Our Deloitte Cyber team understands the unique challenges and opportunities businesses face in cybersecurity. Join our team to deliver powerful solutions to help our clients navigate the ever-changing threat landscape. Through powerful solutions and managed services that simplify complexity, we enable our clients to operate with resilience, grow with confidence, and proactively manage to secure success.

Recruiting for this role ends on 5/31/2026.

Work you'll do

As a Privileged Access Management (PAM) CyberArk solutions Senior Consultant, you will:

• Demonstrate advanced understanding of business processes, internal control risk management, IT controls, and related standards.
• Identify and evaluate complex business and technology risks, internal controls that mitigate risks, and related opportunities for internal control improvement.
• Understand complex business and information technology management processes; execute advanced services and supervise staff in delivering core services.
• Responsible for installing, integrating, and deploying CyberArk PAM capabilities across cloud and hybrid environments, including CyberArk Privilege Cloud and CyberArk Secure Infrastructure Access (SIA).
• Implement and administer CyberArk Endpoint Privilege Manager (EPM) for endpoint least privilege, application control, and privilege elevation use cases.
• Configure and operationalize CyberArk controls and analytics capabilities (e.g., PSM, PSMP, SWS, CPM, SRS and TDR) to support privileged access governance, monitoring, and risk reduction.
• Deploy CyberArk Secure Infrastructure Access (SIA) and Secure Cloud Access (SCA) to enable Just-In-Time privileged access (time-bound, approval-based, least-privilege), automate session brokering/auditing, and eliminate standing entitlements to reduce attack surface and lateral-movement risk.
• Lead and provide technical guidance to team members in PAM engagements; drive workplan execution, issue resolution, and quality of deliverables.
• Perform the role of Subject Matter Expert (SME) and train professionals in CyberArk technologies, implementation patterns, and operational best practices.
• Lead application onboarding using CyberArk Credential Provider (CP) and CyberArk Central Credential Provider (CCP), including requirements discovery, credential retrieval patterns, and secure integration approaches.
• Support identity lifecycle integration use cases, including SCIM-based integrations with CyberArk in support of IGA solutions (e.g., provisioning/deprovisioning, access governance alignment, and account lifecycle controls).
• Communicate to clients and partners aspects of both the product and the implementation at the technical and functional level appropriate for the situation.
• Post-sales requirements gathering, analysis, documentation, and solution design (HLD/LLD), including implementation runbooks and operational procedures.
• Build and nurture positive working relationships with clients with the intention to exceed client expectations.
• Contribute to proposal development and Request for Proposal (RFP) responses, pricing strategies, engagement letters, and Statements of Work.

The Team

Enables trust and safety of online communications and digital products, protecting users, consumers, and patients from harm. Enables clients to provide consumer confidence in knowing with whom they are dealing and ensuring the integrity of access to data.

Qualifications

Required :

• BA/BS Degree in Computer Science, Cyber Security, Information Security, Engineering, Information Technology, Finance, Business, or relevant fields.
• CyberArk Certified Delivery Engineer (CDE) certification or CyberArk Certified Delivery Engineer certification for Privilege Cloud (CDE-CPC)
• 6+ years of industry experience within IT in developing, implementing, or architecting information systems.
• Excellent knowledge of the PAM ecosystem (technology, standards, implementations, migration, and operations).
• Strong experience in administration, configuration, and troubleshooting across CyberArk capabilities including CyberArk Privilege Cloud, CyberArk EPM, and CyberArk Secure Infrastructure Access (SIA), CyberArk Secure Cloud Access (SCA)and familiarity with security capabilities such as Workforce Password Manager (WPM), Secure Web Access (SWS), Remote Access and Threat Detection and Response (TDR).
• At least 5+ years of experience in the following:
  • Experience with installation, integration, and deployment of CyberArk PAM solutions (cloud and/or on-prem/hybrid).
  • Experience with PAM operational tasks, including onboarding targets, managing safes, platforms, owners, access control, policies, user provisioning and entitlements, and managing and rotating application credentials.
  • Application onboarding and integration experience using CyberArk Credential Provider (CP) and CyberArk Central Credential Provider (CCP), including troubleshooting and production hardening.
  • SCIM integration experience with CyberArk for IGA solutions to enable identity lifecycle automation and access governance alignment.
  • Integrating various platforms with CyberArk, such as directory services (LDAP/AD), Windows and UNIX/Linux servers, databases, and network/security devices.
  • Responsible for privileged account administration and lifecycle management across Windows and UNIX/Linux environments leveraging CyberArk controls.
  • Identify opportunities and develop scripts to automate engineering and operational tasks leveraging REST APIs and automation tooling.
  • Test and certify new product versions, perform impact analysis, and provide detailed implementation and validation reports.
  • Experience providing continuous operations and maintenance support including patches, releases, upgrades, version updates, and remediation of security vulnerabilities.
  • Implement CyberArk Endpoint Privilege Manager (EPM), including agent deployment, policy creation, privilege elevation controls, policy tuning, and endpoint support.
• Scripting/automation experience in PowerShell and RESTful APIs (additional tools such as AutoIT and PACLI are a plus).
• Experience interpreting and analyzing corporate security standards and baselines, along with developing cybersecurity policies and procedures.
• Experience designing technical architecture, use cases, and conceptual/logical flows for PAM solutions (including endpoint privilege and cloud PAM patterns).
• Develop and document standard operating procedures, system architectures, and configuration guidelines.
• Understanding and familiarity with Operating Systems (Unix, Linux, Windows).
• Ability to travel 25-50%, on average, based on the work you do and the clients and industries/sectors you serve.
• Limited immigration sponsorship may be available.

Preferred :

• Previous consulting or Big 4 experience preferred.
• Additional CyberArk certifications (e.g., CyberArk Certified Delivery Engineer (CDE) - EPM).
• Broad knowledge of information system technologies with a willingness to learn new technologies.
• CISSP certification a plus.

The wage range for this role takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled. At Deloitte, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is $102,500 to $188,900.

You may also be eligible to participate in a discretionary annual incentive program, subject to the rules governing the program, whereby an award, if any, depends on various factors, including, without limitation, individual and organizational performance.