecture, and implementation of our CyberArk Privileged Access Management (PAM) solution. This critical role will drive our corporate configuration efforts, ensuring the PAM platform aligns with our Zero Trust principles, multi-cloud strategy (AWS, Azure, GCP, private cloud), and deep integration with ServiceNow as the primary gateway for all privileged access. This individual will be instrumental in fortifying our cybersecurity posture and significantly reducing organizational risk.

Key Responsibilities:

• PAM Component Design & Architecture: Lead the end-to-end technical design and architecture of the CyberArk PAM solution, including Privilege Cloud, Secure Cloud Access (SCA), and its integration points within our complex multi-cloud and hybrid environments.
• PAM Policy Definition: Develop, implement, and continuously refine granular PAM policies, including the Master Policy, for Zero Standing Privileges (ZSP) and dynamic, risk-based Just-in-Time (JIT) access for all human and machine identities. This includes establishing specific policies for Windows Servers, Linux Servers, macOS/Endpoints (via EPM), and cloud platforms.
• PAM Connector Deployment & Management: Design, deploy, configure, and secure all customer-hosted CyberArk connector servers (Windows and Linux) across our on-premises and multi-cloud environments, ensuring robust connectivity and performance.
• Application Integrations (Lead): Lead the technical design and initial setup of all critical CyberArk integrations, with a strong emphasis on:
  • ServiceNow Integration: Configure CyberArk for seamless integration with ServiceNow MID Servers for secure credential retrieval by ServiceNow applications (Discovery, Orchestration) and for facilitating JIT access workflows initiated from ServiceNow.
  • Secrets Hub Integration: Ensure proper integration with CyberArk Secrets Hub for centralized management of application secrets.
• SIEM (Splunk) Integration: Design and implement the integration of CyberArk security events and audit data with our Splunk SIEM for centralized monitoring, correlation, and enhanced threat detection.
• Service Health & Monitoring Development: Develop and implement comprehensive service health and monitoring solutions for the CyberArk platform and its connectors, integrating alerts and metrics into ServiceNow's ITSM and SecOps modules for centralized visibility and automated incident creation.
• End-User / Admin Workflow Development: Lead the design and development of ServiceNow-driven privileged access workflows, ensuring they are intuitive, efficient, and align with our security objectives.
• Audit & Compliance Configuration: Configure CyberArk's unified audit capabilities, session recording, and reporting to meet stringent audit and regulatory requirements, ensuring data is accessible and correlated within ServiceNow for streamlined compliance reporting.
• AI Integration: Explore and integrate CyberArk CORA AI features for AI-driven policy recommendations and enhanced security intelligence.

Qualifications

To be successful in this role you have:

• Experience in leveraging or critically thinking about how to integrate AI into work processes, decision-making, or problem-solving. This may include using AI-powered tools, automating workflows, analyzing AI-driven insights, or exploring AI's potential impact on the function or industry.
• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related engineering discipline.
• 8+ years of progressive experience in Identity and Access Management (IAM) and cybersecurity, with at least 4-5 years of hands-on experience specifically with CyberArk PAM solutions (Privilege Cloud, PSM, CPM, EPM).
  Technical Skills:
  • Deep expertise in CyberArk PAM suite architecture, deployment, and administration.
  • Strong understanding of Zero Trust principles, Least Privilege, ZSP, and JIT access methodologies.
  • A passion for security
  • Proven experience with cloud platforms (AWS, Azure, GCP) and securing cloud identities/workloads.
  • Hands-on experience with ServiceNow integrations (ITSM, SecOps, CMDB, workflows, MID Servers).
  • Experience with SIEM integration (Splunk preferred) and security event correlation.
  • Familiarity with scripting (e.g., PowerShell, Python) for automation and API integrations.
  • Knowledge of Windows, Linux, and macOS operating systems for endpoint and server policy configuration.
  • Knowledge of ServiceNow platform development or ServiceNow studio would be beneficial
  • Ability to work collaboratively in a highly distributed team.
  • Ability to communicate technical concepts to business stakeholders.
  • A passion for security.
  • Ability to work in team-oriented environment where collaboration is encouraged and valued
  • Ability to demonstrate self-direction, self-learning, and independent problem solving
  • Ability to combine data and knowledge from various sources to determine the optimal approach for planning and execution
    
    Soft Skills:
    Excellent analytical, problem-solving, and communication skills. Ability to consult with various stakeholders, lead technical discussions, and mentor junior team members.

Additional Information

Work Personas

We approach our distributed world of work with flexibility and trust. Work personas (flexible, remote, or required in office) are categories that are assigned to ServiceNow employees depending on the nature of their work and their assigned work location. Learn more here. To determine eligibility for a work persona, ServiceNow may confirm the distance between your primary residence and the closest ServiceNow office using a third-party service.

Equal Opportunity Employer

ServiceNow is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, creed, religion, sex, sexual orientation, national origin or nationality, ancestry, age, disability, gender identity or expression, marital status, veteran status, or any other category protected by law. In addition, all qualified applicants with arrest or conviction records will be considered for employment in accordance with legal requirements. 

Accommodations

We strive to create an accessible and inclusive experience for all candidates. If you require a reasonable accommodation to complete any part of the application process, or are unable to use this online application and need an alternative method to apply, please contact globaltalentss@servicenow.com for assistance. 

Export Control Regulations

For positions requiring access to controlled technology subject to export control regulations, including the U.S. Export Administration Regulations (EAR), ServiceNow may be required to obtain export control approval from government authorities for certain individuals. All employment is contingent upon ServiceNow obtaining any export license or other approval that may be required by relevant export control authorities. 

From Fortune. ©2025 Fortune Media IP Limited. All rights reserved. Used under license.