PAM Architect with CyberArk

The world of global advisory, audit and tax compliance services for large multi-nationals is rapidly changing and heavily dependent on technology.    

The KPMG Delivery Network (KDN) is a KPMG special purpose member firm offering a way for clients to leverage KPMG top talent and technology platforms through regional teams of specialists, enabling economies of scale and a new way of working that expands beyond local capability

Together with KDN, KPMG member firms can drive the sales and delivery of global solutions at a competitive price and in a repeatable and consistent manner. As a member of KDN, you’ll be a part of the KPMG family working alongside some of our profession’s most skilled practitioners on rewarding programs and initiatives that are changing the way business operates, delivering value to our clients, and driving positive change in the communities we serve.

You’ll be enabling KDN accelerate new ways of working, using cutting-edge technology and working together with our member firms located in nearly 150 countries to help us achieve our ambition to be the most trusted and trustworthy professional services firm. 

And through your work, you’ll build a global network and unlock opportunities that you may not have thought possible with access to great support, vast resources, and an inclusive, supportive environment to help you reach your full potential.

Our KDN Bulgaria Cloud Services unit is focused on designing, building, securing and managing cloud native & hybrid platforms for the KPMG group of member firms, as well as providing cloud advisory and engineering services to external clients.

The PAM Architect with strong hands-on expertise in CyberArk is responsible for designing and operating privileged access controls across enterprise environments. The role emphasizes automation-first delivery using Python, PowerShell, and Bash, deep knowledge of Windows and Linux administration, and the ability to extend privileged access governance into Azure and hybrid architectures while improving security posture, audit readiness, and operational efficiency.

• →Design, implement, and own enterprise Privileged Access Management (PAM) architecture and operations centered on CyberArk, delivering secure, scalable controls for human and non-human privileged identities across cloud, hybrid, and on-prem environments.
• →Advise Security Architecture, IAM, Platform Engineering, and Infrastructure teams on privileged access design patterns, onboarding strategy, and risk reduction—translating policy and compliance requirements into enforceable technical controls.
• →Lead hands-on deployment and configuration of core CyberArk capabilities (e.g., vaulting, session management, credential rotation, onboarding/offboarding workflows, and privileged access governance), ensuring high availability, resilience, and operational readiness.
• →Engineer automated onboarding and lifecycle management for privileged accounts, safes, platforms, and policies using PowerShell, Python, and Bash—building reusable modules and pipelines that standardize provisioning, reduce manual effort, and improve control consistency.
• →Integrate CyberArk with identity providers and enterprise access systems (SSO/MFA/conditional access, directory services), and design robust authentication, authorization, and approval workflows for privileged sessions and credential retrieval.
• →Enable secure machine-to-machine access by implementing patterns for application identities, service accounts, APIs, keys, certificates, and secrets, including rotation, least privilege, and auditability across Windows and Linux workloads.
• →Drive adoption of privileged session controls and monitoring—implementing session recording, command/control policies (where applicable), and evidence retention to support incident response, forensics, and regulatory audits.
• →Partner with cloud and Azure engineering teams to extend PAM controls into Azure (subscriptions, resources, automation accounts, DevOps pipelines, and cloud-native identities), ensuring privileged access is governed consistently across cloud and on-prem.
• →Define and maintain PAM standards, reference architectures, hardening baselines, and operational runbooks—covering safe design, platform configurations, credential types, rotation schedules, break-glass procedures, and emergency access.
• →Troubleshoot complex integration and operational issues across CyberArk components, directories, endpoints, and network dependencies—providing deep technical support and root-cause analysis to maintain service reliability and performance.
• →Establish metrics and continuous improvement practices for PAM effectiveness (onboarding coverage, rotation compliance, session governance, access review outcomes), driving measurable reduction in privileged risk and improved audit posture.
• →Provide technical leadership to engineers and stakeholders through workshops, enablement sessions, and hands-on guidance—accelerating onboarding of new systems, improving operational maturity, and ensuring secure-by-design delivery.

• →The chance to work in a top talent team
• →Attractive remuneration
• →Build knowledge in cutting-edge technologies
• →Opportunity for continuous training, learning and certification
• →Experience in an international and multicultural organization
• →Work on challenging projects with clients in various industries around the globe
• →Modern office environment
• →Additional health insurance
• →Life insurance
• →50+ benefits and services to choose from
• →Hybrid working policy